How can exclusive domains like Bank.in by RBI enhance India’s cybersecurity and save Rs 21,367 cr?

India’s banking sector is experiencing a remarkable digital transformation, bringing greater convenience and efficiency to millions. Digital transactions have surged, making financial services more accessible than ever. However, this rapid shift has also created new opportunities for cybercriminals. Online banking frauds have become increasingly sophisticated, leading to massive financial losses. Recognizing the urgent need for stronger cybersecurity measures, earlier this year RBI introduced exclusive domains - “bank.in” and “fin.in”. On 22nd April 2025, the RBI operationalized the bank.in domain, marking a decisive step toward combating financial frauds, safeguarding India’s digital economy and enhancing trust among consumers.

The Rising Threat of Banking Frauds in India

According to data, the first half of the fiscal year 2024 saw 18,461 reported bank fraud, leading to massive financial losses of ₹21,367 crore. Many of these frauds stem from phishing attacks, where cybercriminals create fake websites that closely resemble legitimate banking portals. Unsuspecting customers enter sensitive information, including login credentials and financial details, which are then exploited by fraudsters.

The Zscaler ThreatLabz 2024 report further highlights the severity of this issue, naming India as the top global target for mobile malware attacks, with 28% of all incidents worldwide occurring in the country. As digital transactions become the norm, ensuring a safe and trustworthy banking environment has never been more critical.

RBI’s Strengthened Fraud Prevention Measures

To counteract these growing threats, the central bank of India has intensified its focus on fraud prevention. In 2024, it introduced revised Master Directions on Fraud Risk Management, expanding the responsibilities of bank boards in overseeing cybersecurity measures.These guidelines reinforce internal audit frameworks and enhance control mechanisms, ensuring banks proactively tackle cybersecurity risks. However, while internal banking security is crucial, customers also need a reliable way to verify genuine banking websites and avoid fraudulent ones. This is where this regulatory body’s mandatory initiative comes into play.

A New Digital Frontier: RBI’s Bank.in and Fin.in Domains

Building on these preventive measures, the RBI’s decision to mandate exclusive domains for Indian banks is a groundbreaking move. Under this initiative, all licensed banks are required to migrate their digital banking domains to the exclusive “bank.in” domain by October 31, 2025. This standardized and easily recognizable online identity aims to significantly reduce the risk of phishing attacks by providing customers with a clear way to identify legitimate banking websites. Similarly, “fin.in” will be introduced for non-banking financial entities.

Key Benefits of Exclusive Domains

The operationalization of “bank.in” offer three primary advantages:

1.    Clear Identification: Customers can quickly verify the authenticity of a banking website. Any domain outside the “bank.in” or “fin.in” ecosystem will immediately raise red flags, reducing the chances of users falling victim to phishing scams.
2.    Enhanced Trust and Security: A standardized domain system will augment consumer confidence in online banking, encouraging greater digital adoption. Knowing that all legitimate banks will only operate under “bank.in” removes ambiguity and improves cybersecurity awareness among users.
3.    Reduced Fraud Costs: By making it harder for cybercriminals to impersonate banks, the initiative could save the Indian banking system billions of rupees annually. Given the alarming fraud losses within just six months of last year, this plan can play a key role in mitigating future financial damages.

Strengthening India’s Digital Economy

As India moves toward becoming a US$1 trillion digital economy by 2025, securing its financial infrastructure is paramount. According to the Ministry of Electronics and Information Technology, digital financing needs will constitute around 2.3% of India’s GDP. Looking further ahead, by 2047, the country’s digital economy is expected to grow to US$5.4 to 6.9 trillion, with a digital infrastructure financing gap of US$124-159 billion.For this growth to be sustainable, robust cybersecurity measures must be in place to protect financial transactions at every level.

By ensuring secure digital transactions through initiatives like these, the nation is taking proactive steps to bridge this security gap. With these systems, the RBI is not only protecting existing digital banking users but also paving the way for greater financial inclusion by instilling confidence in those who are yet to adopt digital banking services.

The Road Ahead

The roll out of this effective strategy marks a crucial step in India’s fight against cyberfraud. However, its success will depend on seamless adoption and widespread awareness. The Institute for Development and Research in Banking Technology (IDRBT), an RBI-established institute focused on banking technology, will oversee the transition. Banks are advised to commence the migration of their existing domains to the ‘bank.in’ domain and complete the process at the earliest, and in any case, not later than October 31, 2025. As India’s digital economy continues to expand, securing the financial sector must remain a top priority. With the central bank leading the charge in cybersecurity and adding an extra layer of security, the country is prepared to build a safer, fraud-resistant digital economy that supports innovation without compromising security.

The author is Co-founder & CEO at Signzy,a global RegTech company specializing in AI-powered risk