India To Launch New Domain Name For Banks To Fight Digital Fraud

An anonymous reader shares a report: India's central bank is introducing an exclusive ".bank.in" domain for banks from April 2025 as part of efforts to combat rising digital payment frauds and bolster trust in online banking services.

[...] The central bank plans to roll out a separate 'fin.in' domain for non-bank financial institutions. "Increased instances of fraud in digital payments are a significant concern," said RBI Governor Sanjay Malhotra, adding that the new domain system aims to reduce cyber security threats and malicious activities like phishing.

Trust us

[bryanandaimee]

So now you just need to spoof the .bank domain and everyone will immediately trust you!

Re:

[Tablizer]

It is one more hurdle hackers need to go through to pull off bank scams. It will thus reduce some scams, but the question remains: will over-trusting the new domain cause more problems than it solves.

Domain

[Bert64]

I really hope they enforce DNSSec on this domain...

(a) Won't work (b) Will make things worse

[Arrogant-Bastard]

(a) It won't work because -- thanks to web browsers, mail clients, and other software packages that obfuscate URLs and domain names -- an increasing number of users will never see the FQDN. (And even if they did, most of them wouldn't know what it is or why it's special or anything else. For example, a rather large fraction of the population here doesn't know the different between us.com and .us.

(b) It'll make things worse because now forgers can leverage it to craft near-lookalike domains that will fool a lot of people who will be looking for the string bank.in. How about bank.in.lol or bankin.fun or bank-in.xyz or any of the myriad variants available using the thousand-plus designed-for-abuse TLDs that ICANN foisted on the world? I'm willing to bet that right now, as I'm typing this, there are mass registrations of similar names happening in those TLDs by scammers who are trying to get there first -- and probably will.