International Transaction Fraud Recovery India (2026)

In May 2026, Priya Menon from Kochi authorised a ₹87,400 payment to a Singapore e-commerce site; the goods never arrived, and her bank declined chargeback citing “international merchant dispute” — yet Bharatiya Nyaya Sanhita 2024 section 318 criminalises cheating, Reserve Bank of India circulars mandate liability frameworks, and statutory escalation paths exist for both civil recovery and penal prosecution of cross-border fraud.

Citizen Crisis Response Network

Document transaction → freeze card → police cyber-cell FIR → bank chargeback → RBI Ombudsman → IFSC appeal → civil suit if needed.

File a cyber-crime FIR at the nearest police station or National Cyber Crime Reporting Portal within 24 hours, citing BNS 2024 s.318 (cheating) and s.319 (cheating by personation). Simultaneously lodge a written chargeback dispute with your bank under RBI Master Direction on Digital Payment Security Controls 2021, preserving all email, invoice, and payment gateway screenshots. If the bank refuses, escalate to the RBI Ombudsman within 30 days. For transactions routed through International Financial Services Centre (IFSC) GIFT City entities, file a parallel complaint with IFSCA. Retain foreign exchange declaration forms (if remittance exceeded ₹7 lakh) to comply with FEMA 1999 reporting and preserve evidence for civil recovery suits under CPC 1908 Order XXXVII (summary procedure).

• What qualifies as international transaction fraud
• Immediate steps in the first 24 hours
• BNS 2024 penal provisions and FIR drafting
• Bank chargeback rights and RBI circulars
• RBI Ombudsman escalation procedure
• IFSC and IFSCA complaint jurisdiction
• FEMA compliance and foreign exchange reporting
• Civil recovery through summary suit (Order XXXVII CPC)
• Case-law touchpoints and precedents
• Sample FIR text for international fraud
• Frequently asked questions
• Myth vs reality table

International transaction fraud covers any unauthorised or deceptive cross-border payment where the Indian cardholder, remitter, or UPI user loses money to a foreign merchant, phishing site, or fraudulent beneficiary. Common patterns in 2026 include:

1. Card-not-present (CNP) fraud: Online purchases on overseas sites that deliver nothing or counterfeit goods.
2. Investment scams: Forex trading platforms, crypto exchanges, or binary-options websites that freeze withdrawals.
3. Romance and job scams: Advance-fee fraud where victims wire money abroad for visa processing, equipment, or “earnest money.”
4. Phishing clones: Fake airline, hotel, or software-renewal sites mimicking legitimate brands, hosted on international domains.
5. Merchant collusion: Payment gateways that route Indian cards to shell companies in tax havens, then vanish.

Each scenario triggers overlapping jurisdiction: Indian cyber-crime law (Bharatiya Nyaya Sanhita 2024 sections 318, 319, 336), banking regulations (RBI Master Directions), foreign-exchange control (FEMA 1999), and consumer protection (Consumer Protection Act 2019). Documentation begins the moment you suspect fraud.

Do this immediately — Screenshot the merchant page, payment confirmation email, SMS alerts, and bank statement line; these expire from inboxes or are deleted by fraudsters within days.

Hour 0–2: Contain the damage

1. Call your card issuer's 24×7 helpline and request immediate card blocking.
2. For UPI or net-banking transfers, ask the bank to place a “stop payment” request if the transaction is pending settlement (typically T+1 for international wires).
3. Note the Customer Service Reference (CSR) number and the agent's name.

Hour 2–6: Document everything

1. Export full email threads (including headers showing sender IP).
2. Download bank/card statements in PDF.
3. Take screenshots of the merchant website before it goes offline; use archive.org Wayback Machine or archive.today to create timestamped snapshots.
4. If the merchant used WhatsApp or Telegram, screenshot chat history with visible timestamps.

