In a significant move to bolster cybersecurity within India’s banking sector, the Reserve Bank of India (RBI) has directed all banking institutions to migrate their online presence to the exclusive ‘.bank.in’ domain by October 31, 2025. This initiative aims to create a more secure digital banking environment and mitigate the rising threat of phishing attacks targeting Indian banking customers.
Introduction of ‘.bank.in’ and ‘.fin.in’ Domains
The RBI’s directive introduces the ‘.bank.in’ Top-Level Domain (TLD) as a verified digital identity system for India’s banking sector. Unlike conventional domains such as ‘.com’ or ‘.in’, the ‘.bank.in’ TLD will be available exclusively to authorized and RBI-regulated financial institutions, establishing a trusted ecosystem for online banking operations. Additionally, the RBI plans to introduce the ‘.fin.in’ domain for non-bank financial entities, further expanding secure digital infrastructure in the financial sector. ([timesofindia.indiatimes.com](https://timesofindia.indiatimes.com/business/india-business/rbi-introduces-exclusive-domains-bank-in-and-fin-in-to-enhance-cyber-security-in-indian-banking/articleshow/118014035.cms?utm_source=openai))
Technical Implementation Requirements
To ensure a smooth transition, banking institutions must adhere to a strict technical framework, which includes:
– Domain Registration: Banks must register their preferred domain names under the ‘.bank.in’ TLD through authorized registrars who will verify their regulatory status.
– DNS Configuration: Technical teams will need to implement Domain Name System (DNS) changes to accommodate the new domain.
– SSL Certificate Deployment: All ‘.bank.in’ domains must implement Extended Validation (EV) SSL certificates with a minimum 2048-bit encryption key and SHA-256 hashing algorithm to ensure secure connections.
– DNSSEC Implementation: Banks must configure Domain Name System Security Extensions (DNSSEC) to prevent DNS hijacking attacks.
– HTTP Strict Transport Security (HSTS): Banks must enable HSTS with a minimum max-age directive of one year to enforce secure connections.
Phishing Protection and Customer Impact
This initiative directly addresses the growing problem of phishing attacks targeting banking customers. With the implementation of the ‘.bank.in’ domain, customers can be confident that any website using this domain has undergone rigorous verification, thereby reducing the risk of falling victim to fraudulent websites. Cybersecurity experts estimate that phishing attacks targeting Indian banking customers increased by 37% in 2024, with fraudulent websites often using domain names that closely resemble legitimate banking sites.
Implementation Timeline
The RBI has outlined the following timeline for the transition:
– June 2025: Complete domain registration and verification.
– August 2025: Implement parallel operations on both existing and new domains.
– October 2025: Complete full migration and redirect services.
Banks have been advised to begin the transition process immediately to meet the October 31, 2025 deadline. The RBI has established a dedicated technical support cell to assist banking institutions throughout the migration process, emphasizing that consumer education will be crucial to ensure widespread adoption and recognition of the new domain extension.
Conclusion
The RBI’s directive to transition to the ‘.bank.in’ domain represents a significant step toward establishing a more secure digital banking infrastructure in India. By creating a trusted online environment, this initiative aims to enhance customer confidence in digital banking and payment services, ultimately contributing to the overall stability and security of the financial sector.
