IDRBT set to pilot bank.in domain move for banks from Feb 24, rollout in Apr
Hyderabad: As the Reserve Bank of India (RBI) gears up to roll out the new ‘bank.in’ domain for banks this April, most of the action is happening at Hyderabad’s Institute for Development and Research in Banking Technology (IDRBT). The institute is preparing to don the mantle of the sole domain registrar not only of bank.in but also the proposed ‘fin.in’ domain for non-banking financial companies and other financial sector participants.
IDRBT director Dr Deepak Kumar told TOI recently that the institute, established by RBI in 1996, is all set to kick off a two-week pilot of the initiative aimed at preventing banking fraud next week.
“We have already received approval from the National Internet Exchange of India (NIXI) to roll out bank.in and fin.in,” said Kumar. “We’ll begin testing for bank.in from Feb 24. The pilot phase will run till around March 7 with about 20 key banks. Based on feedback, we’ll fine-tune the application. We aim to be ready for launch by the last week of March, with the official rollout planned for April, coinciding with RBI’s establishment anniversary.”
He said the new domain will enhance customer trust and security. “Currently, banks and financial institutions operate under generic domains such as .com, .in and .co.in which makes it easy for fraudsters to create deceptive lookalike websites. Customers often struggle to verify authentic banking URLs. With bank.in, customers can be confident they’re accessing legitimate banking websites. It will significantly reduce the risk of phishing and spoofing attacks.”
According to him, the change won’t impact banks. “Any URL is the address to access the required resources for net banking. It’s just like changing the address on an envelope to put it simply,” he said, adding that the target is to complete the primary transition to bank.in within three months.
“IDRBT has completed the development of the required application and system for the operation of registering the domain name and maintaining it by adopting best practices. Other allied and associated migration may depend on the architecture of banks’ IT systems.”
Pointing out that bank.in will reduce dependency on overseas service providers for DNS resolution, Kumar said the need for Atmanirbharta was felt after the events of Feb 24, 2022, when the Russia-Ukraine war began, and the financial infrastructure was weaponised globally.
“Currently internet traffic for banking depends on international DNS resolvers. By shifting to NIXI name servers for DNS resolution we can strengthen our control over DNS security while ensuring lower latency and higher availability.” He said the main USP of the bank.in registration process is the use of PKI (public key infrastructure) digital certificates for authentication and authorisation of the registering bank and its authorised officials.
“Banks will need PKI digital certificates and hardware dongles for registration. Each bank will have to nominate between two and four authorised officials who will receive the PKI digital certificates. For larger banks like SBI, HDFC, or ICICI, we can accommodate more officials if required.”
He said the key differentiator is the mandatory PKI Digital certificate requirement, which complies with the IT Act and Indian Evidence Act guidelines. “Without the digital dongle, nobody can register. This ensures only bank board-authorized persons can register URLs and provide technical details like name servers, web servers, and IP addresses,” he explained.
On what the migration costs for banks will be, he said: “We’re ensuring this remains very economical for banks. India has a track record of providing cost-effective financial infrastructure solutions, as demonstrated by our 24x7x365 NEFT/RTGS systems, which is unique globally.”
Kumar pointed out that in future IDRBT will also helm the fin.in domain for other non-banking financial entities that will cover RBI-regulated entities like NBFCs, full-fledged money changers (FFMCs), and other financial institutions regulated by SEBI, IRDA, PFRDA, and NHB. “However, the timeline and process for their migration will be decided by the Union finance ministry,” he said.
CURBING FRAUD
Around 500 banks providing digital services must migrate to the new domain
This includes all private and public sector banks, urban co-op banks and foreign banks
Preliminary discussions about the shift started with about 400 participants in Jan
IDRBT will also maintain domain registration infrastructure
The institute will serve both as certifying authority and as the technical backbone. It will manage the infrastructure, issue digital certificates, and ensure continuous security updates
IDRBT director Dr Deepak Kumar told TOI recently that the institute, established by RBI in 1996, is all set to kick off a two-week pilot of the initiative aimed at preventing banking fraud next week.
“We have already received approval from the National Internet Exchange of India (NIXI) to roll out bank.in and fin.in,” said Kumar. “We’ll begin testing for bank.in from Feb 24. The pilot phase will run till around March 7 with about 20 key banks. Based on feedback, we’ll fine-tune the application. We aim to be ready for launch by the last week of March, with the official rollout planned for April, coinciding with RBI’s establishment anniversary.”
He said the new domain will enhance customer trust and security. “Currently, banks and financial institutions operate under generic domains such as .com, .in and .co.in which makes it easy for fraudsters to create deceptive lookalike websites. Customers often struggle to verify authentic banking URLs. With bank.in, customers can be confident they’re accessing legitimate banking websites. It will significantly reduce the risk of phishing and spoofing attacks.”
According to him, the change won’t impact banks. “Any URL is the address to access the required resources for net banking. It’s just like changing the address on an envelope to put it simply,” he said, adding that the target is to complete the primary transition to bank.in within three months.
“IDRBT has completed the development of the required application and system for the operation of registering the domain name and maintaining it by adopting best practices. Other allied and associated migration may depend on the architecture of banks’ IT systems.”
Pointing out that bank.in will reduce dependency on overseas service providers for DNS resolution, Kumar said the need for Atmanirbharta was felt after the events of Feb 24, 2022, when the Russia-Ukraine war began, and the financial infrastructure was weaponised globally.
“Currently internet traffic for banking depends on international DNS resolvers. By shifting to NIXI name servers for DNS resolution we can strengthen our control over DNS security while ensuring lower latency and higher availability.” He said the main USP of the bank.in registration process is the use of PKI (public key infrastructure) digital certificates for authentication and authorisation of the registering bank and its authorised officials.
“Banks will need PKI digital certificates and hardware dongles for registration. Each bank will have to nominate between two and four authorised officials who will receive the PKI digital certificates. For larger banks like SBI, HDFC, or ICICI, we can accommodate more officials if required.”
He said the key differentiator is the mandatory PKI Digital certificate requirement, which complies with the IT Act and Indian Evidence Act guidelines. “Without the digital dongle, nobody can register. This ensures only bank board-authorized persons can register URLs and provide technical details like name servers, web servers, and IP addresses,” he explained.
On what the migration costs for banks will be, he said: “We’re ensuring this remains very economical for banks. India has a track record of providing cost-effective financial infrastructure solutions, as demonstrated by our 24x7x365 NEFT/RTGS systems, which is unique globally.”
Kumar pointed out that in future IDRBT will also helm the fin.in domain for other non-banking financial entities that will cover RBI-regulated entities like NBFCs, full-fledged money changers (FFMCs), and other financial institutions regulated by SEBI, IRDA, PFRDA, and NHB. “However, the timeline and process for their migration will be decided by the Union finance ministry,” he said.
CURBING FRAUD
Around 500 banks providing digital services must migrate to the new domain
This includes all private and public sector banks, urban co-op banks and foreign banks
Preliminary discussions about the shift started with about 400 participants in Jan
IDRBT will also maintain domain registration infrastructure
The institute will serve both as certifying authority and as the technical backbone. It will manage the infrastructure, issue digital certificates, and ensure continuous security updates