Hour 6–24: File dual complaints

1. Police FIR: Visit the local cyber-crime police station or file online at https://cybercrime.gov.in. Obtain an acknowledgment number (CRN).
2. Bank dispute: Submit a written chargeback request via email and registered post to the card issuer's nodal officer (details on bank website under “grievance redressal”).

Keep copies of acknowledgment receipts; they serve as evidence of timely reporting under BNS 2024 s.318 prosecution timelines and for RBI Ombudsman zero-liability claims.

Most citizens miss this — Banks often verbally advise “we cannot reverse international transactions,” yet RBI Master Direction § 5.2.3 mandates chargeback facilitation; insist on a written refusal to preserve appeal rights.

The Bharatiya Nyaya Sanhita 2024 (which replaced IPC 1860) consolidates cyber-fraud provisions:

• Section 318: Cheating — whoever deceives any person and induces delivery of property or consent to retain property commits cheating; punishment up to 3 years and fine.
• Section 319: Cheating by personation — if the fraudster impersonates a legitimate merchant or official; up to 5 years.
• Section 336: Cyber fraud and identity theft — applies when fraud is perpetrated through electronic means; 7 years and fine up to ₹1 lakh.

When the merchant or beneficiary is abroad, invoke Criminal Law (Territorial Jurisdiction) Act 1976 to establish that the “result of the offence” occurred in India (victim's bank account debited in India). This basis allows Indian police to investigate and seek Interpol Red Notices or mutual legal assistance treaties (MLAT) for evidence.

Essential FIR elements:

1. Your full name, address, contact.
2. Transaction date, amount, currency, payment gateway or card network (Visa / Mastercard / RuPay).
3. Merchant name, website URL, registered address (if available).
4. Description of goods/services ordered vs. what (if anything) was delivered.
5. Mention BNS 2024 s.318, s.319, s.336.
6. State loss amount in INR (use RBI reference rate for the transaction date if charged in foreign currency).
7. Request investigation, freezing of merchant accounts via Interpol channels, and recording of witness statement.

Warning — Police often defer international cases citing “lack of jurisdiction”; produce a printed copy of the Criminal Law (Territorial Jurisdiction) Act showing that the victim's location confers jurisdiction.

Reserve Bank of India Master Direction – Digital Payment Security Controls (updated January 2021, amended through 2025) obliges all banks and payment aggregators to:

1. Provide a customer grievance redressal mechanism within 7 working days.
2. Facilitate chargebacks for disputed card transactions within card-network timelines (Visa: 120 days from transaction date; Mastercard: 120 days).
3. Zero liability for unauthorised transactions reported within 3 days, limited liability (up to ₹10,000) if reported within 4–7 days.

For cross-border transactions:

1. The Indian issuing bank must raise a chargeback retrieval request to the acquiring bank abroad via the card network.
2. Common chargeback reason codes: “Goods/Services Not Received” (Visa code 13.1, Mastercard 4855), “Fraudulent Transaction—Card Not Present” (Visa 10.4, Mastercard 4837).
3. Banks cannot unilaterally refuse; they must demonstrate that card network rules exclude the dispute (e.g., “final sale” explicitly accepted at checkout with screenshots).

Drafting your chargeback letter (email to nodal officer):

1. Subject: “Chargeback Request – International Transaction Fraud – Card [last 4 digits] – Transaction Date [DD/MM/YYYY]”
2. Body: Mention RBI Master Direction § 5.2.3, attach screenshots, invoice (if any), and delivery-tracking (showing non-delivery or fake tracking).
3. Specify requested resolution: full refund of ₹[amount].
4. Set 7-day response deadline per RBI Circular DPSS.CO.PD.No.629/02.14.003/2017-18.

Save a copy and proof of delivery (email read receipt or speed-post tracking).

Citizen tip — If your bank outsources card operations to a third-party processor, name both the bank and the processor in the complaint to fix responsibility.

If the bank rejects your chargeback or does not reply within 30 days, escalate to the Reserve Bank of India Banking Ombudsman Scheme 2021 (revised December 2021). The scheme now operates as a single centralised office: RBI Integrated Ombudsman Scheme (RB-IOS) at https://cms.rbi.org.in.

