India's banking on the bank.in domain cleaning up its financial services sector India’s Reserve Bank last week announced a plan to use adopt dedicated second-level domains – bank.in and fin.in – in the hope it improves trust in the financial services sector. The plan was announced in a policy update [PDF] that notes “significant concern” regarding increased instances of digital payment fraud in India. “ …
I am sure that we all seen the videos of those Indian Scammer call centers. I am quite certain that changing the domain will simply provide the scammers with a new guise.
"Hello, this is your bank calling, due to the recent changes in the domain system we need to connect to your computer to update your software.". Etc, etc
We have had .ac.uk and .edu and similar things for universities in many other countries since the beginning of the Internet.
Why hasn't this been extended to other sectors that have national regulators, banks for a start?
Instead companies (especially banks) create a proliferation of .com addresses so no-one has any idea which ones are genuine and which are scams.
If the hierarchical domain name system had been propertly designed from the start and people were educated in how the name hierarchy relates to legal management, a lot of the scams could have been eliminated.
Hardly anyone knows how to read a domain name so putting everything under bank.in will also be an exercise in futility. JANET ordering (in.bank.etc) would have been much easier for the user to understand.
Why hasn't this been extended to other sectors that have national regulators, banks for a start?
Because it's impractical and doesn't scale.
There are around 2000 TLDs - with more on the way (sigh). The sectors that may or may not be regulated vary by jurisdiction. How they're regulated in each jurisdiction is different too. For instance there's a huge gulf between banking regulations in Europe and those in some banana republic.
Then there are language issues. Taking India as an example, bank.in is all very well. But it does nothing for the Bengali, Hindi, Punjabi, etc equivalents of "bank". Or the people who speak those languages and don't know they're now supposed to use bank.in to find an online bank. [I know English is the de facto official language in India.]
The next question is who gets to choose which of these specially regulated second-level names get "protected" in gTLDs like .com and .info that are global in scope. Which jurisdiction's regulation applies? Does bank (say) get this status for all known languages?
If the hierarchical domain name system had been propertly designed from the start and people were educated in how the name hierarchy relates to legal management, a lot of the scams could have been eliminated.
That's as stupidly naive as saying world poverty can be solved by giving everyone enough money. For starters, when was the last time any of us seen or typed a domain name?
I don't know what you think "how the name hierarchy relates to legal management" actually means. A .uk domain name doesn't necessarily mean it's held by an entity based in the UK. co.uk domain names don't *have* to be held by commercial entities, org.uk isn't just for non-profits, etc.
PS: the hierachical domain name system has been properly designed. If it wasn't, it would have been replaced with something better a long time ago.
Then there are language issues. Taking India as an example, bank.in is all very well. But it does nothing for the Bengali, Hindi, Punjabi, etc equivalents of "bank". Or the people who speak those languages and don't know they're now supposed to use bank.in to find an online bank. [I know English is the de facto official language in India.
Solved by a co-ordinated campaign, on all Indian banks' own websites highlighting bank.in right at the top of the page?
The next question is who gets to choose which of these specially regulated second-level names get "protected" in gTLDs like .com and .info that are global in scope. Which jurisdiction's regulation applies? Does bank (say) get this status for all known languages?
I think global TLDs are a lost cause, probably because they're US managed and "this-is-really-your-bank-honest.com" is freeze peach, that doesn't mean that rules can't be applied to country TLDs.
That's as stupidly naive as saying world poverty can be solved by giving everyone enough money. For starters, when was the last time any of us seen or typed a domain name?
I started typing theregister.com about 10 minutes ago and the browser autocompleted it for me.
I don't know what you think "how the name hierarchy relates to legal management" actually means. A .uk domain name doesn't necessarily mean it's held by an entity based in the UK. co.uk domain names don't *have* to be held by commercial entities, org.uk isn't just for non-profits, etc.
No, but that's because those conditions aren't enforced by the domain registrar. On the other hand there is .ac.uk which does have conditions attached.
Ignoring most of your offensive post, I just point out that I said "national regulators".
For example, one for Indian banks (bank.in), another for British ones (bank.uk), another for British solicitors and barristers (law.uk) and so on. The proliferation of non-national TLDs is irrelevant.
Keeping the second level domain short (eg not "solicitors-and-barristers.uk") would help to avoid impersonation.
"Instead companies (especially banks) create a proliferation of .com addresses so no-one has any idea which ones are genuine and which are scams".
Case in point in UK: logging in to halifax.co.uk moves to halifax-online.co.uk - just the sort of domain trick a scammer would use.
Why not online.halifax.co.uk or halifax.co.uk/online ?
Maybe marketroids got involved ...
You don't need a lot of separate ones, just one like "verified.uk" that the government has vetted, the people in charge have to be known so they can be held accountable, can be shut down immediately if they don't follow the law etc.
Then someone will register "verilied.uk" or "verifed.uk" and a lot of people who don't look too closely would be fooled by it. And that's not even getting into the insanity that UTF-8 domains permit. Maybe countries like the UK or US bar any non-ASCII characters from their domains, I'm not sure.
Same problem with shorter ones, you'd see "bark.uk" or "bamk.uk" instead of "bank.uk". Maybe a single letter domain for verified status like "x.uk" would do the trick. I was gonna say "c" for certified but uh.... That would have the advantage that you could ban any single character domains from being registered under .uk (unless you already have) making it even harder to fool.
And it does two useful things: it means that customers can have more confidence that the website is actually that of a regulated bank ... ... and also means that the authorities are on the hook - at least to some extent - if a scam/fraudulent website manages to get itself a site under bank.in.
Most people have no idea what URL is. Most people I know seem intentionally ignore the address bar - rather relying on visual clues or Google to find their bank.
Instead "bank.in" should be the default hub redirecting to final bank destinations. Indian users would only need to remember "bank.in" for all their visits. Or type "bank" in Google, which would show the domain first by law.
Top banks would have their colorful icons on the landing page. And users could personalize the page to show their banks first. Or type their bank name in the search bar of the site.
The job of the bank.in would be to whitelist final URLs of the banks. Or banks would have to register there.
To help anti-malware software the big white list should be publicly available from the same domain. For example at URL: bank.in/whitelist.
This could be done for most countries: bank.us, bank.de, bank.fr etc. Maybe a separate domain for gov organizations as well.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
