RBI Introduces ‘.bank.in’ and ‘.fin.in’ Domains to avoid fraudulent

In a major move to protect consumers from online financial fraud, the Reserve Bank of India (RBI) has announced the launch of dedicated ‘.bank.in’ and ‘.fin.in’ domains for banks and non-banking financial institutions (NBFCs). Starting from April 2025, all banks in India will be required to migrate their websites to the exclusive ‘.bank.in’ domain, while NBFCs and fintech firms will transition to ‘.fin.in’. This initiative is aimed at helping customers easily identify authentic financial websites and avoid fraudulent ones.

Why RBI Introduced ‘.bank.in’ and ‘.fin.in’

Increasing Cyber Fraud in Indian Banking

The rise in digital transactions has been accompanied by a surge in cyber threats, including phishing attacks, fraudulent websites, and unauthorized access to sensitive banking data. Currently, cybercriminals can easily create fake bank websites that look authentic, misleading customers into sharing their personal and financial details.

For example, with this new regulation in place:

✅ SBI will use the official domain – sbi.bank.in
✅ PNB will use – pnb.bank.in
❌ Other websites like sbi.me, sbi.xyz, sbi.kyc, sbi.in will be flagged as fake

By limiting the usage of ‘.bank.in’ exclusively to Indian banks, the RBI aims to provide a clear and recognizable domain that customers can trust. Similarly, NBFCs and fintech firms will use ‘.fin.in’, ensuring a secure and streamlined digital financial ecosystem.

Read also: Central Bank Digital Currencies (CBDCs)

How the New Domains Will Work

Starting in April 2025, all authorized banks in India must shift their websites to the ‘.bank.in’ domain, replacing their existing URLs. This transition will:

🔹 Ensure that only banks can use the domain, eliminating fraud attempts from unauthorized entities.
🔹 Provide customers with a simple way to verify legitimate bank websites.
🔹 Enhance overall cybersecurity and reduce phishing scams.

In addition, NBFCs and other financial institutions will transition to the ‘.fin.in’ domain, extending security benefits beyond banks to the entire financial sector.

Registrar and Authentication

The Institute for Development and Research in Banking Technology (IDRBT) has been designated as the sole registrar for these domains. This ensures a regulated and secure registration process. Additionally, to further enhance digital security, the RBI will implement an Additional Factor of Authentication (AFA) for cross-border ‘Card Not Present’ transactions.

✅ Domestic digital transactions already require AFA
✅ International transactions will now also include AFA for enhanced security
✅ This measure will apply only if overseas merchants support AFA
✅ A draft circular will be released soon for industry feedback

The Growing Threat of Cyber Fraud in India

Cyber fraud in India has been on the rise, particularly with the growth of UPI transactions and mobile banking. Recent data from the Ministry of Finance shows that:

🔸 ₹485 crore was lost in UPI fraud between April and September 2024
🔸 632,000 cases of fraud were recorded in the same period
🔸 Since 2022-23, India has seen 2.7 million fraud cases, causing losses of ₹2,145 crore

Government Actions to Combat Cyber Fraud

To tackle these threats, the Indian government has implemented several strong measures:

✅ Blocked 669,000 SIM cards used in fraud
✅ Blacklisted 132,000 mobile IMEIs linked to scams
✅ Blocked 59,000 WhatsApp accounts used for cybercrimes
✅ Shut down 1,700 fraudulent Skype IDs

The Indian Cyber Crime Coordination Centre (I4C) under the Union Home Ministry has played a vital role in preventing financial fraud, helping recover over ₹3,431 crore from nearly 1 million complaints.

Additional Security Measures by RBI

Beyond domain security, the RBI has introduced new guidelines for banking communication to reduce scam calls.

🔹 Banks must use the 1600xx series for service-related calls
🔹 The 1400xx series must be used exclusively for promotional calls
🔹 Any call from a different number is likely a scam

These measures ensure that customers can easily identify legitimate bank communication and avoid falling victim to fraudsters impersonating bank officials.

What’s Next?

📌 Banks must complete their migration to ‘.bank.in’ by April 2025
📌 NBFCs and fintech companies will transition to ‘.fin.in’
📌 New cybersecurity guidelines for banks and financial institutions
📌 Stronger authentication methods for international transactions

Conclusion

The introduction of ‘.bank.in’ and ‘.fin.in’ is a game-changing move by the RBI to strengthen the security of India’s digital banking sector. By making it easier for customers to recognize legitimate banking websites and transactions, these initiatives will significantly reduce cyber fraud risks.

With growing digital threats, banks, NBFCs, and fintech firms must prioritize cybersecurity, educate consumers, and upgrade fraud detection mechanisms to stay ahead of cybercriminals. The RBI remains committed to monitoring fraud trends and rolling out further safeguards to ensure a safe and secure banking experience for all Indians.