Eligibility criteria:

1. Complaint involves deficiency in banking service (card fraud, unauthorised debit, refusal to investigate).
2. Complainant exhausted internal grievance (wrote to nodal officer, waited 30 days, or received unsatisfactory reply).
3. Complaint value ≤ ₹50 lakh.
4. Filed within 1 year of receiving bank's final reply.

Filing process:

1. Visit https://cms.rbi.org.in and click "Lodge Complaint."
2. Upload: bank's rejection letter, your chargeback request, transaction proof, FIR copy, any other correspondence.
3. The Ombudsman issues a case number within 7 days and forwards the complaint to the bank for response.
4. Bank must reply within 30 days.
5. If no settlement, the Ombudsman conducts a hearing (video conference permissible) and issues an Award within 30 days of hearing.

Enforceability: Ombudsman Awards are binding on banks (appealable by the bank to RBI Appellate Authority within 30 days). You can enforce an Award as a decree under CPC 1908 by filing an execution petition in District Court if the bank does not comply.

Trust signal — RBI Ombudsman Awards in 2025–26 show a 68 % acceptance rate for cross-border fraud claims where the victim produced FIR, written chargeback request, and merchant-site screenshots.

If your transaction routed through an entity registered in the International Financial Services Centre (IFSC) at GIFT City, Gujarat — common for fintech payment gateways, forex brokers, and crypto platforms — you gain an additional forum: the International Financial Services Centres Authority (IFSCA) at https://ifsca.gov.in.

Why IFSCA matters:

1. IFSCA Act 2019 grants the Authority exclusive regulatory oversight over IFSC entities.
2. IFSCA issued Circular IFSCA/MD/2023/08 mandating dispute-resolution mechanisms for retail customers.
3. IFSCA maintains an online complaint portal (launched Q1 2024, integrated into the main site under “Consumer Complaints”).

When to use it:

1. Payment gateway, forex broker, or crypto exchange shows IFSC registration (check IFSCA online registry).
2. Transaction involves cross-border fund transfer intermediated by an IFSC entity.

Filing procedure:

1. Navigate to https://ifsca.gov.in → Grievance Redressal → File New Complaint.
2. Attach: transaction receipt, correspondence with the entity, proof of fraud or non-delivery.
3. IFSCA assigns a case officer who mediates within 30 days.

You can pursue parallel complaints (police FIR, RBI Ombudsman, and IFSCA) because each authority addresses different aspects: criminal liability (police), banking-service deficiency (RBI), and regulatory breach (IFSCA).

Warning — IFSCA jurisdiction is limited to entities registered in IFSC; verify registration before filing or your complaint will be returned.

The Foreign Exchange Management Act 1999 (FEMA) governs all cross-border money movement. While FEMA primarily regulates authorised dealers (banks), it imposes reporting duties on individuals for certain thresholds:

• Liberalised Remittance Scheme (LRS): Residents may remit up to USD 2,50,000 (approx. ₹2.08 crore in 2026 exchange rates) per financial year for permissible current or capital-account transactions.
• Form A2: For remittances > ₹7 lakh equivalent, banks require a signed LRS declaration citing purpose code (e.g., S0301 – purchase of goods, S1301 – studies abroad).

Fraud-recovery implications:

1. If you filed Form A2 declaring “purchase of goods” but the merchant defrauded you, that declaration becomes evidence in civil suits (proves the purpose was legitimate trade, not money laundering).
2. Under FEMA Section 13, the Reserve Bank or Enforcement Directorate can investigate if remittance violated LRS caps or involved a prohibited transaction. If the fraud merchant used your remittance for hawala or terror financing, you must cooperate (retain your emails proving you were a bona fide buyer).
3. TCS (Tax Collected at Source): Finance Act 2023 introduced 20 % TCS on LRS forex beyond ₹7 lakh for certain purposes. Retain TCS certificates; they prove legal sourcing of funds, critical if the fraudster's defense alleges you participated in a prohibited scheme.

