International Transaction Fraud Recovery India (2026)

In May 2026, Priya Menon from Kochi authorised a ₹87,400 payment to a Singapore e-commerce site; the goods never arrived, and her bank declined chargeback citing “international merchant dispute” — yet Bharatiya Nyaya Sanhita 2023 section 318 criminalises cheating, Reserve Bank of India circulars mandate customer-liability and grievance frameworks, and statutory escalation paths exist for both civil recovery and penal prosecution of cross-border fraud.

Citizen Crisis Response Network

Document transaction → freeze card → police cyber-cell FIR → bank chargeback → RBI Ombudsman → IFSC appeal → civil suit if needed.

File a cyber-crime FIR at the nearest police station or National Cyber Crime Reporting Portal within 24 hours, citing BNS 2023 s.318 (cheating) and s.319 (cheating by personation). Simultaneously lodge a written chargeback dispute with your bank under the RBI framework on customer liability for unauthorised electronic transactions, preserving all email, invoice, and payment gateway screenshots. If the bank refuses, escalate to the RBI Ombudsman. For transactions routed through International Financial Services Centre (IFSC) GIFT City entities, file a parallel complaint with IFSCA. Retain foreign exchange declaration forms (if remittance exceeded ₹7 lakh) to comply with FEMA 1999 reporting and preserve evidence for civil recovery suits under CPC 1908 Order XXXVII (summary procedure).

• What qualifies as international transaction fraud
• Immediate steps in the first 24 hours
• BNS 2023 penal provisions and FIR drafting
• Bank chargeback rights and RBI circulars
• RBI Ombudsman escalation procedure
• IFSC and IFSCA complaint jurisdiction
• FEMA compliance and foreign exchange reporting
• Civil recovery through summary suit (Order XXXVII CPC)
• Case-law touchpoints and precedents
• Sample FIR text for international fraud
• Frequently asked questions
• Myth vs reality table

International transaction fraud covers any unauthorised or deceptive cross-border payment where the Indian cardholder, remitter, or UPI user loses money to a foreign merchant, phishing site, or fraudulent beneficiary. Common patterns in 2026 include:

1. Card-not-present (CNP) fraud: Online purchases on overseas sites that deliver nothing or counterfeit goods.
2. Investment scams: Forex trading platforms, crypto exchanges, or binary-options websites that freeze withdrawals.
3. Romance and job scams: Advance-fee fraud where victims wire money abroad for visa processing, equipment, or “earnest money.”
4. Phishing clones: Fake airline, hotel, or software-renewal sites mimicking legitimate brands, hosted on international domains.
5. Merchant collusion: Payment gateways that route Indian cards to shell companies in tax havens, then vanish.

Each scenario triggers overlapping jurisdiction: Indian cyber-crime law (Bharatiya Nyaya Sanhita 2023 sections 318, 319, 336), banking regulations (RBI directions and circulars), foreign-exchange control (FEMA 1999), and consumer protection (Consumer Protection Act 2019). Documentation begins the moment you suspect fraud.

Do this immediately — Screenshot the merchant page, payment confirmation email, SMS alerts, and bank statement line; these expire from inboxes or are deleted by fraudsters within days.

Hour 0–2: Contain the damage

1. Call your card issuer's 24×7 helpline and request immediate card blocking.
2. For UPI or net-banking transfers, ask the bank to place a “stop payment” request if the transaction is pending settlement (typically T+1 for international wires).
3. Note the Customer Service Reference (CSR) number and the agent's name.

Hour 2–6: Document everything

1. Export full email threads (including headers showing sender IP).
2. Download bank/card statements in PDF.
3. Take screenshots of the merchant website before it goes offline; use archive.org Wayback Machine or archive.today to create timestamped snapshots.
4. If the merchant used WhatsApp or Telegram, screenshot chat history with visible timestamps.

Hour 6–24: File dual complaints

1. Police FIR: Visit the local cyber-crime police station or file online at https://cybercrime.gov.in. Obtain an acknowledgment number (CRN).
2. Bank dispute: Submit a written chargeback request via email and registered post to the card issuer's nodal officer (details on bank website under “grievance redressal”).

Keep copies of acknowledgment receipts; they serve as evidence of timely reporting for FIR prosecution and for RBI Ombudsman zero-liability claims.

Most citizens miss this — Banks often verbally advise “we cannot reverse international transactions,” yet RBI's customer-liability framework requires banks to investigate and facilitate disputes; insist on a written refusal to preserve appeal rights.

