PEACE Legal Information India simplifies complex Indian laws into clear, practical guides for everyone. From workplace rights to traffic rules, cyber safety, and women’s rights, we empower you with accurate, easy-to-understand legal knowledge. Stay informed, protect your rights, and navigate the law with confidence.
Peace Legal Information: Making Law Simple for Every Citizen
Table of Contents Introduction — purpose & scope Why legal awareness matters Rights & Duties — equal and reciprocal Role of Police — how to cooperate Everyday laws to keep handy How to use the law to protect yourself Conclusion Introduction — purpose & scope Peace4.in brings plain-English legal information to every person living in or visiting India. This pinned page is a gateway: it explains the site's purpose, how to navigate topic clusters, and how the law can be used to prevent harm and resolve disputes through recognised legal channels. We focus only on Indian legal context and practical steps. Our aim is to increase legal literacy, encourage lawful behaviour, and support peaceful, constructive resolution of conflicts. ↑ Back to top Why legal awareness matters Legal knowledge empowers you to avoid common mistakes, make informed decisions, and acc...
Online Bank Fraud? Here’s What the Law Says and What to Do Immediately
Do you suspect that you are the victim of Online Bank Fraud? Here’s What the Law Says and What to Do Immediately
Online banking fraud is one of the fastest-growing cybercrimes in India. Whether through UPI scams, phishing links, or OTP theft, thousands of victims lose money every day. The good news is — Indian law and RBI guidelines offer strong protections, but only if you act quickly.
Phishing (Fake Emails or SMS Pretending to Be Your Bank) Phishing attacks are among the oldest and most widespread forms of banking fraud in India. Criminals use messages that appear to be from legitimate banks or financial institutions to trick people into sharing sensitive details.
Messages usually claim urgency such as “Your account will be blocked” or “KYC update required.”
Victims are directed to fake websites that closely resemble real bank portals.
Once login credentials or OTPs are entered, fraudsters gain direct access to the bank account.
RBI has repeatedly warned customers not to click on suspicious links and to use only official apps or websites.
UPI Scams (QR Codes and Fake “Receive Money” Requests) With UPI becoming the most popular payment method in India, scammers have adapted quickly. They manipulate users into authorizing money transfers without realizing it.
Fraudsters ask victims to scan a QR code, pretending it will allow them to receive money.
In reality, QR codes only work for sending money, leading to instant transfers to the fraudster.
A common trick is sending fake UPI “collect” requests while posing as a buyer or seller.
Victims, believing the request is genuine, end up approving a debit from their own account.
OTP Theft (Trick Calls or Messages Asking for Your OTP) One-time passwords (OTPs) are a key security layer, but many scams revolve around tricking users into sharing them.
Fraudsters impersonate bank staff, RBI officials, or customer care representatives.
They create urgency by claiming issues like account freezing, blocked cards, or pending refunds.
Victims are persuaded to share their OTP on call or by replying to a message.
Once the OTP is shared, criminals use it instantly to complete fraudulent transactions.
Important rule: banks and RBI never ask for your OTP.
Fake Banking Apps (Malicious Apps Stealing Your Data) Cybercriminals have developed fake mobile apps that mimic genuine banking applications. Many victims unknowingly download them.
These apps may appear on third-party app stores or be shared through malicious links.
They capture login details, card numbers, and personal data entered by the user.
Some apps even use screen overlay methods to record keystrokes in real time.
To stay safe, install apps only from trusted app stores and check the official developer name.
SIM Swap Fraud (Criminals Gain Control of Your Phone Number) This sophisticated fraud allows criminals to intercept all SMS alerts and OTPs linked to your number.
Fraudsters trick telecom operators into issuing a duplicate SIM in the victim’s name.
Once activated, the victim’s SIM card stops working, and all calls/SMS are diverted.
With control over OTPs, scammers can reset passwords and drain bank accounts.
Warning signs include sudden loss of network connectivity without reason.
Immediate steps: contact your mobile provider and bank at once if your SIM is deactivated.
When you realize that you have been a victim of online bank fraud, time becomes the most critical factor. The first 24 hours — and in some cases the first few minutes — can decide whether your money is recoverable or permanently lost. Acting quickly ensures that your bank, law enforcement, and the cyber authorities have the maximum chance of tracing and reversing the transaction.
Here are the essential steps you must take right away:
Call your bank’s toll-free fraud helpline (available 24x7 in most banks): Every bank in India has a dedicated helpline for reporting unauthorized transactions. Calling immediately allows the bank to block your account, disable online transactions, and begin the refund process as per RBI guidelines.
Inform your branch and request a freeze on further transactions: In addition to the helpline, contact your home branch. A written request (email or physical form) to freeze your account ensures that no further withdrawals or transfers take place while the investigation is pending.
Change your internet/mobile banking password and ATM PIN: Even if only one transaction was compromised, assume that your credentials are no longer safe. Update your login password, UPI PIN, debit card PIN, and any linked account passwords immediately.
File a complaint at the official National Cybercrime Reporting Portal (cybercrime.gov.in): Registering a complaint online creates a formal record of the incident with the Ministry of Home Affairs. This is important because it allows cyber police to begin tracing the fraudster and provides you with proof that you acted without delay.
Collect and save all possible evidence: Document everything related to the fraud. This includes the transaction ID, UTR number, SMS alerts, email confirmations, call recordings, and screenshots. These details will be critical for both your bank’s internal inquiry and any police investigation under the IT Act or IPC.
The Reserve Bank of India (RBI) has laid down clear and consumer-friendly rules to determine who bears the loss in case of unauthorized online banking transactions. These rules ensure that honest customers are protected, provided they act quickly and responsibly after detecting fraud.
