RBI DIRECTIVE: BANKS TO MIGRATE TO “.BANK.IN” DOMAIN TO STRENGTHEN CYBERSECURITY

In a major step toward enhancing digital banking security, the Reserve Bank of India (RBI) has issued a new directive requiring all Indian banks to shift their official websites to the secure “.bank.in” domain. This move aims to combat the rising wave of phishing attacks, fake websites, and digital banking frauds that continue to target millions of customers.

According to Business Standard, the RBI has instructed all banks to complete this migration by October 31, 2025, ensuring that customers can easily identify authentic bank websites through a verified, RBI-approved domain name.

Why the RBI Took This Step

Rising Cyber Threats in Banking

India’s banking ecosystem has witnessed a surge in cyber-fraud incidents, from phishing scams to website spoofing. The Reuters report highlights that the RBI has repeatedly urged financial institutions to strengthen cybersecurity frameworks and increase oversight of IT and third-party risks.

The new “. bank.in” domain serves as a trusted digital identity, creating a verified online presence for all licensed banks in India. Customers can now be confident that any website ending with “. bank.in” belongs to a legitimate, RBI-regulated institution.

A Shield Against Phishing

One of the biggest cybersecurity threats in India is phishing. Attackers often create fake banking websites that mimic official ones, changing only a few characters in the URL. With this RBI directive, it will become much harder for cybercriminals to trick users into entering personal information on fraudulent sites.

As NDTV reports, only verified banks regulated by the RBI will be eligible to use this restricted domain, adding an extra layer of safety for consumers.

What’s Changing for Banks and Customers

For Banks

All Indian banks must transition to the “. bank.in” domain by October 2025, updating their website, online banking portals, and digital assets. The Institute for Development and Research in Banking Technology (IDRBT) a subsidiary of the RBI, will manage domain registration and verification to ensure authenticity.

Banks will also need to redirect old website links to the new domain, update SSL certificates, and communicate the change clearly to customers to prevent confusion.

For Customers

Customers must verify that any banking website ends with “.bank.in” before logging in or entering credentials. This small but vital habit can help prevent fraud and identity theft. The RBI’s move also complements other recent initiatives such as two-factor authentication (2FA) for digital transactions, as mentioned by the Times of India.

Impact on Cybersecurity in India

The “.bank.in” initiative aligns with the RBI’s broader cyber-resilience strategy, which emphasizes proactive monitoring, real-time incident reporting, and cyber-risk governance. This step represents a milestone in India’s digital security evolution, ensuring that both private and public banks maintain a consistent, regulated online presence.

However, experts caution that while a domain name adds a strong trust layer, it must be supported by robust internal cybersecurity controls, including vulnerability assessments, SOC monitoring, and continuous awareness programs. Enrolling in a cyber security course can help IT professionals and banking staff strengthen their understanding of such defense mechanisms and stay updated with the latest threat of mitigation practices.

For more insights into recent global cyber trends, from cloud cryptomining threats to zero-day vulnerabilities, read our latest analysis here Cloud Cryptomine to Zero Day Exploits: This Week’s Cybersecurity Roundup.

Key Benefits of the .BANK.IN Domain

Increased Customer Trust: Only RBI-regulated entities can use “.bank.in.”
Phishing Prevention: Reduces the risk of fake or lookalike bank websites.
 Stronger Digital Identity: A unified domain structure enhances brand credibility.
 Regulatory Oversight: Managed and verified by IDRBT under RBI supervision.
Alignment with Global Standards: Similar initiatives exist in the U.S. (“.bank”), helping India match international cybersecurity best practices.

Expert Recommendations

• Always check that the bank’s website URL ends with “.bank.in.”
• Avoid clicking on links in emails or messages; type the URL manually in your browser.
• Update your saved bookmarks to the new official domain once your bank migrates.
• Stay alert for official announcements from your bank regarding the domain change.
• Follow verified sources like Economic Times for the latest cybersecurity updates.

The Road Ahead for India’s Banking Security

The RBI’s directive to adopt the “.bank.in” domain marks a pivotal moment for India’s cybersecurity landscape. It’s not just a domain update, it’s a step toward building a trusted, transparent, and secure digital banking ecosystem.

While this initiative will significantly reduce the risk of impersonation and phishing, continuous vigilance, layered defense mechanisms, and strong customer awareness remain key to complete digital safety.

As India continues its digital transformation, this RBI update reinforces one clear message the future of banking security lies in verified, regulated, and cyber-resilient systems.

Cyber Security Course in Mumbai | Cyber Security Course in Bengaluru | Cyber Security Course in Hyderabad | Cyber Security Course in Delhi | Cyber Security Course in Pune | Cyber Security Course in Kolkata | Cyber Security Course in Thane | Cyber Security Course in Chennai