India’s largest banks have moved swiftly to adopt a new, government-mandated digital identity, retiring decades-old web domains in favor of a single, secured address. Now, regulators are preparing to push the rest of the financial sector into a similar transformation—one they say is necessary to contain fraud in an era of rapidly expanding digital payments.
A Nationwide Digital Shift Takes Shape
When the Reserve Bank of India issued its April 2025 circular ordering banks to migrate their online presence to the newly created “.bank.in” domain, many institutions quietly braced for a long, complex process. Instead, the transition accelerated. By late October the official deadline most major banks had already abandoned their legacy URLs, marking one of the most sweeping digital identity overhauls in India’s financial history.
Public-sector institutions led the way. State Bank of India, Punjab National Bank, Bank of Baroda and more than a dozen others completed the shift months before the deadline. Their private-sector counterparts followed in quick succession: HDFC Bank, ICICI Bank, Axis Bank, Kotak Mahindra Bank, and IndusInd Bank were among the earliest movers. Cooperative lenders and regional players soon joined, rounding out a roster that included Karnataka Bank, Karur Vysya Bank, South Indian Bank and AU Small Finance Bank.
Foreign banks were not exempt. DBS Bank India, Standard Chartered Bank and HSBC India all adopted the domain, aligning themselves with what regulators framed as an unavoidable new layer in the country’s cybersecurity infrastructure.
Regulators Cite Fraud Prevention—and Public Confidence
The directive grew from concerns that India’s digital payments boom had also made room for increasingly sophisticated online scams. In speeches this year, RBI Governor Sanjay Malhotra warned that the proliferation of look-alike bank websites and phishing schemes was eroding public trust.
“The initiative,” he said at the February Monetary Policy Committee meeting, “will help avoid banking frauds” and strengthen a fragmented cybersecurity environment that has struggled to keep pace with consumer adoption of UPI, mobile banking, and instant online lending.
The April circular formalized the shift. It instructed commercial banks and cooperative banks alike to reconfigure their web infrastructure to meet the “exclusive” standard required for the new domain. Behind the scenes, the government tapped the Institute for Development and Research in Banking Technology (IDRBT) as the registrar, placing the responsibility under the oversight of the National Internet Exchange of India (NIXI) and the Ministry of Electronics and Information Technology.
To regulators, the domain was not just a label—it was a guarantee. A “.bank.in” site, they argued, would give customers a definitive way to confirm the authenticity of the institution they were dealing with.
Who Has Already Made the Jump
The speed of the migration surprised even some within the industry. Small Finance Banks often seen as digital adopters but slower to implement heavy infrastructure changes moved quickly. Jana SFB, Ujjivan SFB, Capital SFB, Equitas SFB, ESAF SFB, North East–turned–Slice SFB, Suryoday SFB, Unity SFB, Utkarsh SFB and Shivalik SFB all completed their transitions as part of broader security upgrades.
As the deadline approached, institutions that once prided themselves on legacy systems began accelerating their technical rewiring. Some banks used the shift to overhaul outdated platforms; others saw it as an opportunity to unify disparate regional sites into a single, standardized architecture. Privately, several banking executives described the migration as “costly but overdue,” noting the sharp rise in fraud complaints over the past three years and the reputational damage such incidents create.
The Next Frontier: Extending the System Beyond Banks
With the banking sector largely in compliance, regulators now appear focused on a broader goal: expanding the domain-based trust framework across the financial ecosystem. The next phase will introduce a new extension—“.fin.in”—designed for non-bank financial companies (NBFCs), fintechs and other regulated entities.
Officials have said little publicly about the timeline, but internal guidance suggests the rollout will mirror the banking sector’s transition, with expectations of early voluntary adoption followed by a formal directive.
The move comes as NBFCs and digital lenders occupy an increasingly central position in India’s credit landscape, especially for small and first-time borrowers. Fintechs, too, have become critical intermediaries for payments, compliance and onboarding—making them attractive targets for fraudsters deploying fake apps, spoofed websites and unauthorized login portals.
Extending secure digital identity infrastructure to these companies, policymakers argue, is the logical next step in standardizing trust across a sector that has outgrown its original regulatory boundaries.
