Migration to ‘.bank.in’ Domain – Strengthening Cybersecurity in the Banking Sector

Introduction

The Reserve Bank of India (RBI), through its circular RBI/2025-26/28 dated April 22, 2025^[1], has mandated all banks operating in India to transition to a new internet domain: ‘.bank.in’. This initiative is a part of the RBI’s broader cybersecurity strategy aimed at enhancing trust, mitigating digital fraud, and ensuring a secure digital identity for banks. The decision aligns with the policy announcement made in Para 4 of the RBI’s Statement on Developmental and Regulatory Policies released on February 7, 2025^[2], which emphasized the importance of exclusive, secure domains for financial institutions.

Role of IDRBT in Domain Registration and Support

To facilitate this transition, the RBI has designated the Institute for Development and Research in Banking Technology (IDRBT) as the sole registrar for the ‘.bank.in’ domain. IDRBT will operate in collaboration with the National Internet Exchange of India (NIXI) and the Ministry of Electronics and Information Technology (MeitY). Banks must initiate contact with IDRBT via the official email address sahyog@idrbt.ac.in to begin the domain registration and migration process. IDRBT will provide comprehensive support that includes registration guidance, technical and DNS setup, migration procedures, and cybersecurity compliance evaluations.

Timeline for Domain Migration and Early Planning

The RBI has set a firm deadline of October 31, 2025, for the completion of this domain migration. However, banks are encouraged to begin the process early to ensure a smoother transition and allow time for customer awareness efforts. As part of their internal planning, banks should immediately audit their existing digital infrastructure, including websites, customer portals, email systems, and payment gateways. They should develop a detailed migration plan that addresses DNS changes, branding updates, data transfer, and communication strategies for both internal and external stakeholders.

Additionally, banks must ensure their cybersecurity posture is robust during this transition. This includes conducting vulnerability assessments, reinforcing system monitoring, and being prepared to address any security issues that may arise during the migration.

Customer Communication and Awareness Campaigns

To support the transition, banks are strongly advised to launch customer communication campaigns. These should explain the benefits of the ‘.bank.in’ domain, such as improved security, better recognition of legitimate banking websites, and significantly reduced chances of phishing and online fraud. Transparent and consistent communication will play a key role in building public confidence in the new domain structure.

Conclusion: Strengthening India’s Digital Financial Ecosystem

The RBI’s directive marks a pivotal development in securing India’s digital financial ecosystem. By establishing a uniform and verified domain space for banks, the move not only addresses the urgent need for enhanced fraud protection but also supports India’s broader digital transformation goals. This transition to the ‘.bank.in’ domain is expected to set a new standard for digital identity and trust in the Indian banking sector.

^[1] circular RBI/2025-26/28

^[2] RBI’s Statement on Developmental and Regulatory Policies