A 47-year-old schoolteacher in T. Nagar, Chennai, received a call at 8:42 on a Tuesday morning. The voice said it was from her bank's "fraud monitoring cell." There was a suspicious transaction on her account- ₹26,000 to a Bengaluru number. The voice was calm, professional, named her bank correctly, named the branch correctly.
To "block the fraud," she was asked to share an OTP that would arrive in the next 30 seconds. The OTP came. She read it out. The call ended politely.
In the next four minutes, ₹1,42,000 left her savings account in three transactions to three different UPI handles. By the time she dialled her bank back at 8:51, the money was gone.
What followed in the next 50 minutes — and the next 24 hours — determined how much of the loss could be recovered, and under what legal framework. This is that playbook. Every minute matters.
The first hour: the actions that determine recovery
Speed multiplies your odds. Under the legal framework (set out in the next section), the formal liability protection itself is calibrated by how quickly you report. The first hour matters most.
Minute 0 to 15 — Call the bank and dial 1930.
If your bank's app has an account-freeze option, use it immediately. Then make two phone calls in parallel.
Your bank's customer-care number. Tell them — "I am a fraud victim. Please freeze my account, freeze the cards, and reverse / hold the recent UPI transactions. I am calling from the registered mobile number."
1930 — the National Cybercrime Helpline (Government of India). The operator will take your details, register an incident, and trigger the lien-marking process on the receiving accounts.
Minute 15 to 60 — File at cybercrime.gov.in.
Open the National Cyber Crime Reporting Portal (cybercrime.gov.in) and file a financial-fraud complaint. The portal accepts complaints in English and Tamil and is paired with the 1930 helpline. You will receive an acknowledgement number — this is the document the bank's fraud team needs from you.
What to have ready - transaction details (amount, time, receiver UPI ID or account number), your registered mobile number, screenshots of the messages, your bank account number.
The legal framework: RBI's 2017 Customer Protection circular
The Reserve Bank of India's circular "Customer Protection — Limiting Liability of Customers in Unauthorised Electronic Banking Transactions" dated 6 July 2017 (Notification Reference RBI/2017-18/15) sets out a time-graded liability framework that every banking customer should understand.
The framework, in plain English:
Reported within 3 working days from receiving the bank's communication — zero customer liability, provided the unauthorised transaction is not the result of customer negligence. The bank credits the full amount back to the account, within 10 working days from notification, while its investigation continues.
Reported between 4 and 7 working days — limited liability, capped at ₹5,000 / ₹10,000 / ₹25,000 depending on the account type (small / regular / current).
Reported after 7 working days — liability is per the bank's Board-approved customer-protection policy.
In all cases, the bank is required to resolve or determine liability within 90 working days.
The trigger is the date of your written report to the bank, not the date of the fraud. The 1930 complaint and the cybercrime.gov.in acknowledgement become evidence of timely reporting; the formal written intimation to the bank's grievance officer within the same window is the legal report of record.
The first 24 hours — three actions that build the case
Once the immediate alerts are out, the next 24 hours are about documentation.
1. Write to your bank's nodal grievance officer — in writing.
Email is fine. Subject — "Unauthorised UPI transaction on [date / time] — request for reversal and reimbursement under RBI Customer Protection Circular RBI/2017-18/15." Attach the 1930 complaint reference, the cybercrime.gov.in acknowledgement number, your screenshots, and a statement of facts in your own words.
Keep a copy. The 90-day clock for the bank's resolution starts on the day this email is sent. The RBI Integrated Ombudsman accepts this as the document of record if the bank does not resolve within the 90-day window.
2. File a local police complaint, even after 1930.
The 1930 / cybercrime.gov.in complaint is a national system, and it is what banks and telecom companies respond to fastest. The local police FIR — filed at the cyber-crime cell or the nearest police station — adds investigative weight, especially if the fraud crosses ₹50,000 or involves identity theft. In Tamil Nadu, the State Cyber Crime Wing operates dedicated cells across major cities.
3. Lock down the rest of the surface.
Change your UPI PIN. Reset internet-banking and mobile-banking passwords. Revoke device access on the bank app. If the fraud started with a phone call, the attacker may have other details — block the SIM with the telecom company if you suspect a SIM-swap (a sudden loss of signal followed by unauthorised transactions is the classic pattern). Lock your Aadhaar biometric on the UIDAI portal — this is free, takes 30 seconds, and prevents subsequent biometric-based account openings in your name.
What the bank will likely say (and what to say back)
Two common bank responses in the first 48 hours.
