Knowledge Nugget | ‘.bank.in’ domain for banks : What all you need to know for UPSC Exam

Why in the news?

To combat the increasing number of digital payment frauds, the Reserve Bank of India (RBI) has decided to operationalise the ‘. bank.in’ domain for banks. A domain name is used to find websites. It is a unique and easy-to-remember address to access websites on the internet.

Key Takeaways :

1. In February this year, the RBI announced the introduction of the ‘bank.in’, an exclusive internet domain for Indian banks. On Tuesday (22nd April), the regulator decided to operationalise the ‘. bank.in’ domain for banks.

“Increased instances of fraud in digital payments are a significant concern. To combat the same, the Reserve Bank of India (RBI) is introducing the ‘bank.in’ exclusive Internet Domain for Indian banks,” RBI Governor Sanjay Malhotra had said while announcing the February 2025 monetary policy.

2. The ‘.in’ is India’s Country Code Top Level domain (ccTLD), which is a two-letter string (eg: https://www.india.gov.in or) added at the end of a domain name. A ccTLD functions as more than just a string in a web address. It is considered a symbol of national identity on the global internet.

3. This exclusive internet domain for domestic banks will minimise cyber security threats and will help in strengthening trust in the country’s digital banking and payment services. 

4. With the migration to the new domain, all banks in the country will have ‘.bank.in’ as the domain name. Currently, banks are either using ‘.com’ or ‘.co.in’ as their domain name, which is more generic.

5. The RBI has given banks time till October 31, 2025 to migrate to ‘.bank.in’. Till the time banks fully migrate to the new internet domain, they are likely to have both ‘.bank.in’ and their old internet domains. So a customer can visit their respective bank’s website with the old internet domain, which will then redirect them to the bank’s website with the ‘.bank.in’ domain.

6. Notably, the operationalisation of the new internet domain name is through the Institute for Development and Research in Banking Technology (IDRBT), which has been authorised by the National Internet Exchange of India (NIXI), under the aegis of the Ministry of Electronics and Information Technology (MeitY), to serve as the exclusive registrar for this domain, the RBI said.

What are banking scams?

Banking scams or frauds involve criminals using deceptive tactics to steal money or sensitive information from victims. Fraudsters employ various methods, such as emails, text messages, phone calls, and fake websites, to trick individuals into divulging their financial details. Some common banking frauds are:

1. Phishing and spear-phishing: Scammers send fake emails or messages to trick victims into revealing sensitive information such as account details, credit card information, and PINs.

2. Synthetic identity fraud: Fraudsters combine real and fake information to create identities for securing loans or opening accounts, leveraging data breaches and AI to evade detection.

3. Mobile banking frauds: Cybercriminals hijack phone numbers to bypass two-factor authentication (2FA) and steal funds by exploiting carrier vulnerabilities.

4. Jumped deposits: Fraudsters make small deposits to gain victims’ trust before initiating fake refund requests that trick them into revealing their UPI PINs.

5. ATM skimming and card cloning: IoT devices are used to steal card data from ATMs or payment terminals, enabling fraudulent transactions or card duplication.

6. Government masquerader scams: Impostors pose as government officials to trick victims into sharing personal data or making fraudulent payments

BEYOND THE NUGGET: Understanding Phishing, Smishing, & Vishing attacks

The rapid digitalisation of financial services has brought convenience and efficiency, but it has also increased exposure to cyber threats and digital risks, which are getting sophisticated day by day. The surge in digital fraud is a matter of concern. Frauds present multiple challenges for the financial system in the form of reputational risk, operational risk, business risk and the erosion of customer confidence with financial stability implications. Thus, knowing about phishing, smishing, and other types of cyber attacks becomes crucial.

1. Phishing: A phishing attack is defined as the fraudulent practice of impersonating reputed and official names and identities through email, text messages, or phone calls to trick the victim into sharing personal sensitive information like banking and credit card details and login or identity information.

2. Smishing: Scam messages impersonate organisations like Aadhaar services or digital wallets, urging users to click on harmful links.

3. Vishing: Phone calls from fraudsters pretending to be officials, such as bank representatives, trick victims into revealing OTPs or account details.

Post Read Questions

(1)  The terms ‘WannaCry, Petya and EternalBlue’ sometimes mentioned in the news recently are related to (UPSC CSE 2018)

(a) Exoplanets

(b) Cryptocurrency

(c) Cyber attacks

(d) Mini satellites

(2) In India, it is legally mandatory for which of the following to report on cyber security incidents? (UPSC CSE 2017) 

1. Service providers 

2. Data centres 

3. Body corporate 

Select the correct answer using the code given below:

(a) 1 only 

(b) 1 and 2 only 

(c) 3 only 

(d) 1, 2 and 3 

(Sources: Migration to ‘.bank.in’ domain: How it will help reduce digital payments frauds, A look at digital banking scams, and how to stay safe, What is FatBoyPanel?)

Subscribe to our UPSC newsletter. Stay updated with the latest UPSC articles by joining our Telegram channel – Indian Express UPSC Hub, and follow us on Instagram and X.

🚨 Click Here to read the UPSC Essentials magazine for April 2025. Share your views and suggestions in the comment box or at Manas Srivastava 🚨