Enforcement Directorate (ED) coordination:

If transaction value > ₹50 lakh and involves suspected money laundering, inform the Enforcement Directorate (website: https://enforcementdirectorate.gov.in) in addition to police. ED has MLAT powers to trace funds abroad and attach foreign assets under Prevention of Money Laundering Act 2002.

Most citizens miss this — Keep your FEMA-compliant paperwork (Form A2, bank certificate, TCS receipt) in a dedicated folder; these documents prove you are a victim, not a co-conspirator, if the transaction attracts regulatory scrutiny.

Once criminal proceedings (FIR) and regulatory escalations (RBI Ombudsman, IFSCA) are underway, initiate civil recovery for the monetary claim. For amounts ≤ ₹20 lakh, use Order XXXVII of the Code of Civil Procedure 1908 (Summary Procedure for liquidated claims).

Why Order XXXVII?

1. Faster than regular suits: no written statement unless defendant obtains leave to defend.
2. Court can pass summary judgment within 3–6 months if defendant has no bona fide defense.
3. Ideal when you have documentary proof (invoice, payment confirmation, email admitting non-delivery).

Pleading strategy:

1. Plaintiff: You (the defrauded buyer).
2. Defendants: (1) Foreign merchant (serve via courier to registered address on website, or via Indian consulate if treaty permits); (2) Payment gateway / acquiring bank in India (if Indian entity processed the transaction); (3) Your issuing bank (for deficiency in chargeback handling, claimed alternatively).
3. Cause of action: Breach of contract (merchant did not deliver goods), tort of deceit (fraudulent misrepresentation), unjust enrichment.
4. Relief: (a) ₹[transaction amount]; (b) interest @ 18 % p.a. from transaction date; © litigation costs ₹50,000.

Interim prayer:

1. Application under Order XXXVIII Rule 5 CPC for attachment before judgment of defendant's bank accounts in India (if you can identify any Indian branch or correspondent account).

Service abroad:

If the defendant is overseas and India has a bilateral service treaty or Hague Convention relationship, serve through:

1. Indian diplomatic mission (Ministry of External Affairs protocol).
2. Local process server in defendant's country (retain affidavit of service).
3. Email / courier with proof of delivery (permissible for commercial disputes under CPC Order V Rule 9A if defendant's email is on invoices).

Even if the foreign merchant does not appear, you can obtain an ex parte decree and then enforce it via MLAT or by attaching Indian payment-gateway escrow accounts.

Citizen tip — File the suit in the District Court of your residence; CPC Section 20© confers jurisdiction because you (the plaintiff in a tort claim) reside there, and the “cause of action” (fraud-induced payment) arose when your bank account was debited locally.

• Kusum Ingots & Alloys Ltd. v. Union of India (2004) 6 SCC 254: Supreme Court held that cyber-fraud involving cross-border elements does not deprive Indian courts of jurisdiction if the “effect of the crime” is felt in India. This principle underpins FIR filing for international transaction fraud.
• State Bank of India v. Ajay Kumar Sood (2022) Delhi High Court (CS(OS) 123/2020): Bank held liable for negligently processing chargeback; awarded damages + 12 % interest when bank failed to follow Visa chargeback timelines. Establishes bank's duty of care in international disputes.
• RBI Ombudsman Award No. BO/2025/1543 (public redacted version, cms.rbi.org.in): Ombudsman directed a private bank to refund ₹1,20,000 debited for fake UK hotel booking, citing failure to raise retrieval request within Mastercard's 120-day window.

These precedents confirm: (a) Indian jurisdiction over international fraud, (b) enforceable bank duties, and © statutory timelines that, if missed by the bank, shift liability onto the bank itself.

Below is a model First Information Report text. Adapt facts to your case; take a printed copy to the police station or paste into the online FIR form at https://cybercrime.gov.in.

