India's banking on the bank.in domain cleaning up its financial services sector
With over 2,000 banks in operation, a domain only they can use has potential to make life harder for fraudsters
India’s Reserve Bank last week announced a plan to use adopt dedicated second-level domains – bank.in and fin.in – in the hope it improves trust in the financial services sector.
The plan was announced in a policy update [PDF] that notes “significant concern” regarding increased instances of digital payment fraud in India.
“This initiative aims to reduce cyber security threats and malicious activities like phishing; and streamline secure financial services,” the Reserve Bank stated.
India is home to 12 state banks, 21 private banks, 43 regional rural banks, over 300 co-operative banks, and a further 1,800-plus 1,851 Agriculture and Rural Development Banks (ARDBs).
That proliferation of institutions clearly creates an environment in which phishers and scammers fraudsters can invent banks or create fake bank websites in the hope of luring victims to cough up credentials or other info.
Moving all banks to bank.in could therefore make life harder for crooks by setting the expectation that only legitimate banks can get a bank.in domain.
India is also home to almost 100,000 Primary Agriculture Cooperative Credit Societies(PACS), which are small lenders that operate at village level. Few are currently online, but India is aggressively digitizing government services and encouraging financial services providers to do likewise.
The planed fin.in domain will therefore be a handy destination for both credit societies and the many financial services upstarts emerging in India.
- First all-Indian chips to debut this year, 25 more local designs in the works
- India becomes just fourth country to dock satellites in orbit
- Indian police demand Starlink identify alleged drug smugglers
- Binance accused of tax evasion by India's finance department
Registration for bank.in sites will commence in April, and India’s Institute for Development and Research in Banking’ Technology (IDRBT) will be sole registrar. The institute is a nonprofit, which matters as sometimes specialized second level domains are created in the hope that brands will sign up for a name solely to avoid squatters and miscreants having the chance to use their names. The registrars make some money, businesses get some peace of mind, and admins get asked to ensure these domains redirect somewhere useful.
The reserve bank also decided that it would require two factor authentication for cross-border card-not-present transactions, which should also help to address some fraud.
India plans enormous investment in infrastructure for its financial services sector. A single ERP system is under construction to serve the PACS industry, and work on a common platform for over 1,800 ARDBs has also commenced.
India’s government also plans a cloud for financial institutions.
The Register tracks the Reserve Bank of India’s news feed and can report that the central bank issues a handful of fines every week to punish banks that fail to run proper Know Your Customer processes. We’ve also covered Indian banks that operated without basic infosec tools and had lax patching practices and poor user access management processes.
Government-run platforms may help such banks to improve their infosec, and these domains might clean things up too. ®