Here’s how liability is decided:
If the fraud occurred without your fault and you report it within 3 working days: The bank is legally bound to refund the entire amount. You do not bear any financial loss.
If you report the fraud between 4 and 7 working days: Your liability is limited to a capped amount, which ranges between ₹5,000 and ₹25,000 depending on the type of account you hold (savings, current, or prepaid). The rest must be reimbursed by the bank.
If you report after 7 working days: In such cases, the bank has the discretion to decide your liability. You may be held fully responsible for the loss, unless the bank chooses to waive or reduce the liability.
RBI has made it clear that these rules are meant to encourage customers to act quickly and not delay reporting suspicious transactions.
Several provisions of Indian law directly address online banking fraud. These laws ensure that both cybercriminals and negligent institutions can be held accountable. Understanding the relevant sections can help victims know their rights and push for action.
Information Technology Act, Section 66C & 66D (Identity Theft and Cheating by Impersonation): Section 66C deals with the fraudulent or dishonest use of another person’s electronic signature, password, or any unique identification feature. Section 66D covers cheating by impersonation using computer resources. For example, if someone pretends to be a bank official online and tricks you into sharing your OTP, these sections apply. Punishment includes imprisonment of up to 3 years and a fine of up to ₹1 lakh.
Indian Penal Code, Section 420 (Cheating and Dishonestly Inducing Delivery of Property): This section is commonly applied in financial fraud cases. It criminalizes deceiving someone in order to unlawfully obtain money or property. In the context of online banking fraud, if a scammer tricks you into transferring funds under false pretenses, Section 420 can be invoked. The punishment may extend to 7 years of imprisonment and a fine.
Indian Penal Code, Section 406 (Criminal Breach of Trust): Section 406 applies when someone entrusted with property (or dominion over property) misuses it for personal gain. If a bank employee, intermediary, or trusted associate misappropriates your funds, this section can come into play. The punishment includes imprisonment of up to 3 years, or a fine, or both.
RBI Circulars (Legal Obligation of Banks to Compensate Timely Reports): Apart from statutory law, RBI issues binding circulars to all banks. As per these directives, banks are required to compensate victims of unauthorized transactions if they report within the prescribed time frame (generally 3 working days). Banks that fail to act swiftly or deny rightful claims may be held liable under both RBI regulations and consumer protection laws.
When you are a victim of online banking fraud, taking immediate legal action is critical. Filing complaints both with your bank and the cybercrime authorities ensures that recovery attempts start early and the offenders face legal consequences. Here is a structured approach:
Step 1: File a Complaint with Your Bank
Visit or call your bank branch immediately and inform them about the unauthorized transaction.
Submit a written complaint clearly mentioning the fraud details (date, time, transaction ID, and amount).
Demand a written acknowledgment or ticket number for your complaint. This acknowledgment is crucial evidence for further escalation.
Step 2: File an Online Complaint on the National Cybercrime Portal
Visit cybercrime.gov.in, the official Government of India portal for reporting cybercrimes.
Choose the category of crime (e.g., “Financial Fraud”) and fill in details such as transaction ID, account number, and screenshots.
Upload supporting documents (bank acknowledgment, SMS alerts, or suspicious emails).
You will receive a unique Complaint ID for tracking the progress of your case.
Step 3: Approach the Local Cyber Police Station
Carry a printed copy of your online complaint, along with your bank complaint acknowledgment.
Provide supporting documents such as ID proof, account statements, and screenshots of suspicious communication.
Ask the officer to register your case and guide you on further investigation steps.
Step 4: Request Registration of FIR under Relevant Laws
Politely insist that the police register a First Information Report (FIR) under the applicable sections of the Indian Penal Code (IPC) and the Information Technology Act.
Relevant sections may include:
IPC Section 420 – Cheating and fraud
IPC Section 406 – Criminal breach of trust
IT Act Section 66C & 66D – Identity theft and cheating by impersonation
An FIR is vital for initiating a full-fledged investigation and for pursuing recovery through legal channels.
Strong evidence is the backbone of any cybercrime investigation. The more accurate and detailed your documentation, the higher your chances of proving the fraud and recovering your money. Victims should immediately collect and preserve the following:
Bank Statement Showing Unauthorized Transaction
Download your latest account statement from internet banking or request it from your bank branch.
Highlight the specific disputed transaction(s).
Ensure the statement includes account details, transaction ID, and timestamps.
Transaction Reference Number / UTR (Unique Transaction Reference)
Every digital banking transaction — including UPI transfers, NEFT, RTGS, and IMPS — generates a unique UTR or reference number.
Note down and preserve this number, as it is critical for tracking the fraudulent transaction across banks.
Screenshots of Messages, Emails, or Calls
Capture screenshots of suspicious SMS alerts, phishing emails, fraudulent apps, or call logs from fraudsters.
If you received calls, note the caller’s number, time, and any statements made.
Preserve the original email headers (if available), as they can help investigators trace the sender.
Complaint Acknowledgment from Bank
Keep a physical or digital copy of the acknowledgment slip or ticket number given by your bank after reporting the fraud.
This document is proof that you acted promptly, which is important for RBI-mandated liability protection.
Police Complaint Number or FIR Copy
After filing a complaint with the cyber police station, you will be given a diary number or acknowledgment.
If an FIR is registered, obtain a certified copy.
This is a legal record that the crime has been officially reported, strengthening your case in court or with the RBI Ombudsman.
Legal Tip: Always store copies of all evidence in two formats — digital (scans, PDFs, photos) and physical (printouts). Cloud storage (Google Drive, OneDrive, iCloud) is recommended so that your evidence remains safe even if your phone or computer is compromised.
%20Act,%201970.jpeg)
