In a major cybersecurity push, more than 400 banks across India have transitioned their official websites to the .bank.in domain in compliance with a Reserve Bank of India (RBI) mandate aimed at strengthening online safety and reducing phishing and fraud risks for digital banking users. This development was confirmed by Devesh Tyagi, CEO of the National Internet Exchange of India (NIXI).
RBI’s Mandate: What Banks Had to Do
The RBI had issued a directive requiring all regulated banks in India to migrate their official websites from generic domains such as .com and .co.in to the secure .bank.in domain by October 31, 2025. This new top-level domain (TLD) is exclusive to verified banking institutions, making it easier for customers to distinguish genuine bank websites from fraudulent or phishing sites that often mimic official portals to steal credentials or carry out financial fraud.
NIXI, authorised as the exclusive registrar for the .bank.in domain under the government’s internet governance framework, has helped facilitate the migration and ensure compliance with the RBI’s cybersecurity mandate.
Certified Cyber Crime Investigator Course Launched by Centre for Police Technology
Why the Switch to .bank.in Matters
The introduction of the .bank.in domain is seen as a key protective measure in India’s digital banking ecosystem:
- Security and Trust: Since only RBI-regulated banks can register .bank.in domains, this reduces the risk of customers falling for fake or spoofed online banking pages.
- Phishing Prevention: Phishing scams — where attackers create look-alike bank login pages to harvest user credentials — have been a persistent threat. A controlled domain space like .bank.in makes it harder for such fake sites to operate unnoticed.
- Public Confidence: With cybercrime and digital fraud rising alongside online banking adoption, a verified domain system enhances customer confidence in doing secure transactions online.
Experts say that a domain restricted to verified banks creates a trusted digital environment where users can more safely recognize legitimate banking portals before logging in or performing financial activities.
Compliance and Rollout Status
According to NIXI’s CEO Devesh Tyagi, all major banks — including large public and private sector institutions — have now completed the migration to .bank.in, meeting the RBI’s cybersecurity compliance deadline.
While some banks were initially late in updating their web addresses by the October 2025 deadline, the latest updates indicate that the vast majority have now switched over. The transition is expected to help customers better recognize real bank sites and avoid falling victim to online banking scams or fraudulent URLs.
Broader Context: Cybersecurity and Online Banking Safety
The RBI has been actively strengthening digital financial security amid increasing incidences of cyber fraud, phishing attacks and online account breaches. Alongside the .bank.in domain initiative, the central bank has introduced several measures in recent years to improve authentication, digital identity verification and consumer protection in digital banking and payments.
Under this domain policy, only RBI-regulated banks can use the .bank.in extension, which means fraudsters and unregulated entities will no longer be able to create convincing counterfeit banking sites under that extension — a move that is expected to significantly reduce certain categories of digital financial fraud.
India is also gearing up for the Internet Corporation for Assigned Names and Numbers (ICANN) generic top-level domain (gTLD) application round, where the country hopes to secure other domain extensions like .india and .bharat for broader use by Indian entities.
What Users Should Know
For everyday banking customers, the change means:
- When visiting a bank’s website, always check that it ends in .bank.in — this helps confirm you’re on a legitimate, RBI-regulated banking site.
- Be cautious of emails, links or SMS messages directing you to domains that differ from .bank.in, as these could be phishing attempts.
- Ensure your browser shows a secure connection (HTTPS) and the correct domain before entering banking credentials.
By aligning domain names with strict regulatory standards, the RBI aims to give customers greater confidence and protection in digital banking — an especially important goal as more financial activity moves online.
About the author – Rehan Khan is a law student and legal journalist with a keen interest in cybercrime, digital fraud, and emerging technology laws. He writes on the intersection of law, cybersecurity, and online safety, focusing on developments that impact individuals and institutions in India.
