Credit Card Fraud in India: How to Protect Yourself and Claim Refund

Bottom Line: If you spot an unauthorized transaction on your credit card, report it to your bank within 3 days — RBI rules mean you pay ₹0. The longer you wait, the more liability shifts to you, so set up SMS/email alerts and check them daily.

Credit card fraud in India isn’t some distant threat that happens to “other people.” UPI scams dominate headlines, but credit card fraud is quietly surging — skimming at fuel stations, fake OTP calls pretending to be from SBI or HDFC, phishing links in SMS that look eerily real. The good news? Indian cardholders have strong legal protection under RBI guidelines. You just need to know the rules and act fast.

How Credit Card Fraud Actually Happens in India

Fraudsters aren’t just sitting in dark rooms hacking servers. Most credit card fraud in India is surprisingly low-tech.

Common Fraud Types

• Phishing (SMS/Email/WhatsApp): You get a message saying “Your HDFC card is blocked, click here to verify.” The link leads to a fake banking page that captures your card number, expiry, and CVV.
• Vishing (Phone Calls): Someone calls claiming to be from your bank’s “fraud department” and asks for your OTP to “cancel a suspicious transaction.” The moment you share that OTP, money leaves your account.
• Skimming: A tiny device attached to a POS machine or ATM copies your card’s magnetic stripe. Common at petrol pumps and smaller shops. Chip-based transactions are safer, but not all terminals read chips properly.
• SIM Swap Fraud: Fraudsters get a duplicate SIM issued for your number, intercept your OTPs, and make transactions. This is particularly dangerous because you lose all SMS-based verification.
• Card-Not-Present (CNP) Fraud: Your card details are stolen from a data breach and used for online purchases. International transactions on some cards don’t require OTP, making this easier for fraudsters.

Where Indians Are Most Vulnerable

Scenario	Risk Level	Why
Online shopping on unknown sites	High	Card details stored insecurely, no 2FA on some international sites
Swiping at petrol pumps	High	Card leaves your sight, skimming devices are common
Sharing OTP over phone	Very High	No legitimate bank employee will ever ask for your OTP
International transactions	Medium-High	Many international merchants skip OTP/3D Secure
Tap-and-pay under ₹5,000	Low	Contactless has built-in limits, but stolen cards can be tapped repeatedly

What to Do Immediately After a Fraudulent Transaction

Speed is everything. Here’s your exact playbook:

Step 1: Block Your Card (Within Minutes)

Open your bank’s app — HDFC, ICICI, SBI, Axis, all major banks let you instantly lock/block your card from the app. Don’t wait to call customer care. Block first, call later.

Step 2: Call Your Bank’s Fraud Helpline

Report the unauthorized transaction. Get a complaint reference number — write it down. You’ll need this for everything that follows.

Bank	Fraud Helpline Number
HDFC Bank	1800 258 6161
ICICI Bank	1800 200 3344
SBI Card	1860 180 1290
Axis Bank	1860 419 5555
Kotak Mahindra	1860 266 2666
IDFC First	1800 419 4332

Step 3: File a Written Complaint

Send an email to your bank’s grievance cell with transaction details, date, amount, and your complaint reference number. This creates a paper trail that matters if you need to escalate.

Step 4: File a Cyber Crime Complaint

Go to cybercrime.gov.in and file an online complaint, or call the national cybercrime helpline at 1930. This isn’t optional — it strengthens your refund claim significantly.

RBI’s Zero Liability Rule — Your Strongest Weapon

RBI’s 2017 circular on “Customer Protection — Limiting Liability” (updated and reinforced through 2026) is clear:

Your Liability Based on Reporting Time

When You Report	Your Maximum Liability
Within 3 working days	₹0 (Zero) — Bank bears full loss
Between 4-7 working days	₹10,000 (for cards with limit above ₹5 lakh)
After 7 working days	As per bank’s policy — could be the full amount

The critical detail: This zero liability applies when the fraud is due to a third-party breach — meaning you didn’t share your OTP or PIN voluntarily. If you handed your OTP to a caller pretending to be from HDFC, technically that’s “customer negligence” and banks can push back. In practice, if you file quickly and escalate, most banks still reverse the charges, but it gets messier.

How the Refund Process Works

1. Bank acknowledges your complaint within 48 hours (mandatory per RBI)
2. Bank investigates — they have 90 days to resolve the dispute
3. If the bank rules in your favour, the amount is credited back with a shadow credit (temporary reversal) within 10 working days of complaint
4. If unsatisfied with the bank’s response, escalate to the Banking Ombudsman via cms.rbi.org.in

How to Protect Yourself Going Forward

Forget generic advice like “be careful online.” Here’s what actually works:

• Turn on transaction alerts for every amount — not just above ₹500. Even a ₹1 test transaction is a red flag.
• Enable/disable international transactions from your bank app. Keep international turned off unless you’re actively travelling or buying from a foreign site.
• Set transaction limits — most banks let you set daily limits for online, POS, and ATM separately. Set them to your actual usage, not the maximum.
• Use virtual card numbers for online shopping — HDFC, Kotak, and several other banks offer this. The virtual number is single-use and can’t be reused by a fraudster.
• Never let your physical card out of sight — at restaurants, ask for a portable POS machine or go to the counter. This one habit eliminates skimming risk.
• Freeze your card when not in use — apps from ICICI, HDFC, and Axis let you toggle the card on/off in seconds.
• Register for RBI’s Sachet portal (sachet.rbi.org.in) to check if your bank is RBI-registered and to file complaints directly.

Related Guides on CardTrail

• Best Credit Cards for Travel from India — cards with built-in fraud protection and travel insurance
• Compare Credit Cards Side-by-Side — find cards with zero liability guarantees and virtual card features
• RBI Rules Every Cardholder Should Know — the complete guide to your rights as an Indian cardholder

Frequently Asked Questions

Will I get a full refund if someone uses my credit card without permission?

Yes — if you report the unauthorized transaction within 3 working days, RBI rules mandate zero liability. The bank must reverse the full amount. After 3 days, your liability increases, so report immediately.

Can the bank refuse my fraud claim?

Banks can push back if they determine “customer negligence” — for example, if you voluntarily shared your OTP or PIN. However, if the fraud happened due to a third-party breach (data leak, skimming, SIM swap), the bank cannot hold you liable if you reported within 3 days.

Should I file a police complaint for credit card fraud?

Yes. File an online complaint at cybercrime.gov.in or call 1930. While the bank handles your refund separately, a cyber crime complaint creates official documentation and helps if you need to escalate to the Banking Ombudsman.

How long does it take to get the refund?

RBI mandates a shadow credit (temporary reversal) within 10 working days of your complaint. The full investigation can take up to 90 days, but most banks resolve straightforward fraud cases within 30-45 days.

Is contactless (tap-and-pay) safe?

Relatively safe — contactless transactions in India are capped at ₹5,000 per tap with no PIN required. Above ₹5,000, PIN is mandatory. The risk is low but not zero: a stolen card can be tapped multiple times for amounts under ₹5,000 before you notice. Block your card immediately if lost.

Do I need credit card fraud insurance?

For most people, no. RBI’s zero liability rule already protects you if you report quickly. Fraud insurance (like CPP Wallet Care plans) adds a layer of convenience — they handle the paperwork and follow-up — but they’re not necessary if you’re comfortable dealing with your bank directly. Consider it only if you carry multiple cards and want a single point of contact for fraud resolution.