Why in the News?

In a move to address the alarming rise in digital payment frauds, the Reserve Bank of India (RBI) has officially operationalised the ‘.bank.in’ domain, an exclusive and secure internet domain for Indian banks. This initiative is aimed at enhancing cybersecurity, ensuring user trust, and reducing vulnerabilities in the online financial ecosystem.

RBI Governor Sanjay Malhotra, during the February 2025 monetary policy announcement, stated:

“Increased instances of fraud in digital payments are a significant concern. To combat the same, the Reserve Bank of India (RBI) is introducing the ‘.bank.in’ exclusive internet domain for Indian banks.”

What Is the ‘.bank.in’ Domain?

The ‘.bank.in’ domain is a country-specific domain extension (ccTLD) created solely for Indian banks. It replaces the existing, more generic domains like ‘.com’ or ‘.co.in’ currently used by most banks.

Key Highlights:

• It will be exclusively available to registered Indian banks.
• Aimed at reducing phishing attempts, digital fraud, and identity spoofing.
• Enhances customer confidence by providing a verified and trustworthy web presence.
• The transition deadline for banks to migrate to the new domain is October 31, 2025.
• During the transition, banks may run dual domains, where old domains redirect to the new one.

Why This Move Was Necessary: Rise of Banking Scams

India’s rapid digitalisation has unfortunately led to a parallel rise in online banking frauds, where cybercriminals use advanced tactics to deceive and defraud consumers.

Common Banking Frauds:

1. Phishing & Spear Phishing: Fake emails or SMS mimicking banks to extract sensitive information like passwords, OTPs, and card details.
2. Synthetic Identity Fraud: Fraudsters create new identities using a mix of real and fake personal information to open fake bank accounts or take loans.
3. Mobile Banking Fraud: SIM swapping and malicious apps to intercept OTPs and steal money.
4. Jumped Deposits: Fraudsters make small deposits to gain trust, then trick victims into revealing UPI PINs.
5. ATM Skimming: Installing hidden devices in ATMs to clone cards and extract data.
6. Government Masquerader Scams: Pretending to be government officials to extract payments or personal data.

The “Digital Arrest” Scam – A New Threat

A particularly alarming form of scam that has emerged is the “Digital Arrest” scam:

• Victims receive video calls from people posing as police or cybercrime officials.
• They’re shown fake arrest warrants and threatened with legal action.
• The scammer then demands a payment to settle the matter “urgently.”

This manipulative scam preys on fear and confusion and is becoming increasingly common with advances in deepfake and AI-generated visuals.

Understanding Cyber Threats: Phishing, Smishing & Vishing

1. Phishing:

Impersonating banks or officials through email to trick victims into clicking malicious links or revealing login credentials.

2. Smishing:

Scam text messages often appearing to come from legitimate institutions like Aadhaar or PayTM, urging users to click unsafe links.

3. Vishing:

Fraudulent phone calls where scammers pose as bank officials, convincing victims to share sensitive data like OTPs.

Whale Phishing

This is a more targeted attack focused on senior executives or individuals with financial authority within organisations.

Emerging Threat: FatBoyPanel Banking Trojan

A dangerous mobile-first banking trojan affecting Indian users:

• Discovered in over 900 apps.
• Delivered via WhatsApp messages under the guise of trusted authorities.
• Disguised as a legitimate app (malicious APK).
• Once installed, it steals OTPs, banking credentials, and performs unauthorised transactions.

How Will ‘.bank.in’ Domain Improve Security?

The ‘.bank.in’ domain serves as a verified digital identity for Indian banks. Key advantages include:

1. Reduced Cybersecurity Risks: Exclusive access to verified banks prevents impersonation and fraud.
2. Boosts Customer Confidence: Easy identification of legitimate websites.
3. Improves Financial Stability: Strengthens the security framework of India’s digital finance ecosystem.
4. Regulatory Oversight: Managed under Indian authorities with strict registration rules.

Who Is Managing This Domain?

The rollout of ‘.bank.in’ is being executed by:

🔹 IDRBT (Institute for Development and Research in Banking Technology):

• A premier institute founded by RBI for banking technology research and implementation.
• Appointed as the exclusive registrar for the ‘.bank.in’ domain.

🔹 NIXI (National Internet Exchange of India):

• A non-profit organisation under the Ministry of Electronics and Information Technology (MeitY).
• Supports internet infrastructure, routing, and domestic data exchange within India.
• Ensures better quality of service and reduces reliance on international routing.

What Is a ccTLD?

• ccTLD stands for Country Code Top-Level Domain.
• The ‘.in’ is India’s ccTLD and reflects the country’s digital sovereignty.
• Examples: www.india.gov.in, www.meity.gov.in.

Final Word: A Much-Needed Security Layer

The RBI’s decision to implement the ‘.bank.in’ domain is a strategic step in digital governance and consumer protection. As India moves towards a cashless and digital-first economy, safeguarding users’ trust becomes crucial.

This new domain will:

• Build consumer trust,
• Prevent identity spoofing, and
• Serve as a symbol of credible and secure digital banking.

This article is brought to you by Jokta Academy, the best coaching institute in Chandigarh for UPSC, HPPSC, and competitive exams — where excellence in education meets expert guidance to help you achieve your goals.