RBI .Bank.In Domain Mandate Explained: What Banks Must Do in 2026

As digital banking becomes the default for millions of Indians, the Reserve Bank of India (RBI) has introduced a major update aimed at improving online safety the mandatory use of the “.bank.in” domain by all Indian banks.

It might sound like a small technical change, but this shift carries huge significance for cybersecurity, customer trust, and how users identify legitimate banking websites. Let’s break it down simply and clearly.

What Is “.bank.in”?

The “.bank.in” domain is a new, restricted top-level domain that can only be used by banks licensed and regulated by the RBI. Unlike regular “.com” or “.in” domains, “.bank.in” is exclusive to verified Indian banks, ensuring that customers can easily identify authentic websites. This domain is managed and approved by the Institute for Development and Research in Banking Technology (IDRBT) the technology and cybersecurity arm of the RBI. The IDRBT ensures that only authorised banks can register for this secure domain, helping to eliminate fake or look-alike URLs that often lead to phishing scams.

Why Did the RBI Introduce It?

1. To Combat Rising Online Fraud: Digital payments have brought convenience but also risk. Fraudsters often create fake websites that mimic official bank portals. The RBI’s new mandate aims to stop this by giving banks a trusted, standardised online identity that’s easy for customers to recognise.
2. To Strengthen Trust:When a user sees a URL ending with “.bank.in”, they can be confident it’s genuine. This reduces the chances of falling victim to phishing or spoofing attacks.
3. To Modernise Banking Infrastructure: Globally, banks have been adopting restricted domains such as “.bank” to enhance security. By introducing “.bank.in”, the RBI is aligning Indian banking with international best practices while maintaining national oversight.

What’s the Deadline — and Are There Penalties?

According to the RBI’s directive (April 2025), all Indian banks must migrate to the “.bank.in” domain no later than October 31, 2025.
So far, no extension or penalty framework has been publicly announced but non-compliance could attract regulatory scrutiny and reputational risks. Banks that haven’t started migration are expected to act immediately to ensure a smooth transition.
For customers, this means that by late 2025, every genuine Indian bank’s official website should end with “.bank.in”.

Role of IDRBT — The Technology Partner Behind the Change

The Institute for Developement and research in Banking Technology (IDRBT), based in Hyderabad, plays a crucial role in making this transition successful. It acts as the official registrar for the “.bank.in” domain, authorised by the National Internet Exchange of India (NIXI) and MeitY

IDRBT’s responsibilities include:

• Managing domain registration for RBI-approved banks.
• Providing technical guidance on DNS setup, SSL certificates, and safe redirects.
• Ensuring all registered domains follow strict cybersecurity standards.
• Offering support and documentation to help banks complete migration smoothly.

How Does This Help Customers and Banks?

For Customers:

• Quickly identify genuine banking websites.
• Reduced phishing risks.
• More secure digital transactions.

For Banks:

• Improved trust and brand credibility.
• Enhanced compliance with RBI’s cybersecurity policy.
• Protection against fake domains and impersonation.

The Bigger Picture

The RBI’s “.bank.in” initiative isn’t just a technical change it’s a trust-building exercise. It creates a safer online environment where customers can confidently interact with banks, knowing their data is protected. For financial institutions, it’s a chance to modernise, secure their brand, and lead the way in a safer digital era for India’s banking ecosystem. At Lumiverse Solutions, we view it as a critical move toward a secure, transparent, and future-ready banking ecosystem.

Learn more from official sources: RBI Circular and Economic Times.