Over 400 banks in India have completed the migration of their official websites to the .bank.in domain as mandated by the Reserve Bank of India (RBI).
Following this announcement, the transition forms part of a broader regulatory effort to reduce phishing and fraud risks in digital banking. The RBI had set a deadline of 31 October 2025 for all regulated banks to move from generic domains such as .com and .co.in to the secure .bank.in extension.
Restricted domain aims to combat phishing
According to the announcement, the .bank.in top-level domain (TLD) is exclusive to RBI-regulated banking institutions. NIXI was developed in order to operate as the authorised registrar under India's internet governance framework. By restricting access to verified banks, the domain structure is designed to help customers distinguish legitimate banking websites from fraudulent portals that mimic official sites to harvest credentials or facilitate financial fraud.
Phishing attacks, in which fraudsters replicate bank login pages to steal user information, have been a persistent challenge in India's digital banking sector. The controlled domain space limits the ability of such sites to operate undetected. Furthermore, it was reported that all major public and private sector banks have now completed the migration, although some missed the initial October 2025 deadline.
The initiative is part of a wider set of measures introduced by the RBI to strengthen digital financial security. These include improved authentication protocols, digital identity verification systems, and consumer protection frameworks for digital banking and payments.
Domain policy aligns with broader cybersecurity goals
Under the .bank.in policy, only institutions regulated by the RBI are permitted to register the extension. This prevents unregulated entities and fraudsters from creating convincing counterfeit banking sites using the domain, which is expected to reduce certain categories of online financial fraud.
India is also preparing for the Internet Corporation for Assigned Names and Numbers (ICANN) generic top-level domain (gTLD) application round, in which the country intends to secure additional domain extensions such as .india and .bharat for use by Indian entities.
For banking customers, the change means that official bank websites should now end in .bank.in. Users are advised to verify the domain before entering credentials and to remain cautious of emails, links, or SMS messages directing them to domains that do not use the .bank.in extension, as these may be phishing attempts. Secure connections via HTTPS should also be confirmed before logging in or conducting transactions.
The domain migration reflects the RBI's ongoing efforts to optimise trust and security in digital banking as financial activity increasingly moves online.