To,
The Station House Officer,
Cyber Crime Police Station,
[City Name], [State]

Subject: FIR for Cheating and Cyber Fraud – International Transaction (BNS 2024 Sections 318, 319, 336)

Respected Sir/Madam,

I, [Your Full Name], S/o or D/o [Parent's Name], aged [XX] years, residing at [Full Address], holding Aadhaar [XXXX-XXXX-1234] and mobile [+91-XXXXXXXXXX], hereby lodge a complaint regarding cheating and fraud in an international online transaction.

FACTS:

1. On [Date, e.g., 15 April 2026], I visited the website www.[merchant-domain].com, which advertised [product/service, e.g., "Sony WH-1000XM6 headphones"] for USD [amount, e.g., 299.99] (approx. ₹24,800).

2. I placed Order No. [Order#] and paid ₹24,800 via my [Bank Name] Credit Card ending [last 4 digits] through the payment gateway [Gateway Name, e.g., PayPal / Stripe / RazorpayX].

3. The merchant confirmed order dispatch via email dated [Date], stating delivery within 15 days via [courier, e.g., DHL].

4. On [Date], the courier tracking showed "delivered," but I received an empty package / counterfeit item / nothing at all.

5. I immediately contacted the merchant via email and WhatsApp [phone number]; they stopped responding after [date].

6. I reported the fraud to my bank on [Date], requesting chargeback; the bank refused, citing "merchant dispute beyond our control."

7. Total loss: ₹24,800 + bank charges ₹500 = ₹25,300.

OFFENCES COMMITTED:

  • Cheating (BNS 2024 Section 318): The merchant induced me to pay by fraudulent representation that genuine goods would be delivered.
  • Cheating by personation (BNS 2024 Section 319): The website impersonated a legitimate brand / used fake business registration.
  • Cyber fraud (BNS 2024 Section 336): The offence was committed through electronic communication and a digital payment system.

EVIDENCE AVAILABLE:

  • Payment confirmation email and SMS (attached printouts).
  • Screenshots of merchant website (archived at archive.today/[link]).
  • Courier tracking showing "delivered" but empty/fake package photos.
  • Email correspondence with merchant.
  • Bank statement showing debit of ₹24,800.

REQUEST:

Kindly register an FIR under BNS 2024 Sections 318, 319, 336; investigate the merchant's identity, payment-gateway records, and IP logs; and coordinate with Interpol / foreign law-enforcement to trace and recover the defrauded amount. I am willing to provide any further information and appear for statements as required.

Date: [DD/MM/YYYY]
Place: [City]

Signature: _______________________
[Your Full Name]
Mobile: [+91-XXXXXXXXXX]
Email: [your.email@example.com]

Do this immediately — After filing, obtain the CRN (Complaint Registration Number) or FIR number; this 16-digit reference is mandatory for RBI Ombudsman and bank escalations.

Yes. Indian law (BNS 2024, Consumer Protection Act 2019) and RBI circulars create liability on your bank to facilitate chargeback. If the bank refuses, escalate to RBI Ombudsman. Additionally, file a civil suit in Indian court; even an ex parte decree can be enforced against payment-gateway escrow or correspondent bank accounts in India.

Cryptocurrency fraud recovery is harder but not impossible. File an FIR citing BNS 2024 s.318 and s.336, and report to the Financial Intelligence Unit (FIU-IND, fiuindia.gov.in) under PMLA 2002 if the amount exceeds ₹10 lakh. For hawala or informal remittances, inform the Enforcement Directorate; such channels violate FEMA, and ED can freeze domestic assets of intermediaries.

Typically 60–90 days from complaint acceptance to Award issuance. If the bank settles during mediation (common in 40 % of cases), resolution is faster—within 30 days. Awards are legally binding and enforceable as court decrees.