"You shared the OTP — that's customer negligence." The bank often opens with this. The 2017 circular is explicit — even where customer negligence is alleged, the bank is required to prove it, and the limited-liability framework still applies. Cite the circular by name in your written reply. The ₹5,000–₹25,000 cap on customer liability, where it applies, exists precisely for OTP-shared cases reported within the window.
"The receiving account holds no funds — recovery is not possible." Often partially the easy answer. Insist that the bank file the lien with the receiving bank and trigger the chargeback through the NPCI dispute mechanism. Partial recovery, where it happens, depends on how quickly the lien is marked — which is why the first hour matters.
The weeks that follow
Pull your credit report. From all four bureaus (CIBIL, Experian, Equifax, CRIF Highmark) after 30 days. If your KYC was compromised, fraudsters sometimes use it to open loan accounts. Dispute anything unfamiliar under the Credit Information Companies (Regulation) Act, 2005.
Follow up the bank in writing every 10 days. The 90-day clock is a maximum, not a target. Quiet files get forgotten.
If the bank rejects, escalate to the RBI Integrated Ombudsman. The portal is cms.rbi.org.in. Escalation can be filed after the bank's 30-day internal resolution window has lapsed or after their rejection — your paper trail becomes the case file.
Avoid the recovery scams that follow. Fraud victims are themselves a target list. Calls and messages offering to "recover your money for a fee" are themselves frauds. The official recovery process never asks for money upfront.
What rarely works
Calling the receiving bank directly. They have no obligation to talk to you.
Posting on social media tagging the bank. Sometimes generates a response; rarely changes the outcome.
Hiring a "cyber-recovery consultant" found via WhatsApp or Telegram. Almost always a second fraud.
The bottom line. RBI's Customer Protection circular gives you a window. The window is small. The minutes between the fraud and your first call to 1930 do more for your recovery than every later step combined. Save the number on every phone in the family today — by the time you actually need it, the calm of having it ready is the difference between a bad morning and a quietly broken family.
This article is for educational purposes only and does not constitute insurance, investment, legal or tax advice. Insurance product decisions in India are regulated by the IRDAI; please consult an IRDAI-registered insurance intermediary for product-specific guidance. For investment decisions, consult a SEBI-registered investment adviser. Statutes, circulars and scheme parameters referenced here are accurate as of June 2026 and may be amended later — always verify with the primary source before relying on a specific provision.
A 47-year-old schoolteacher in T. Nagar, Chennai, received a call at 8:42 on a Tuesday morning. The voice said it was from her bank's "fraud monitoring cell." There was a suspicious transaction on her account- ₹26,000 to a Bengaluru number. The voice was calm, professional, named her bank correctly, named the branch correctly.
To "block the fraud," she was asked to share an OTP that would arrive in the next 30 seconds. The OTP came. She read it out. The call ended politely.
In the next four minutes, ₹1,42,000 left her savings account in three transactions to three different UPI handles. By the time she dialled her bank back at 8:51, the money was gone.
What followed in the next 50 minutes — and the next 24 hours — determined how much of the loss could be recovered, and under what legal framework. This is that playbook. Every minute matters.
The first hour: the actions that determine recovery
Speed multiplies your odds. Under the legal framework (set out in the next section), the formal liability protection itself is calibrated by how quickly you report. The first hour matters most.
Minute 0 to 15 — Call the bank and dial 1930.
If your bank's app has an account-freeze option, use it immediately. Then make two phone calls in parallel.
Your bank's customer-care number. Tell them — "I am a fraud victim. Please freeze my account, freeze the cards, and reverse / hold the recent UPI transactions. I am calling from the registered mobile number."
1930 — the National Cybercrime Helpline (Government of India). The operator will take your details, register an incident, and trigger the lien-marking process on the receiving accounts.
Minute 15 to 60 — File at cybercrime.gov.in.
Open the National Cyber Crime Reporting Portal (cybercrime.gov.in) and file a financial-fraud complaint. The portal accepts complaints in English and Tamil and is paired with the 1930 helpline. You will receive an acknowledgement number — this is the document the bank's fraud team needs from you.
What to have ready - transaction details (amount, time, receiver UPI ID or account number), your registered mobile number, screenshots of the messages, your bank account number.
The legal framework: RBI's 2017 Customer Protection circular
The Reserve Bank of India's circular "Customer Protection — Limiting Liability of Customers in Unauthorised Electronic Banking Transactions" dated 6 July 2017 (Notification Reference RBI/2017-18/15) sets out a time-graded liability framework that every banking customer should understand.
The framework, in plain English:
Reported within 3 working days from receiving the bank's communication — zero customer liability, provided the unauthorised transaction is not the result of customer negligence. The bank credits the full amount back to the account, within 10 working days from notification, while its investigation continues.
