Introduction
On 07.02.2025, the Reserve Bank of India (‘RBI’) introduced[i] two exclusive internet domain extensions: .bank.in and .fin.in. These domain extensions were introduced for banks (.bank.in) and, in the future, for NBFCs (.fin.in) to address the growing threat of financial fraud.
Rise in Financial Fraud Cases
As of September 2024, India recorded approximately 650,000 cases of UPI-related fraud, resulting in losses of Rs.485 crores, according to the Ministry of Finance. Efforts have been made by multiple agencies/government departments, including the Indian Cyber Crime Coordination Centre, Ministry of Home Affairs, etc., to curb the instances of such fraud by blocking multiple Skype and WhatsApp IDs and several mobile numbers.
As per RBI data, financial fraud cases increased by 27% year-on-year, reaching 18,461 cases in the first half of the current fiscal year, with reported losses escalating from Rs.2,623 crores in the previous period to Rs.21,367 crores[ii].
The Rationale Behind the Change
This initiative will help distinguish genuine banking websites from fraudulent ones. Exclusive domain names like .bank.in and .fin.in will assist financial institutions in establishing a recognizable and verifiable online presence, making it harder for hackers to trick people into believing in phoney websites. This measure enhances customer confidence and strengthens online security, enabling consumers to identify legitimate banking sites and avoid fraudulent schemes.
For the new .bank.in domain, the Institute for Development and Research in Banking Technology (IDRBT) has been appointed as the exclusive registrar. Banks can register for the .bank.in domain from April 2025. It is predicted that comprehensive implementation guidelines, which will include comprehensive instructions and requirements for financial institutions to adopt the new domain, will be provided soon by RBI. The RBI has not yet provided a timeline for NBFCs to transition to .fin.in, as the initiative currently prioritizes banks.
Additional Security Protocols
To enhance cybersecurity, RBI has introduced an Additional Factor of Authentication (‘AFA’) for domestic digital payments. In addition to the user's login information, AFA requires an additional verification step, like biometric authentication or a one-time password (OTP). This lowers the risk of fraud by ensuring that illegal transactions cannot take place even if login credentials are compromised. RBI plans to extend AFA requirements to offshore merchants for international digital payments. This addition seeks to reduce fraudulent activity by standardizing security protocols for domestic and foreign transactions.
To combat cyber threats, RBI mandates banks and NBFCs to enhance their cybersecurity frameworks, including real-time monitoring, encryption, and stronger detective controls. Additionally, RBI has emphasized the need for robust incident response and recovery mechanisms to ensure swift action in case of cyber incidents. To safeguard business continuity amid disruptions, financial institutions must strengthen operational resilience.
Conclusion
RBI’s initiative is a proactive response to the surge in digital and financial fraud, which poses both a public threat and a national security risk. Assigning exclusive domains to banks and financial institutions will help consumers differentiate between authentic and fraudulent websites, reducing the likelihood of phishing attacks.
However, to maximize effectiveness, this initiative must be supplemented by public awareness campaigns to educate consumers about emerging threats and the measures taken by the state to counter them. RBI’s domain security initiative, coupled with enhanced cybersecurity protocols, underscores its proactive stance against digital fraud. It is likely that similar regulatory measures will be introduced in the future to strengthen financial security further.
End Notes
[i] Press Release: 2024-2025/2095 dated 07.02.2025.
Authored by Mohd Noumaan at Metalegal Advocates. The views expressed are personal and do not constitute legal opinions.