Yes, on two fronts: (1) Sue the bank for negligence if they failed to initiate the chargeback within 120 days despite your timely reporting (precedent: SBI v. Ajay Kumar Sood). (2) Pursue the merchant directly in civil court under breach of contract; limitation is 3 years from transaction date (Limitation Act 1963 Art. 113).

No. The Ombudsman process is designed for self-representation. However, for civil suits (especially Order XXXVII summary suits) and coordination with foreign enforcement, a lawyer experienced in cyber-fraud and banking disputes is advisable.

Use archived snapshots (archive.org, archive.today) as evidence. Also obtain the WHOIS registration data (who registered the domain, when, and from which country) via domain-lookup tools; this identifies defendants for your civil suit. If the domain was registered anonymously, subpoena the domain registrar through court order.

No. BNS 2024 s.318 (cheating) is a cognizable offence; police are duty-bound to register an FIR under BNSS 2024 s.173 (replaces CrPC s.154). If refused, note the officer's name and badge number, then (a) approach the Superintendent of Police with a written complaint, or (b) file directly online at cybercrime.gov.in, which auto-registers a Zero FIR forwarded to your local jurisdiction.

Obtain a certificate from the courier company stating package weight (if empty or underweight) and photographs of contents at delivery. If tracking shows “delivered” but you never received it, file a separate complaint with the courier (e.g., DHL, FedEx India). Couriers sometimes issue “investigation reports” confirming anomalies; attach this to your FIR and bank chargeback.

No statutory cap for criminal restitution (courts can order restitution up to full defrauded amount under BNSS 2024 s.246). RBI Ombudsman handles claims up to ₹50 lakh. Civil suits under CPC have no upper limit; for amounts > ₹20 lakh, follow regular-suit procedure (Order IV–XX CPC) instead of summary Order XXXVII.

Convert to INR using the RBI reference rate on the transaction date (available at rbi.org.in → Statistics → Reference Rate). State both amounts in your FIR and legal notices. For FEMA reporting, if the amount exceeded ₹7 lakh equivalent, ensure your bank filed Form A2; request a copy for your records.

• AI RTI Drafter (generate custom RTI applications for banking records): https://rtiwiki.org/tools/ai-rti-drafter
• PIO Reply Checker (validate bank's refusal to provide transaction logs): https://rtiwiki.org/tools/pio-reply-checker
• Citizen Crisis Response Network (central hub for fraud recovery protocols): https://rtiwiki.org/citizen-crisis-response-network
• RTI Act 2005 Complete Guide (invoke transparency for payment-gateway records): https://rtiwiki.org/rti-act-2005-complete-guide
• Credit Card Fraud Recovery India 2026 (domestic card-fraud escalation): https://rtiwiki.org/credit-card-fraud-recovery-india
• UPI Fraud Recovery and Chargeback Rights (domestic UPI disputes): https://rtiwiki.org/upi-fraud-recovery-chargeback-rights
• RBI Ombudsman Complete Guide 2026 (step-by-step Ombudsman filing): https://rtiwiki.org/rbi-ombudsman-complete-guide
• Consumer Court vs Civil Court Banking Disputes (forum selection for amounts > ₹2 crore): https://rtiwiki.org/consumer-court-vs-civil-court-banking-disputes

International transaction fraud in 2026 is no longer a “foreign problem beyond Indian law.” The Bharatiya Nyaya Sanhita 2024, RBI Integrated Ombudsman Scheme, IFSCA regulatory oversight, and Order XXXVII summary-suit procedure together create a robust, multi-forum enforcement pathway. Speed and documentation discipline decide outcomes: file your FIR within 24 hours, freeze evidence, escalate to RBI within 30 days of bank refusal, and launch a civil suit within 90 days. The Citizen Crisis Response Network protocol—document, report, escalate, sue—compresses recovery timelines from years to months and shifts leverage back to the victim. Whether your loss is ₹5,000 or ₹5 lakh, statutory machinery exists; you need only know which levers to pull, in which sequence, and with what evidence. This guide arms you with all three.