The domain structure such as bankname.bank.in, refers to a new, restricted, and exclusive domain zone that the RBI has mandated for all regulated Indian banks.
Here are the details on what the .bank.in domain is, why it was introduced, and the RBI’s role:
🏛️ What is the .bank.in Domain?
The .bank.in domain is a Restricted Top-Level Domain (TLD) specifically for banks licensed and regulated by the Reserve Bank of India (RBI). It is part of a strategic move to create a trusted and standardized digital identity for the Indian banking sector.
-
Structure: Genuine bank websites are migrating from their old domains (e.g.,
bankname.comorbankname.co.in) to the new format, such assbi.bank.inorhdfc.bank.in. -
Deadline: The RBI has mandated that all banks must complete this migration by October 31, 2025.
🔒 The RBI’s Major Role and Rationale
The Reserve Bank of India (RBI) is the driving force and chief regulatory authority behind this initiative, primarily for cybersecurity and consumer protection reasons.
1. Combating Phishing and Digital Fraud (Security)
This is the main reason. In a generic domain like .com or .in, fraudsters can easily register a look-alike domain (a “spoof”) using minor spelling variations (e.g., rnicrosoft.com instead of microsoft.com).
-
The
.bank.indomain makes it impossible for unauthorized individuals or entities to register a fraudulent banking website, as the registration is strictly controlled and verified by an RBI-authorized body. -
Benefit to Customers: When a customer sees a website address ending in
.bank.in, they can be confident that it is a genuine, RBI-regulated bank website.
2. Exclusive Registration and Verification (Trust)
The RBI ensures the integrity of the domain by setting up a rigorous process:
-
Exclusive Registrar: The RBI has authorized the Institute for Development and Research in Banking Technology (IDRBT) – an organization established by the RBI – to serve as the exclusive registrar for the
.bank.indomain. -
Mandatory Documentation: To register, a bank must submit official documents, including its RBI License Copy and a Board Resolution authorizing the domain.
-
No Public Registration: Unlike regular domains, the
.bank.indomain is not available for general public registration, preventing cybersquatting or abuse.
3. Enforcing High Cybersecurity Standards (Compliance)
The use of the .bank.in domain is not just a name change; it comes with a mandate for enhanced security protocols as part of RBI’s cybersecurity framework. Banks are required to implement:
-
DNSSEC (Domain Name System Security Extensions): To prevent DNS hijacking.
-
HTTPS/HSTS: To ensure secure, encrypted connections.
-
Email Authentication: Strict use of standards like SPF, DKIM, and DMARC to secure official email communication and prevent email spoofing/phishing.
🌐 The Technology Partner: IDRBT
While the RBI mandates the policy, the operational and technical management is handled by the IDRBT.
| Entity | Role |
| RBI | Policy Setter & Regulator – Mandates the use of the domain for security and trust. |
| IDRBT | Exclusive Registrar – Manages the registration, verifies the authenticity of every applicant bank using the RBI license, and provides technical guidance for migration. |
| NIXI | Registry Operator – The National Internet Exchange of India (NIXI) is the parent body that manages the entire .in Country Code TLD for India (under MeitY) and authorizes IDRBT as the exclusive registrar for the .bank.in sub-zone. |
The introduction of .bank.in is a comprehensive effort to leverage the domain system itself as a trust and security mechanism, making the Indian digital banking ecosystem safer and more reliable for all consumers.
