In a major move to protect consumers from online financial fraud, the Reserve Bank of India (RBI) has announced the launch of a dedicated ‘.bank.in’ domain for all Indian banks. Starting from April 2025, banks in India will be required to migrate their websites to this exclusive domain. The new measure aims to help customers easily identify authentic banking websites and avoid fraudulent ones.
Right now, cybercriminals can easily make fake bank websites that look real. People get tricked and think they are using the official bank website, which leads to online fraud. For Example – now, SBI will use domain – sbi.bank.in and PNB will use domain – pnb.bank.in. Only the banks in India will be able to use this exclusive domain ‘bank.in’. Apart from banks, no other person can use this domain which means that any user can now easily identify whether the bank website is genuine or not. It means that – sbi.bank.in will be the only genuine website and other websites like sbi.me, sbi.xyz, sbi.kyc, sbi.in will be termed as fake websites and users need to visit only the website having domain ‘bank.in’.
The decision was made public by RBI Governor Sanjay Malhotra during the Monetary Policy Committee (MPC) meeting on Friday. He highlighted the increasing cyber threats and the need for stronger security measures to prevent phishing scams and digital banking frauds. This new step of introducing exclusive domain names for banks is expected to reduce the cyber fraud.
Earlier, the RBI had also asked Banks to use specific numbers to call customers so that cyber fraud can be reduced. RBI had directed Banks to use only 1600xx and 1400xx number series for calling customers. ‘1600xx’ numbering series will be used exclusively for transactional and service-related calls. For promotional calls, banks and REs are required to use the ‘140xx’ numbering series. With this, customers can now easily identify genuine calls and avoid falling victim to frauds. It means that if you receive call from any number other than 1600xx and 1400xx then the call is not from your bank.
“The surge in digital frauds is a matter of concern, warranting action by all stakeholders,” said Governor Malhotra.
How the ‘.bank.in’ and ‘fin.in’ Domains Will Work
From April 2025, all authorised banks in India must move their websites to the ‘.bank.in’ domain, replacing their existing domains. This step will make it easier for customers to verify if they are accessing a legitimate bank website, thereby reducing the chances of falling victim to fraudulent banking portals.
In addition to banks, the RBI will also introduce a separate domain, ‘fin.in’, for non-banking financial companies (NBFCs) and other financial institutions. This will extend security benefits to the entire digital finance ecosystem and protect more customers from cybercriminals.
Rising Cyber Threats in India
India has seen a sharp increase in online banking frauds, with cybercriminals frequently creating fake bank websites to steal login credentials, debit/credit card details, and personal information. The rise in Unified Payments Interface (UPI) transactions and mobile banking has made security a top concern for financial regulators.
Recent data from the Ministry of Finance shows that between April and September 2024, UPI fraud alone resulted in ₹485 crore in losses across 632,000 cases. Since 2022-23, India has recorded 2.7 million fraud cases, causing a total loss of ₹2,145 crore. In FY24, 1.34 million cases led to losses amounting to ₹1,087 crore.
To combat these threats, the Indian government has taken strict actions:
✅ Blocked over 669,000 SIM cards used in fraud
✅ Blacklisted 132,000 mobile IMEIs linked to scams
✅ Blocked 59,000 WhatsApp accounts used for cybercrimes
✅ Shut down 1,700 fraudulent Skype IDs
The Indian Cyber Crime Coordination Centre (I4C) under the Union Home Ministry has also played a key role in preventing fraud, helping save over ₹3,431 crore from nearly 1 million reported complaints.
Additional Security Measures by RBI
To strengthen digital security, the RBI has also introduced an Additional Factor of Authentication (AFA) for international digital transactions made to foreign merchants. This extra security step will require users to verify payments beyond just entering a password or OTP, making international card frauds harder to execute.
Governor Malhotra stressed that digital security is now a top priority for the RBI, urging banks and NBFCs to:
🔹 Upgrade fraud detection systems
🔹 Conduct regular cybersecurity assessments
🔹 Improve incident response strategies
The RBI assured customers that it will continue to monitor fraud trends and introduce new safeguards as needed. This move is part of its broader efforts to ensure safe digital banking for all Indians.
What’s Next?
- All banks must complete their migration to ‘.bank.in’ by April 2025
- NBFCs and financial institutions will start using ‘fin.in’
- Stronger online security measures for Indian consumers
With these initiatives, the RBI aims to create a safer and more reliable digital banking ecosystem, ensuring that customers do not fall prey to fraudulent banking websites.
