Banks go ‘.bank.in’ from today: RBI’s new directive takes effect to secure digital transactions

A new Reserve Bank of India (RBI) directive comes into effect today (Friday, October 31), requiring all banks to shift their official websites to the exclusive ‘.bank.in’ domain. The move aims to enhance cybersecurity, protect customers from phishing scams, and strengthen public trust in digital banking.

Under the new rule, only RBI-regulated banks can register and use the ‘.bank.in’ domain — creating a verified, secure online identity system for India’s banking ecosystem. Starting today, customers logging into their bank websites will see updated URLs ending with “.bank.in”. Leading lenders including ICICI Bank, HDFC Bank, Axis Bank, and Kotak Mahindra Bank have already completed the migration and activated their new domains.

According to the RBI’s April 21, 2025 circular, all banks were instructed to complete the migration to the new domain “at the earliest and in any case, not later than October 31, 2025.” The central bank said the initiative would mitigate digital frauds, streamline secure access, and instil greater confidence in India’s rapidly expanding online banking network.

India’s top banks lead the transition

Several top public and private sector banks have now updated their official URLs:

ICICI Bank: https://www.icici.bank.in

HDFC Bank: https://www.hdfc.bank.in

Axis Bank: https://www.axis.bank.in

Kotak Mahindra Bank: https://www.kotak.bank.in/en/home.html

Punjab National Bank: https://pnb.bank.in

State Bank of India: https://sbi.bank.in

Private lenders, including ICICI, HDFC, and Axis Bank, have reassured customers that all existing services remain fully functional and that old website addresses will automatically redirect to the new domain.

What is the ‘.bank.in’ domain?

The ‘.bank.in’ domain is a secure and exclusive internet space introduced by the RBI for verified Indian banks. It serves as a digital authenticity marker, helping users identify legitimate banking websites and avoid fraudulent lookalike portals.

The RBI has designated the Institute for Development and Research in Banking Technology (IDRBT) as the exclusive registrar for the domain, under authorisation from the National Internet Exchange of India (NIXI) and the Ministry of Electronics and Information Technology (MeitY).

In its circular, the RBI stated that the move would “reduce cybersecurity threats, phishing, and malicious activities,” while enhancing customer confidence in digital payments.

Why this change matters

Cybersecurity experts say the transition to ‘.bank.in’ provides customers with a clear verification cue, ensuring that all banking portals under this domain are genuine, RBI-regulated entities. The RBI expects this to reduce online frauds and strengthen the security infrastructure of India’s banking system.

According to the RBI’s Developmental and Regulatory Policies statement (February 7, 2025), this initiative is part of a broader cybersecurity framework that also includes a future “fin.in” domain for non-bank financial institutions.

What customers should do

Experts recommend that users:

Always ensure that bank URLs end with “.bank.in” before logging in.

Avoid accessing banking websites through search engine links or forwarded messages.

Bookmark official URLs to protect against phishing attempts.

Safer digital banking

The rollout of the ‘.bank.in’ domain marks a major milestone in India’s digital banking evolution, giving customers a reliable way to confirm website authenticity. For banks, it enhances brand trust, security, and operational resilience.

By adopting this exclusive domain, India’s banking sector takes another decisive step toward building a more secure, transparent, and digitally trusted financial ecosystem.