Noticed an unauthorized card transaction? Don’t panic, but don’t wait either.

First, block the card immediately using your bank’s official app, internet banking, the number printed on the back of your card, or the bank’s official website. Then call 1930, India’s National Cyber Crime Helpline, and report the fraud. Save every alert, screenshot, transaction ID, complaint number, and email connected to the case.

Try to report the transaction to your bank as soon as possible, ideally within 3 working days of receiving the alert.

This allblogs.in guide is for general banking safety awareness only. It is not legal, tax, investment, loan, or personal financial advice. Whether you get your money back depends on the facts, the bank’s investigation, RBI directions, and how quickly you reported the issue.

Quick answer

#

What should you do after an unauthorized card transaction in India?

Block the card, report it to your bank, call 1930, save proof, and keep all complaint IDs safely.

Important: Never share your OTP, PIN, CVV, password, card photo, UPI PIN, or screen-sharing access with anyone.

First, breathe. Then move fast.

#

Seeing an unknown charge on your card can feel awful. Maybe the amount is small. Maybe it is huge. Maybe it happened at midnight, or the merchant name looks completely unfamiliar.

Your first reaction may be to search the merchant, call a friend, or scroll through old orders. Don’t start there.

In the first 24 hours, your job is simple:

  1. Stop further misuse.
  2. Inform the bank.
  3. Report the fraud.
  4. Save proof.
  5. Get complaint numbers.
  6. Avoid falling into a second scam.

This matters because RBI has customer-liability rules for unauthorized electronic banking transactions. In simple words, faster reporting can help reduce your liability in eligible cases. But no article can promise a refund. The bank will look at the transaction, the timeline, the evidence, and whether sensitive details like OTP or PIN were shared.

First 24-hour checklist for an unauthorized card transaction

#

Step 1: First 15 minutes — block the card

#

Block the card before doing anything else.

Use only official channels, such as:

  • Your bank’s official mobile app
  • Internet banking
  • The card control, freeze, or “hotlist card” option
  • The customer care number printed on the back of your card
  • The bank or card issuer’s official website
  • Your known branch or official relationship manager channel

In some apps, you may see options like:

  • Block card
  • Freeze card
  • Temporary lock
  • Hotlist card
  • Block and replace

If the transaction is clearly unauthorized, use the strongest option available.

Do not search online for “bank customer care number” and call the first result. Fake bank helpline numbers are common, especially in search ads, social media comments, and random websites. Many people lose more money after calling a fake “support” number.

If you have multiple cards with the same bank, quickly identify which card was used. But don’t delay blocking the suspicious card while checking everything else.

Step 2: Next 15 minutes — call 1930

#

Call 1930, the National Cyber Crime Helpline, as soon as possible.

Keep these details ready:

  • Bank or card issuer name
  • Last four digits of the card, if needed and safe to share
  • Transaction amount
  • Date and time of transaction
  • Merchant name or descriptor shown in the SMS, app, or statement
  • Transaction ID or reference number, if available
  • Mobile number linked with your bank account

Calling 1930 does not guarantee recovery. Still, it is important because it creates a cyber fraud reporting trail and may help authorities act quickly where possible.

You can also report the matter on the National Cyber Crime Reporting Portal. But in the first few minutes, calling 1930 is usually the faster step.

Step 3: Within the first hour — complain to the bank properly

#

Blocking the card is not the same as filing a fraud complaint.

After blocking the card, contact your bank or card issuer and say clearly:

“I am reporting an unauthorized card transaction. I did not make or approve this transaction. Please register a complaint and give me the complaint reference number.”

Ask for:

  • Complaint number
  • Date and time of complaint registration
  • Name or ID of the support agent, if provided
  • Confirmation that the card is fully blocked
  • Whether a dispute form is required
  • Expected next step
  • Expected timeline for investigation

If the bank asks you to submit a form, email, branch letter, or dispute request, do it quickly. Keep a copy or screenshot for yourself.

For a debit card fraud complaint, the bank may ask for transaction details, screenshots, and a written complaint.

