Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
The Internet Security

India To Launch New Domain Name For Banks To Fight Digital Fraud (techcrunch.com) 6

Posted by msmash from the new-ideas dept.
An anonymous reader shares a report: India's central bank is introducing an exclusive ".bank.in" domain for banks from April 2025 as part of efforts to combat rising digital payment frauds and bolster trust in online banking services.

[...] The central bank plans to roll out a separate 'fin.in' domain for non-bank financial institutions. "Increased instances of fraud in digital payments are a significant concern," said RBI Governor Sanjay Malhotra, adding that the new domain system aims to reduce cyber security threats and malicious activities like phishing.

India To Launch New Domain Name For Banks To Fight Digital Fraud More | Reply

India To Launch New Domain Name For Banks To Fight Digital Fraud

Comments Filter:

  • Trust us (Score:3)

    by bryanandaimee ( 2454338 ) on Friday February 07, 2025 @02:41PM (#65150485) Homepage
    So now you just need to spoof the .bank domain and everyone will immediately trust you!

    • Re: (Score:1)

      by Tablizer ( 95088 )

      It is one more hurdle hackers need to go through to pull off bank scams. It will thus reduce some scams, but the question remains: will over-trusting the new domain cause more problems than it solves.

  • I really hope they enforce DNSSec on this domain...

  • (a) Won't work (b) Will make things worse (Score:4, Informative)

    by Arrogant-Bastard ( 141720 ) on Friday February 07, 2025 @03:29PM (#65150623)
    (a) It won't work because -- thanks to web browsers, mail clients, and other software packages that obfuscate URLs and domain names -- an increasing number of users will never see the FQDN. (And even if they did, most of them wouldn't know what it is or why it's special or anything else. For example, a rather large fraction of the population here doesn't know the different between us.com and .us.

    (b) It'll make things worse because now forgers can leverage it to craft near-lookalike domains that will fool a lot of people who will be looking for the string bank.in. How about bank.in.lol or bankin.fun or bank-in.xyz or any of the myriad variants available using the thousand-plus designed-for-abuse TLDs that ICANN foisted on the world? I'm willing to bet that right now, as I'm typing this, there are mass registrations of similar names happening in those TLDs by scammers who are trying to get there first -- and probably will.

    • Re: (Score:2)

      by kqs ( 1038910 )

      None of that matters, since few people access their bank via URL.

      My understanding is that folks in India mostly use cash transfer apps. If those apps start to require this, then at some point all banks will have to have entries in the new domain. And if India requires DNSSEC in that subdomain and only allows verified banks, then that's a notable security improvement. It's not perfect; nothing is. But security folks all know that security never comes from "the one magic change to rule them all"; it's a b

Slashdot Top Deals

Asynchronous inputs are at the root of our race problems. -- D. Winker and F. Prosser

Close