Call: 8948143948 WhatsApp
Back to Knowledge Hub Cyber Crime

Victim of Online Fraud? Here's Exactly What to Do Under IT Act 2000

Realizing you have fallen victim to online fraud is an incredibly stressful experience, but panicking will only cost you precious time. In the digital age, speed is your greatest weapon. The Indian legal framework—primarily driven by the Information Technology (IT) Act, 2000, and supported by the newly implemented Bharatiya Nyaya Sanhita (BNS)—provides specific, actionable remedies to freeze stolen funds and penalize cybercriminals.

Here is the exact, step-by-step legal blueprint you must follow to report online fraud and protect your rights in India.

1 The "Golden Hour" Protocol

⏱️

Act Within the First Hour

In cyber forensics, the first hour after money is deducted is known as the "Golden Hour." The faster you report the crime, the higher the probability that law enforcement can instruct intermediary banks to freeze the funds before the scammers siphon them out through crypto or untraceable accounts.

1
Immediate — Financial Loss

Dial 1930 Now

📞 1930

If the fraud involves a financial loss (UPI, credit card, bank transfer), call 1930 immediately. This connects you to the Citizen Financial Cyber Fraud Reporting and Management System. Providing your transaction details can trigger an immediate alert to the banks involved to freeze the suspect's accounts.

2
Within 24 Hours

Register on NCRP — cybercrime.gov.in

Visit cybercrime.gov.in and click "Report Financial Fraud." You will need: exact transaction details, screenshots of chats or SMS alerts, and the suspected phone numbers or URLs. This generates a formal complaint reference number — keep it safe for all future follow-ups.

3
Triggering RBI Protection

Notify Your Bank in Writing

Contact your bank's fraud department and forward your 1930 complaint number. Under RBI guidelines, if you report unauthorized transactions within 3 working days, your liability is capped, and the bank must compensate you for the stolen amount.

4
Critical — Do Not Delete

Preserve All Digital Evidence

Do not delete the scammer's messages, call logs, or emails. Under Section 63 of the Bharatiya Sakshya Adhiniyam (BSA)—which replaced the Indian Evidence Act—electronic records are primary evidence. Take screenshots and back them up to a cloud drive immediately.

5
For Losses Above ₹10 Lakh

Convert to an e-FIR

If your loss is substantial or requires deep investigation, your NCRP complaint will be converted into an FIR under Section 173 of the BNSS by the jurisdictional cyber cell. You may be called to the station to physically sign the FIR within three days of its digital generation.

2 Your Rights Under the IT Act, 2000

When you file your complaint, the cyber police will register the case under specific sections of the IT Act, often paired with cheating provisions of the BNS. Knowing these sections helps you understand the gravity of the charges being pressed on your behalf:

The Crime The Law What It Covers
Identity Theft Section 66C, IT Act Using your password, PIN, or digital signature to steal funds. Punishable by up to 3 years imprisonment.
Phishing / Spoofing Section 66D, IT Act Cheating by impersonating a legitimate entity (e.g., fake bank emails, fraudulent UPI handles).
Data Theft & Hacking Sections 43 & 66, IT Act Gaining unauthorized access to your computer or banking network. Civil remedy + criminal prosecution.
Organised Cyber Crime Section 111, BNS Groups running coordinated scam call centers or syndicate fraud. Attracts severe organized crime penalties.

🌐 Extra-Territorial Jurisdiction — Section 75, IT Act

The IT Act operates beyond India's borders. Even if the scammer is operating from outside India, they can still be prosecuted under Indian law if the crime targeted a computer system or network located within India. This is a powerful tool against international cyber fraud networks.

3 If the Police Refuse to Register Your Case

While the digital portals have made reporting seamless, local police stations sometimes hesitate to register complex cyber cases. If your local station refuses to convert a valid complaint into an FIR, you have a clear legal escalation path:

🏠

Step 1: Local Police Station

File your written complaint in person. If refused, obtain a written refusal note (or document the refusal with witnesses).

