RBI Directs All Indian Banks to Transition to .bank.in Domains

The Reserve Bank of India (RBI) has issued a directive requiring all banking institutions in the country to migrate their web presence to the new .bank.in domain by October 31, 2025. 

This landmark cybersecurity initiative aims to create a more secure digital banking ecosystem and combat the rising threat of phishing attacks targeting Indian banking customers.

The .bank.in Top-Level Domain (TLD) introduces a verified digital identity system for India’s banking sector. 

Unlike conventional domains such as .com or .in, the new .bank.in TLD will be available exclusively to authorized and RBI-regulated financial institutions, creating a trusted ecosystem for online banking operations.

“This initiative represents a significant step toward establishing a more secure digital banking infrastructure,” said an RBI spokesperson.

“The specialized domain will serve as a visual trust indicator for customers, helping them distinguish legitimate banking websites from fraudulent ones.”

Technical Implementation Requirements

Dr. Prashant Mali, a cybersecurity and legal expert, said that banking institutions must follow a strict technical framework for implementation. The migration involves several critical technical steps:

• Domain Registration: Banks must register their preferred domain names under the .bank.in TLD through authorized registrars who will verify their regulatory status.
• DNS Configuration: Technical teams will need to implement Domain Name System (DNS) changes.
• SSL Certificate Deployment: All .bank.in domains must implement Extended Validation (EV) SSL certificates with a minimum 2048-bit encryption key and SHA-256 hashing algorithm.
• DNSSEC Implementation: Banks must configure Domain Name System Security Extensions to prevent DNS hijacking attacks.
• HTTP Strict Transport Security (HSTS): Banks must enable HSTS with a minimum max-age directive of one year.

Phishing Protection & Customer Impact

The initiative directly addresses the growing problem of phishing attacks targeting banking customers. When fully implemented, customers can be confident that any website using the .bank.in domain has undergone rigorous verification.

Cybersecurity experts estimate that phishing attacks targeting Indian banking customers increased by 37% in 2024, with fraudulent websites often using domain names that closely resemble legitimate banking sites.

The banking sector has generally welcomed the move, though some smaller institutions have expressed concerns about the technical complexity and costs associated with migration.

Dr. Prashant Mali stated that while there will be initial challenges in implementation, the long-term security benefits far outweigh the transitional costs. 

Banks have been advised to begin the transition process immediately, with the following timeline:

• June 2025: Complete domain registration and verification.
• August 2025: Implement parallel operations on both existing and new domains.
• October 2025: Complete full migration and redirect services.

The RBI has established a dedicated technical support cell to assist banking institutions throughout the migration process, emphasizing that consumer education will be crucial to ensure widespread adoption and recognition of the new domain extension.

Malware Trends Report Based on 15000 SOC Teams Incidents, Q1 2025 out!-> Get Your Free Copy