Reported between 4 and 7 working days — limited liability, capped at ₹5,000 / ₹10,000 / ₹25,000 depending on the account type (small / regular / current).
Reported after 7 working days — liability is per the bank's Board-approved customer-protection policy.
In all cases, the bank is required to resolve or determine liability within 90 working days.
The trigger is the date of your written report to the bank, not the date of the fraud. The 1930 complaint and the cybercrime.gov.in acknowledgement become evidence of timely reporting; the formal written intimation to the bank's grievance officer within the same window is the legal report of record.
The first 24 hours — three actions that build the case
Once the immediate alerts are out, the next 24 hours are about documentation.
1. Write to your bank's nodal grievance officer — in writing.
Email is fine. Subject — "Unauthorised UPI transaction on [date / time] — request for reversal and reimbursement under RBI Customer Protection Circular RBI/2017-18/15." Attach the 1930 complaint reference, the cybercrime.gov.in acknowledgement number, your screenshots, and a statement of facts in your own words.
Keep a copy. The 90-day clock for the bank's resolution starts on the day this email is sent. The RBI Integrated Ombudsman accepts this as the document of record if the bank does not resolve within the 90-day window.
2. File a local police complaint, even after 1930.
The 1930 / cybercrime.gov.in complaint is a national system, and it is what banks and telecom companies respond to fastest. The local police FIR — filed at the cyber-crime cell or the nearest police station — adds investigative weight, especially if the fraud crosses ₹50,000 or involves identity theft. In Tamil Nadu, the State Cyber Crime Wing operates dedicated cells across major cities.
3. Lock down the rest of the surface.
Change your UPI PIN. Reset internet-banking and mobile-banking passwords. Revoke device access on the bank app. If the fraud started with a phone call, the attacker may have other details — block the SIM with the telecom company if you suspect a SIM-swap (a sudden loss of signal followed by unauthorised transactions is the classic pattern). Lock your Aadhaar biometric on the UIDAI portal — this is free, takes 30 seconds, and prevents subsequent biometric-based account openings in your name.
What the bank will likely say (and what to say back)
Two common bank responses in the first 48 hours.
"You shared the OTP — that's customer negligence." The bank often opens with this. The 2017 circular is explicit — even where customer negligence is alleged, the bank is required to prove it, and the limited-liability framework still applies. Cite the circular by name in your written reply. The ₹5,000–₹25,000 cap on customer liability, where it applies, exists precisely for OTP-shared cases reported within the window.
"The receiving account holds no funds — recovery is not possible." Often partially the easy answer. Insist that the bank file the lien with the receiving bank and trigger the chargeback through the NPCI dispute mechanism. Partial recovery, where it happens, depends on how quickly the lien is marked — which is why the first hour matters.
The weeks that follow
Pull your credit report. From all four bureaus (CIBIL, Experian, Equifax, CRIF Highmark) after 30 days. If your KYC was compromised, fraudsters sometimes use it to open loan accounts. Dispute anything unfamiliar under the Credit Information Companies (Regulation) Act, 2005.
Follow up the bank in writing every 10 days. The 90-day clock is a maximum, not a target. Quiet files get forgotten.
If the bank rejects, escalate to the RBI Integrated Ombudsman. The portal is cms.rbi.org.in. Escalation can be filed after the bank's 30-day internal resolution window has lapsed or after their rejection — your paper trail becomes the case file.
Avoid the recovery scams that follow. Fraud victims are themselves a target list. Calls and messages offering to "recover your money for a fee" are themselves frauds. The official recovery process never asks for money upfront.
What rarely works
Calling the receiving bank directly. They have no obligation to talk to you.
Posting on social media tagging the bank. Sometimes generates a response; rarely changes the outcome.
Hiring a "cyber-recovery consultant" found via WhatsApp or Telegram. Almost always a second fraud.
The bottom line. RBI's Customer Protection circular gives you a window. The window is small. The minutes between the fraud and your first call to 1930 do more for your recovery than every later step combined. Save the number on every phone in the family today — by the time you actually need it, the calm of having it ready is the difference between a bad morning and a quietly broken family.
This article is for educational purposes only and does not constitute insurance, investment, legal or tax advice. Insurance product decisions in India are regulated by the IRDAI; please consult an IRDAI-registered insurance intermediary for product-specific guidance. For investment decisions, consult a SEBI-registered investment adviser. Statutes, circulars and scheme parameters referenced here are accurate as of June 2026 and may be amended later — always verify with the primary source before relying on a specific provision.