By Ramki Gaddipati, CEO-APAC and Global CTO, Zeta
Indian financial institutions face 44% more cyberattacks than the global average -3,291 weekly attacks per institution versus 1,847 globally. This stark reality positions India at the frontline of digital financial security challenges. As UPI transactions exceed 18 billion monthly, the Reserve Bank of India recognises that conventional security measures can no longer withstand sophisticated threats targeting our digital ecosystem.
The recent introduction of the .bank.in domain represents just one visible element of a comprehensive security revolution that deserves global attention. Having partnered with leading banks across markets, I’ve observed security strategies evolve over decades. The RBI’s approach stands out for its architectural vision– it isn’t implementing isolated technical fixes but orchestrating three fundamental shifts that will address security challenges plaguing India’s digital banking environment.
Building a collaborative security network for India
First, the shift from siloed security to collaborative defence networks. Financial institutions have traditionally built fortress-like defences, sharing minimal threat intelligence. The RBI is now creating interconnected security frameworks where intelligence flows seamlessly between institutions, establishing collective immunity against emerging threats.
Developing preventive security for India’s scale
Second, the pivot from reactive to preventive security architecture. Rather than focusing predominantly on incident response, the RBI is embedding prevention into the fabric of India’s digital finance infrastructure. The .bank.in domain, MuleHunter.ai, and Mobile Number Revocation List (MNRL) form a prevention ecosystem identifying threats before they materialise.
For example, MuleHunter.ai functions as an infrastructure level solution aggregating data from participating banks and payment system operators, significantly reducing false positives and accelerating response to suspicious accounts. Similarly, banks have been mandated to use and monitor the MNRL, hosted on the Digital Intelligence Platform (DIP) launched by the Department of Telecommunications (DoT), to prevent the increasing misuse of recycled and revoked mobile numbers in financial frauds.
Evolving authentication for Indian consumers
Third, the evolution from static to behavioural authentication. One-time passwords and static credentials increasingly fall prey to sophisticated social engineering. The RBI’s push toward principle-based and behavioural authentication represents the future of digital identity verification – one where authentication becomes continuous and contextual rather than a one-time gateway.
Leading Through Pre-emptive Regulation
These shifts transcend regulatory innovation. As digital finance grows increasingly borderless, India’s regulatory foresight creates a security framework balancing innovation with protection at unprecedented scale.
While many global regulators remain reactive, the RBI has implemented a multi-layered strategy that includes stricter KYC norms, 24×7 incident reporting mechanisms, and collaborative security audits. This approach resembles an immune system rather than a firewall – learning, adapting, and strengthening continuously.
Also, RBI’s anti-fraud measures have been designed to work seamlessly with India’s existing digital public infrastructure. This creates a complementary trusted digital identity layer for financial institutions, while enabling these security innovations to operate invisibly to end users. It thus, enhances protection without compromising experience.
Accelerating Technology Investment in Indian Banking
The RBI’s security framework is catalysing how Indian banks allocate technology resources. Historically, Indian financial institutions have underinvested in technology infrastructure, typically allocating 6-8% of their operating expenditure compared to the global average of 10-12%. This gap is now closing rapidly.
Our conversations with banking leaders reveal a significant realignment of priorities. Institutions are increasing technology investments to meet global standards, with five key areas receiving unprecedented focus:
- Core systems modernisation to enable real-time fraud detection
- Advanced analytics platforms for identifying suspicious patterns
- Enhanced customer verification infrastructure
- Data protection frameworks compliant with emerging regulations
- Shift to zero trust compliant architecture to enhance cybersecurity
All these measures will reinforce trust in banks as a competitive advantage.
Ecosystem Participation Imperatives
RBI’s approach makes fraud prevention a shared responsibility. Banks must integrate with unified fraud detection infrastructure by sharing threat intelligence and suspicious patterns in real-time.
Banks must also adopt standardised security protocols, creating consistency in how the sector responds to threats. This standardisation is particularly crucial for customer education, establishing consistent security experiences regardless of which financial services they use.
For technology providers serving global financial institutions, the RBI’s approach demonstrates that security can no longer be an afterthought – it must be the foundation upon which all innovation is built.