RBI’s New .bank.in Rule is becoming one of the biggest security-focused changes in India’s digital banking ecosystem. With the Reserve Bank of India directing all banks to shift from generic domains like “.com” and “.co.in” to the exclusive “.bank.in” domain, this move aims to fight phishing, boost trust, and provide customers with a safer online banking experience. The transition, set to be completed by October 31, 2025, marks a turning point in India’s cybersecurity landscape — especially as digital fraud continues to rise.
Background: Why the RBI .bank.in Domain Rule Was Introduced?
Over the past few years, India has witnessed a sharp surge in frauds associated with digital payments, net banking, and phishing attacks. Cybercriminals routinely create look-alike websites that mimic real bank portals, using deceptive URLs that are difficult for customers to distinguish from legitimate ones.
To address this, RBI announced on February 7, 2025, a policy to introduce two exclusive domains: “. bank.in” for banks, and “. fin.in” for non-bank financial institutions (NBFCs and fintech companies). The goal was to strengthen the cybersecurity framework, give customers a reliable signal of authenticity, and reduce the risk of spoofing or phishing websites.
By making “. bank.in” available only to RBI-licensed and regulated banks, the central bank is creating a digital namespace that is much more trustworthy than generic domains.
Technical and Institutional Setup.
The operationalization of the “. bank.in” domain is being handled by a trusted technical body: the Institute for Development and Research in Banking Technology (IDRBT).
IDRBT has been appointed as the exclusive registrar for this domain.
This gives the RBI tighter control over domain registration, ensuring that only validated banks can obtain and use “. bank.in” addresses.
The National Internet Exchange of India (NIXI), under the Ministry of Electronics & Information Technology (MeitY), is also part of the structure.
What the October 31, 2025, Deadline Means ?
RBI’s circular clearly states that all banks must complete their migration to “. bank.in” by October 31, 2025. This includes public-sector banks, private banks, cooperative banks — essentially, the entire banking sector.
During the transition period, many banks may run both their old and new domains simultaneously and set up automatic redirection from the old URL to the “. bank.in” version. But after the deadline, they’re expected to primarily operate from the new domain.
Why “. bank.in” Is More Secure ?
The main rationale behind this domain shift is fraud prevention. By limiting “. bank.in” to only legitimate, RBI-licensed banks, the RBI drastically reduces the chances of fraudulent actors setting up phishing websites under that same domain.
Impact on Users and Banks
For Customers:
- Customers must be alert: always check that the banking URL ends in “. bank.in” before logging in.
- It is now safer to bookmark bank websites or type in the URL directly rather than relying on forwarded messages or search-engine links.
- As the migration completes, users may still be able to access the old domain, but they will likely be redirected to the “. bank.in” address.
For Banks:
- Banks need to coordinate with IDRBT for registration and domain migration.
- They must ensure all subdomains (internet banking, IFSC lookup, customer portals) are migrated safely. As an example, Bank of Baroda shifted its entire domain including its subdomains by early October 2025.
- Marketing and customer communication: Banks will need to inform users of the domain change proactively, so that customers don’t get confused or fall prey to phishing during the transition.
