The Reserve Bank of India (RBI) has unveiled a comprehensive set of security initiatives for 2024 aimed at strengthening the digital banking and payments ecosystem in India. The measures build upon the RBI’s previous digital fraud prevention efforts, which included the implementation of dedicated phone number series for banking communications.
A key component of the initiative is the introduction of exclusive internet domains for Indian banks. The RBI plans to implement a ‘bank.in’ domain, which will be followed by a ‘fin.in’ domain for the broader financial sector. “An exclusive domain will help reduce banking fraud risks, followed by the introduction of the ‘fin.in’ domain for the financial sector,” said RBI Governor Sanjay Malhotra. The new domain system supports India’s broader efforts to strengthen its cyber fraud prevention infrastructure.
The central bank has also introduced an Additional Factor of Authentication (AFA) requirement for cross-border “Card Not Present” (CNP) transactions. Under the new protocol, Indian cardholders making online purchases from international merchants will need to verify transactions through either OTP authentication sent to their registered mobile numbers or biometric verification. The enhancement extends India’s growing implementation of multi-factor authentication across various financial services.
The authentication requirement extends existing domestic security standards to international transactions. “This will bring international digital transactions made using Indian-issued cards under the same security standards that have been applied to domestic transactions,” Malhotra explained. The enhancement comes as India continues to strengthen its digital payment security framework, particularly in response to increasing sophisticated cyber threats such as the recent FatBoyPanel malware campaign targeting Indian bank users.
The mandatory AFA implementation will provide enhanced security for international digital payments when overseas merchants are equipped to support the authentication process. The RBI has indicated that a draft circular detailing these requirements will be released for stakeholder feedback.
Beyond these specific measures, the RBI has directed banks and non-banking financial companies (NBFCs) to strengthen their cybersecurity infrastructure. “Banks and NBFCs must continuously improve preventive and detective controls to mitigate cyber risks,” said Governor Malhotra. “They must develop robust incident response and recovery mechanisms, reinforced through periodic testing, for operational resilience.”
The initiatives represent a systematic approach to securing India’s digital financial infrastructure, encompassing both technological and procedural safeguards across domestic and international transactions. The measures complement India’s broader digital security ecosystem, which includes the recently launched Sanchar Saathi mobile app for combating telecom fraud.
Sources: The Economic Times, Hindustan Times, Inc42,
Follow Us