For a credit card dispute in India, the card issuer may ask you to raise a dispute through the app, website, email, call centre, or a dispute form.

Step 4: First 1–2 hours — save every bit of proof

#

Do not delete anything. Do not clear your SMS inbox. Do not remove app notifications. Do not depend on memory.

Later, small details can become important.

Save these immediately:

  • SMS alert showing the transaction
  • App notification screenshot
  • Email alert from the bank or card issuer
  • Statement screenshot showing the debit or charge
  • Transaction ID or reference number
  • Date and time of transaction
  • Amount
  • Merchant descriptor exactly as shown
  • Card type: debit or credit
  • Bank complaint ID
  • 1930 complaint or acknowledgement details
  • Any email sent to the bank
  • Any reply received from the bank

If your banking app does not allow screenshots, write down the details exactly as shown. If possible, download a statement PDF or save the email alert.

Make one folder on your phone or laptop for the case. Name it something simple, such as:

  • “Card Fraud HDFC 16 July”
  • “SBI Card Complaint 16 July”
  • “ICICI Debit Card Fraud”

Keeping everything in one place will save you a lot of stress later.

Step 5: Within 2–6 hours — check if anything else is at risk

#

Once the card is blocked and the complaint is registered, check whether anything else looks suspicious.

Look at:

  • Recent card transactions
  • Saved cards in shopping apps
  • Wallets linked to the card
  • UPI apps linked to the same bank account
  • Email inbox for password reset alerts
  • Bank login alerts
  • New beneficiary alerts
  • Profile change alerts
  • SIM or mobile number change alerts

Do not make ten changes in panic. But if you see signs that your email, phone, or banking login may be compromised, change passwords only through official apps or websites.

Also remove the blocked card from apps and websites where it was saved, especially platforms you rarely use.

Step 6: Within 6–24 hours — send a written complaint

#

Even if customer care has already registered your complaint, send a written complaint too.

Use your bank’s official email, secure message option, app support ticket, or branch submission process.

Include:

  • Your name
  • Registered mobile number
  • Last four digits of the card only
  • Account type, if relevant
  • Transaction amount
  • Date and time
  • Merchant descriptor
  • Transaction ID or reference number
  • A clear statement that you did not authorize the transaction
  • Time when you blocked the card
  • Bank complaint ID
  • 1930 reference details, if available

Do not send your full card number, CVV, PIN, OTP, password, or card photo.

If you visit the branch, carry ID proof and a written complaint. Ask for an acknowledged copy, either stamped or digitally confirmed.

Simple complaint format you can use

#

Subject: Unauthorized card transaction complaint — card blocked, request for dispute investigation

Dear [Bank/Card Issuer Name],

I am reporting an unauthorized transaction on my [debit/credit] card ending with [last four digits].

Transaction details:

Amount: ₹[amount]Date and time: [date/time]Merchant descriptor: [as shown in SMS/app/statement]Transaction ID/reference number: [if available]

I did not make, approve, or authorize this transaction.

I have blocked the card on [date/time] through [app/call/website/branch]. My bank complaint reference number is [bank complaint ID], if already generated.

I have also reported the matter through 1930. The reference number is [if available].

Please register this as an unauthorized transaction complaint/dispute, investigate it, confirm the card block status, and share the next steps in writing.

Regards,[Your name][Registered mobile number]

Debit card fraud vs credit card fraud

#

Unauthorized transactions are serious in both cases. But the immediate impact feels different.

Do not assume credit card fraud is “less urgent” just because money has not left your savings account directly. Report it quickly, block the card, and raise a dispute through official channels.

Proof to save, and what not to share

#

When people are scared, they sometimes share too much information. That can create fresh risk.

