Opinion Migration to ‘.bank.in’ domain: How it will help reduce digital payments frauds

A domain name is used to find websites. It is a unique and easy-to-remember address to access websites on the internet.

The operationalisation of the new internet domain name is through the Institute for Development and Research in Banking Technology (IDRBT), which has been authorised by the National Internet Exchange of India (NIXI), under the aegis of the Ministry of Electronics and Information Technology (MeitY), to serve as the exclusive registrar for this domain, the RBI said.

The RBI has asked all banks to commence the migration of their existing domains to the ‘.bank.in’ domain and complete the process by October 31, 2025.

NIXI is a not for profit organisation set up for peering of Internet Service Providers (ISPs) among themselves for the purpose of routing the domestic traffic within the country, instead of taking it all the way to US/abroad, thereby resulting in better quality of service and reduced bandwidth charges for ISPs by saving on international bandwidth.

The ‘.IN’ domain is India’s own ccTLD, which is a two-letter string (eg: https://www.india.gov.in or) added at the end of a domain name. A ccTLD functions as more than just a string in a web address. It is considered a symbol of national identity on the global internet.

What does this mean?

With the migration to the new domain, all banks in the country will have ‘.bank.in’ as the domain name. Currently, banks are either using ‘.com’ or ‘.co.in’ as their domain name, which is more generic.

The RBI has given banks time till October 31, 2025 to migrate to ‘.bank.in’. Till the time banks fully migrate to the new internet domain, they are likely to have both ‘.bank.in’ and their old internet domains. So a customer can visit their respective bank’s website with the old internet domain, which will then redirect them to the bank’s website with the ‘.bank.in’ domain.

“Once the migration is done, customers should ensure that if they are visiting a bank website, the domain should be ‘.bank.in’. And, in case they receive a mail from their bank with a domain ending in ‘.bank.in’, it can be considered genuine,” said a chief technology officer (CTO) of a large bank.

The rationale behind the domain change

The rapid digitalisation of financial services has brought convenience and efficiency but it has also increased exposure to cyber threats and digital risks, which are getting sophisticated day by day. The surge in digital fraud is a matter of concern. Frauds present multiple challenges for the financial system in the form of reputational risk, operational risk, business risk and erosion of customer confidence with financial stability implications.

“Increased instances of fraud in digital payments are a significant concern. To combat the same, the Reserve Bank of India (RBI) is introducing the ‘bank.in’ exclusive Internet Domain for Indian banks,” RBI Governor Sanjay Malhotra had said while announcing the February 2025 monetary policy.

“Today, anybody can approach an internet domain registering authority and register a domain name. For example, one can register as Xbank 0f India.co.in. Here zero (0) is used instead of an alphabet ‘O’ in word ‘OF’ is used while registering the domain. The changes are so minute that not everyone can differentiate a real website from a fake one. Fraudsters are using such fake websites for phishing attacks and other kinds of digital frauds,” said a CTO of a private bank.

“Now with operationalisation of ‘.bank.in’ domain name, it would be difficult for any entity, except RBI regulated banks, to register with ‘.bank.in’. This will help in reduction in the number of digital fraud using a bank’s website,” the banker said.

The new internet domain will reduce cyber security threats and malicious activities like phishing; and, streamline secure financial services, thereby enhancing trust in digital banking and payment services.

Increasing instances of digital payment fraud

During April-September 2024, based on the date of occurrence of frauds, the share of internet and card frauds was around 20 per cent in terms of amount involved, and close to 84 per cent in terms of number of frauds, according to the RBI.

Based on the date of occurrence of frauds, in 2023-24, the share of internet and card frauds in the total stood at 44.7 per cent in terms of amount and 85.3 per cent in terms of number of cases.