RBI mandates all Indian banks to migrate to secure .bank.in
Major Indian banks like SBI, HDFC, and ICICI already live on .bank.in domain
Migration boosts cybersecurity and combats phishing with verified bank domains
The digital landscape of Indian banking is undergoing a huge security-focused shift right now, as Reserve Bank of India’s (RBI) directive for banks to migrate their online operations to the secure .bank.in domain by October 31, 2025, draws closer. This move is more than just a regulatory update, but a critical and much-needed move in fortifying the nation’s financial cybersecurity infrastructure.
SurveyArmed with just a browser and good old curiosity, I embarked on a digital expedition to check which banks have made the leap, how well they’ve executed it, and what this transition means for the average Indian customer.
Which Indian banks have enabled .bank.in so far?
My journey began with familiar names already leading the charge. ICICI Bank (icici.bank.in), SBI (sbi.bank.in), RBL Bank (rbl.bank.in), and HDFC Bank (hdfc.bank.in) were unequivocally LIVE. Landing on these sites offered an immediate sense of reassurance — familiar layouts, smooth navigation, and that crucial .bank.in in the URL bar acting as a digital badge of authenticity. SSL certificates were valid, connections encrypted, and user experiences seamless. These early adopters have clearly prioritized both security and continuity.
Several public sector banks are also showing commendable readiness. Bank of Baroda (bankofbaroda.bank.in), Canara Bank (canarabank.bank.in), Punjab National Bank (pnb.bank.in), and Union Bank of India (unionbankofindia.bank.in) all appear fully operational. Their live and secure portals signify strong momentum in the migration process — particularly significant given their vast customer bases across India’s urban and rural heartlands.
Some Indian banks’ website transition’s still work in progress
Not all banks have enabled their .bank.in websites just yet. When I tried accessing Kotak Mahindra Bank (kotak.bank.in), I encountered an SSL certificate error a few times — not sure if it was a browser specific issue, perhaps. Other times the new Kotak URL was loading perfectly. Maybe the bank’s IT team’s going to enable the .bank.in anytime now — it’s just a minor speed bump, not a stall, indicative of the intricate, multi-layered nature of such a migration.
Also read: Received call from RBI about bank account blocking? Govt says it’s fake
Then came Axis Bank (axis.bank.in). The domain currently appears dormant, suggesting that internal preparations are still underway. Given Axis’s extensive digital infrastructure, a cautious rollout is understandable. Migrating millions of active users while maintaining uptime and security is no small feat.
Further exploration revealed a mixed bag of progress. Bank of India (bankofindia.bank.in), Central Bank of India (centralbank.bank.in), Indian Bank (indianbank.bank.in), Indian Overseas Bank (iob.bank.in), Punjab and Sind Bank (punjabandsind.bank.in), and UCO Bank (uco.bank.in) all displayed encouraging signs — many live and secure, others in transition. The collective movement across public and private sectors showcases the scale and seriousness of this nationwide digital overhaul.
RBI’s mandate to all Indian banks to switch to .bank.in domain
RBI in their April 2025 circular had set October 31, 2025, as the deadline for Indian banks to switch to their respective .bank.in domain URLs, and this transition is more than cosmetic — make no mistakes. The .bank.in domain is a tightly regulated digital zone — only RBI-approved banks can register under it. That exclusivity creates an immediate defensive layer against phishing and spoofing attacks, which often thrive on lookalike domains. For customers, the simple presence of “.bank.in” in a URL will soon act as a visual stamp of trust — a built-in fraud filter in the browser bar.
By consolidating Indian banking under a single, verified top-level domain, the RBI aims to create a uniform, transparent, and secure environment, and thereby reducing the scope for cybercriminals to impersonate legitimate institutions and stop phishing related cyberattacks. How this shift to .bank.in domain will impact the respective bank’s mobile app security remains to be seen.
With the October 2025 deadline approaching fast, India’s banking ecosystem stands at a pivotal moment. The .bank.in revolution isn’t just about new URLs, but about building digital trust. For millions of Indians who bank online, this change represents a safer, more resilient financial future. The road to .bank.in is both a cybersecurity milestone and a marker of India’s growing digital maturity.
Also read: From BFSI to super apps: Protectt.ai explains future of mobile app security
Follow Us
Jayesh Shinde
Executive Editor at Digit. Technology journalist since Jan 2008, with stints at Indiatimes.com and PCWorld.in. Enthusiastic dad, reluctant traveler, weekend gamer, LOTR nerd, pseudo bon vivant. View Full Profile