The Bharatiya Nyaya Sanhita 2023 (which replaced IPC 1860) consolidates the cheating and fraud provisions:

• Section 318: Cheating — whoever deceives any person and fraudulently or dishonestly induces delivery of property, or consent to retain property, commits cheating. Punishment ranges from up to 3 years (general cheating) to up to 7 years where the offender dishonestly induces delivery of property [s.318(4)], plus fine.
• Section 319: Cheating by personation — if the fraudster pretends to be some other person or a legitimate merchant or official; imprisonment up to 5 years, or fine, or both.
• Section 336: Forgery — making or altering documents or electronic records with intent to deceive or defraud. Where the forged document or electronic record is intended to be used for the purpose of cheating, imprisonment may extend to 7 years and fine [s.336(3)]. This is relevant where the fraudster forges invoices, dispatch records, or website identities.

When the merchant or beneficiary is abroad, Indian courts can still take cognizance because the “consequence” of the offence (the victim's bank account debited in India) occurred within India; place-of-trial rules under BNSS 2023 allow trial where the act was done or where the consequence ensued. This basis allows Indian police to investigate and seek Interpol assistance or mutual legal assistance treaties (MLAT) for evidence.

Essential FIR elements:

1. Your full name, address, contact.
2. Transaction date, amount, currency, payment gateway or card network (Visa / Mastercard / RuPay).
3. Merchant name, website URL, registered address (if available).
4. Description of goods/services ordered vs. what (if anything) was delivered.
5. Mention BNS 2023 s.318, s.319, s.336.
6. State loss amount in INR (use RBI reference rate for the transaction date if charged in foreign currency).
7. Request investigation, freezing of merchant accounts via lawful channels, and recording of witness statement.

Warning — Police often defer international cases citing “lack of jurisdiction”; insist that the loss was suffered in India (your bank account was debited locally), which confers jurisdiction to investigate and register the FIR.

The Reserve Bank of India's customer-protection framework for unauthorised electronic banking transactions (RBI circular DPSS.CO.PD.No.629/02.14.003/2017-18, dated 6 July 2017) and the Master Direction – Digital Payment Security Controls (2021, updated since) together oblige all banks and payment aggregators to:

1. Provide a customer grievance redressal mechanism and resolve unauthorised-transaction complaints within the timelines set by RBI.
2. Facilitate chargebacks for disputed card transactions within card-network timelines (Visa and Mastercard generally allow up to 120 days from the transaction date for “goods/services not received” disputes).
3. Apply zero liability for unauthorised transactions caused by bank negligence or third-party breach reported promptly, and limited liability (per the RBI table, depending on account type) for delayed reporting of 4–7 working days.

For cross-border transactions:

1. The Indian issuing bank must raise a chargeback retrieval request to the acquiring bank abroad via the card network.
2. Common chargeback reason codes: “Goods/Services Not Received” (Visa code 13.1, Mastercard 4855), “Fraudulent Transaction—Card Not Present” (Visa 10.4, Mastercard 4837).
3. Banks cannot unilaterally refuse without valid grounds; they must demonstrate that card network rules exclude the dispute (e.g., a “final sale” explicitly accepted at checkout with screenshots).

Drafting your chargeback letter (email to nodal officer):

1. Subject: “Chargeback Request – International Transaction Fraud – Card [last 4 digits] – Transaction Date [DD/MM/YYYY]”
2. Body: Cite the RBI customer-liability framework, attach screenshots, invoice (if any), and delivery-tracking (showing non-delivery or fake tracking).
3. Specify requested resolution: full refund of ₹[amount].
4. Set a reasonable response deadline and reference RBI Circular DPSS.CO.PD.No.629/02.14.003/2017-18 on unauthorised transactions.

Save a copy and proof of delivery (email read receipt or speed-post tracking).

Citizen tip — If your bank outsources card operations to a third-party processor, name both the bank and the processor in the complaint to fix responsibility.

If the bank rejects your chargeback or does not give a satisfactory reply, escalate to the RBI Integrated Ombudsman Scheme (RB-IOS) 2021 at https://cms.rbi.org.in. The scheme operates as a single centralised “One Nation One Ombudsman” framework.

Eligibility criteria:

1. Complaint involves deficiency in banking service (card fraud, unauthorised debit, refusal to investigate).
2. Complainant exhausted internal grievance (wrote to nodal officer, waited 30 days, or received an unsatisfactory reply).
3. Filed within 1 year of receiving the bank's final reply (or of the cause of action where no reply is received).

Filing process:

1. Visit https://cms.rbi.org.in and click "Lodge Complaint."
2. Upload: bank's rejection letter, your chargeback request, transaction proof, FIR copy, any other correspondence.
3. The complaint is registered and forwarded to the bank for a response.
4. The bank is required to respond within the timeline set by the scheme.
5. If no settlement, the Ombudsman may conduct a hearing (video conference permissible) and issue an Award.