📮

Step 2: Superintendent / DCP of Police

Send your written complaint directly to the SP or Deputy Commissioner of Police (DCP) of your district via Registered Post with Acknowledgment Due. They are legally obliged to take cognizance.

⚖️

Step 3: Jurisdictional Magistrate — Section 175, BNSS

If the SP does not act, you have the right to file a complaint directly with the Magistrate under Section 175 of the BNSS, who can legally order the police to investigate the matter. The court can direct registration of an FIR.

⚠️ Do Not Delete Evidence Before Going to Court

Courts handling cyber cases need digital evidence intact. Deleting, overwriting, or factory resetting your device before evidence is documented by a forensic expert can permanently destroy your case and lose you any chance of recovery.

4 RBI Zero-Liability Protection (Updated June 2026)

The Reserve Bank of India (RBI) operates on a strict framework designed to protect customers from bearing the financial brunt of digital fraud. In June 2026, the RBI significantly updated these rules under the "Responsible Business Conduct" directions, expanding protections and introducing a new compensation mechanism.

When Does Zero Liability Apply?

0
Liability

Bank Negligence

If the fraud happened due to a deficiency, security breach, or system malfunction on the bank's end, you are fully protected — regardless of when you report.

5
Calendar Days

Third-Party Breach

If the fault lies with a payment gateway or telecom provider (not you, not the bank), report within 5 days of the transaction for full zero liability.

45
Calendar Days Max

Bank Investigation Window

Banks must resolve domestic fraudulent transactions within 45 days. Cross-border transactions get 60 days.

₹50K
Loss Threshold

2026 Small-Value Compensation

Losses up to ₹50,000 may qualify for compensation of 85% of net loss or ₹25,000 — whichever is lower.

Liability Rules: What If It Was Your Fault?

ScenarioYour LiabilityAfter Reporting?
Bank's security failure Zero Liability Fully covered immediately, no reporting deadline.
Third-party breach, reported within 5 days Zero Liability Bank absorbs the full loss.
You shared OTP/PIN (customer negligence) Full Loss Until Reported Transactions after you notify the bank are fully covered.
Shared credentials; delayed reporting (7+ days) Full Loss Bank may bear only partial liability at its discretion.

5 The 2026 Small-Value Compensation Rule

A major addition to the June 2026 RBI framework is a safety net specifically for victims of smaller digital frauds. If you suffer a gross loss of up to ₹50,000, you may be eligible for the following:

2026 RBI Small-Value Fraud Compensation

Eligibility Threshold
≤ ₹50,000
Compensation Rate
85% of net loss
Maximum Compensation
₹25,000
Reporting Deadline
Within 5 calendar days

✅ Mandatory Reporting Channels

To qualify, you must report to both your bank and either the NCRP portal (cybercrime.gov.in) or the 1930 helpline within five calendar days of the unauthorized transaction.

6 How to Claim Your Money Back — Step by Step

To activate your protections and secure a refund under the RBI guidelines, you must act swiftly and follow this exact sequence:

1
Mandatory First Step

Call 1930 & Register on NCRP

Call the National Cyber Crime Helpline at 1930 and register a formal complaint on cybercrime.gov.in. This is a mandatory prerequisite for claiming compensation under the 2026 updated rules. Save your complaint reference number.

2
Critical — 5-Day Window

Notify Your Bank in Writing

Contact your bank's fraud reporting channel (mandated to be available 24/7) and report the unauthorized transaction. Provide your NCRP complaint number. Doing this within five calendar days triggers your zero-liability protection for third-party breach scenarios.

3
Credit Card Fraud Specific

Request a Shadow Reversal

If the fraud occurred on a credit card, the bank is legally required to provide a "shadow reversal" (a temporary credit of the disputed amount) within five calendar days of receiving your notification. This ensures you don't pay the fraudulent amount while the investigation is ongoing.

4
Investigation Phase

Monitor the Bank's Investigation

The bank must investigate and determine liability—with the burden of proving customer negligence lying entirely on them. The bank has a maximum of 45 calendar days (domestic) or 60 days (cross-border) to resolve the case. Once your eligibility is confirmed, the temporary credit becomes final.