Its our.in | India's Pride
In a significant move to combat online banking fraud and solidify digital trust, the Reserve Bank of India (RBI) didn’t just ask banks to be more secure – it mandated a complete domain overhaul.
The directive was clear: leave .com or other extensions behind and move to the highly secure, verified .bank.in namespace.
This transition, which concluded in late 2025, represents a landmark shift in the Indian digital landscape. Here is the story of how the mandate unfolded and how every major bank in India, from State Bank of India to HSBC, successfully complied.
The Starting Gun: The RBI Mandate
The regulatory journey began with a definitive announcement:
| Regulation Issued By | Directive Date | Mandated Extension | Compliance Deadline |
|---|---|---|---|
| Reserve Bank of India (RBI) | April 22, 2025 | .bank.in | October 31, 2025 |
The goal was simple but ambitious: create a “walled garden” for genuine banking services. The .bank.in extension is a “restricted domain,” meaning only RBI-authorized and verified institutions can register a name there. This instantly eliminates a significant percentage of phishing sites and fraudsters who rely on confusing domain names like hdfc-banking.com or citi-secure-login.net.
Step-by-Step: The Bank Compliance Journey
The six-month compliance window saw banks across the spectrum, private, and foreign working overtime to transition their entire digital infrastructure. Here is how they did it:
Step 1: Verification and Registration (May-June 2025)
The initial phase involved the crucial step of proving identity.
- Action: Banks submitted extensive documentation to the IDRBT (Institute for Development and Research in Banking Technology), the authorized entity managing the
.bank.inregistry. - Outcome: Upon verification, each bank secured its primary domain, ensuring brand integrity (e.g.,
hsbc.bank.in,icici.bank.in).
Step 2: Technical Migration and Infrastructure Overhaul (July-September 2025)
This was the heavy lifting phase, moving all online services to the new address.
- Action: IT teams updated thousands of internal links, reconfigured email servers, and deployed mandatory security certificates (HTTPS) across the board. Every subdomain, API endpoint, and customer login portal had to be mapped to the new, secure environment.
- Outcome: Backend systems were hardened, making the new domains security-first by design.
Step 3: The Customer Communication Blitz (October 2025)
The biggest challenge was the user, not the technology.
- Action: Banks launched massive public awareness campaigns via email, SMS, mobile app notifications, and traditional advertising. They educated customers on the new “look” of a safe website and warned against the old, now deprecated,
.comaddresses. - Outcome: Customer awareness surged, minimizing confusion during the final switchover.
Step 4: Final Cutover and Deprecation (October 31, 2025)
The deadline arrived, and the old sites were officially retired.
- Action: On the stroke of the deadline, all traffic from previous domains like
hsbc.co.inoronlinesbi.comwas permanently redirected to their new, secure.bank.incounterparts. - Outcome: The Indian banking sector officially completed its digital migration, creating one of the world’s most secure national banking ecosystems.
The New Reality of Trust
The 2025 migration was a success story of regulatory vision meeting industry execution
Today, if you see a website ending in .bank.in in India, you have a verified guarantee of its authenticity. This mandate has fundamentally changed how digital trust is established, setting a high bar for cybersecurity standards globally and signaling a bullish future for the .in ecosystem as a whole.