Save these

#

Save and submit only relevant proof:

  • SMS transaction alert
  • Bank app alert
  • Email alert
  • Statement screenshot
  • Transaction ID
  • Date and time
  • Amount
  • Merchant descriptor
  • Card type: debit or credit
  • Bank complaint ID
  • 1930 complaint or acknowledgement number
  • Copies of written complaints
  • Bank replies

Never share these

#

Do not share:

  • OTP
  • PIN
  • CVV
  • Full card number, unless your bank’s secure official process specifically requires card identification
  • Net banking password
  • Mobile banking password
  • UPI PIN
  • Card photo
  • Aadhaar image over unofficial channels
  • Screen-sharing access
  • Remote access app permission
  • SIM swap request codes
  • Any “refund approval OTP”

A real bank does not need your OTP, PIN, CVV, or password to block your card or register a fraud complaint.

If someone says, “Install this app so we can reverse the money,” stop immediately. That is a major warning sign.

How RBI customer-liability rules generally work

#

RBI has customer-liability rules for unauthorized electronic banking transactions. These rules are meant to protect customers in certain situations, especially when they report quickly.

Here is the broad idea in plain language.

1. Zero liability may apply in some cases

#

RBI’s framework provides for zero customer liability in situations such as:

  • Contributory fraud, negligence, or deficiency on the bank’s part
  • A third-party breach where the fault is neither with the bank nor the customer, and the customer informs the bank within the prescribed timeline

For third-party breach cases, quick reporting is very important. The commonly cited timeline is within 3 working days of receiving communication about the unauthorized transaction.

2. Limited liability may apply if reporting is delayed

#

If the customer reports after the zero-liability window but within the specified limited-liability period, liability may be capped depending on the account or card type and RBI’s framework.

For example, RBI’s 2017 customer protection framework includes maximum liability categories such as:

  • BSBD accounts: up to ₹5,000
  • Other savings accounts and certain eligible accounts/cards: up to ₹10,000
  • Certain higher-limit accounts and credit cards: up to ₹25,000

These are RBI framework figures. They are not a guarantee that every case will have the same result.

3. Customer negligence can change the result

#

If the loss happened because the customer shared sensitive payment credentials, such as PIN, password, OTP, or similar details, the customer may have to bear the loss until the bank is informed.

After the bank is informed, further unauthorized loss is generally treated differently under the applicable framework.

4. After 7 working days, bank policy becomes important

#

If reporting is delayed beyond the specified period, customer liability is generally decided according to the bank’s board-approved policy, within the applicable regulatory framework.

This is one reason the first 24 hours matter so much.

5. RBI’s 2026 amendment directions

#

RBI issued 2026 amendment directions for applicable electronic banking transactions, effective from July 1, 2026 for commercial banks. Customers should follow the latest process communicated by their own bank or card issuer.

The basic habit remains the same: act quickly, report properly, and preserve proof.

What not to do after an unknown card charge

#

Avoid these mistakes, even if you are anxious:

  • Do not call random helpline numbers found through search ads or social media comments.
  • Do not reply to suspicious SMS links.
  • Do not click “refund” links.
  • Do not share OTP to “cancel” a transaction.
  • Do not install remote access apps.
  • Do not delete transaction alerts.
  • Do not wait for the next statement cycle.
  • Do not assume the bank already knows unless you complain.
  • Do not post full transaction or card details publicly.
  • Do not trust anyone promising guaranteed recovery for a fee.

A scammer may contact you after the first fraud and pretend to be from the bank, police, RBI, or a recovery team. Stay with official channels only.

First 24-hour timeline

#

Final takeaway

#

If you notice an unauthorized card transaction, follow this order:

  1. Block the card.
  2. Call 1930.
  3. Report it to the bank.
  4. Save proof.
  5. Collect complaint IDs.
  6. Keep everything in writing where possible.

Fast reporting cannot promise a refund, but it gives you the strongest complaint trail and helps you stay within the general RBI-backed customer-liability framework for unauthorized electronic banking transactions.

Sources checked

#

RBI customer-protection guidance on limiting liability for unauthorized electronic banking transactions, RBI 2026 amendment directions on digital transaction liability, the National Cyber Crime reporting channel, and official consumer guidance on disputing unauthorized card or account transactions.