Enforceability: Ombudsman Awards are binding on banks once accepted (the bank may appeal to the Appellate Authority within the prescribed period). If the bank does not comply, you can pursue enforcement through the courts.

Trust signal — A well-documented complaint — FIR, written chargeback request, and merchant-site screenshots — gives the Ombudsman the evidence needed to direct a refund, so assemble these before you file.

If your transaction routed through an entity registered in the International Financial Services Centre (IFSC) at GIFT City, Gujarat — common for fintech payment gateways, forex brokers, and crypto platforms — you gain an additional forum: the International Financial Services Centres Authority (IFSCA) at https://ifsca.gov.in.

Why IFSCA matters:

1. The IFSCA Act 2019 gives the Authority unified regulatory oversight over financial entities in the IFSC.
2. IFSCA's Circular on Complaint Handling and Grievance Redressal by Regulated Entities in the IFSC (dated 2 December 2024) requires regulated entities to maintain a complaint-handling and grievance-redressal policy with a designated Complaint Redressal Officer and an appellate officer.
3. IFSCA also maintains a complaints page on its website (Complaints section at https://ifsca.gov.in/Pages/Contents/Complaints).

When to use it:

1. Payment gateway, forex broker, or crypto exchange shows IFSC registration (check the IFSCA online registry).
2. Transaction involves cross-border fund transfer intermediated by an IFSC entity.

Filing procedure:

1. First raise the complaint with the regulated entity's Complaint Redressal Officer.
2. If unresolved, use IFSCA's Complaints page (Grievance Redressal) to escalate.
3. Attach: transaction receipt, correspondence with the entity, proof of fraud or non-delivery.

You can pursue parallel complaints (police FIR, RBI Ombudsman, and IFSCA) because each authority addresses different aspects: criminal liability (police), banking-service deficiency (RBI), and regulatory breach (IFSCA).

Warning — IFSCA jurisdiction is limited to entities registered in IFSC; verify registration before filing or your complaint will be returned.

The Foreign Exchange Management Act 1999 (FEMA) governs all cross-border money movement. While FEMA primarily regulates authorised dealers (banks), it imposes reporting duties on individuals for certain thresholds:

• Liberalised Remittance Scheme (LRS): Resident individuals may remit up to USD 2,50,000 per financial year for permissible current or capital-account transactions.
• Form A2: For foreign-exchange remittances, banks require a signed declaration citing the purpose code (e.g., S0301 – purchase of goods, S1301 – studies abroad).

Fraud-recovery implications:

1. If you filed Form A2 declaring “purchase of goods” but the merchant defrauded you, that declaration becomes evidence in civil suits (proves the purpose was legitimate trade, not money laundering).
2. Under FEMA, the Reserve Bank or Enforcement Directorate can investigate if a remittance violated LRS caps or involved a prohibited transaction. If the fraud merchant used your remittance for hawala or terror financing, you must cooperate (retain your emails proving you were a bona fide buyer).
3. TCS (Tax Collected at Source): Tax is collected at source on LRS remittances above the prescribed annual threshold (₹7 lakh for most purposes), at the rate notified by the Finance Acts. Retain TCS certificates; they prove legal sourcing of funds, critical if the fraudster's defence alleges you participated in a prohibited scheme.

Enforcement Directorate (ED) coordination:

If the transaction is large and involves suspected money laundering, inform the Enforcement Directorate (website: https://enforcementdirectorate.gov.in) in addition to the police. The ED has powers to trace funds abroad and attach assets under the Prevention of Money Laundering Act 2002.

Most citizens miss this — Keep your FEMA-compliant paperwork (Form A2, bank certificate, TCS receipt) in a dedicated folder; these documents prove you are a victim, not a co-conspirator, if the transaction attracts regulatory scrutiny.

Once criminal proceedings (FIR) and regulatory escalations (RBI Ombudsman, IFSCA) are underway, initiate civil recovery for the monetary claim. For liquidated money claims based on documents, use Order XXXVII of the Code of Civil Procedure 1908 (Summary Procedure).

Why Order XXXVII?

1. Faster than regular suits: the defendant cannot defend as of right and must obtain leave to defend.
2. The court can decree the claim quickly if the defendant has no bona fide defence.
3. Ideal when you have documentary proof (invoice, payment confirmation, email admitting non-delivery).

Pleading strategy:

1. Plaintiff: You (the defrauded buyer).
2. Defendants: (1) Foreign merchant (serve via courier to registered address on website, or via Indian consulate if a treaty permits); (2) Payment gateway / acquiring bank in India (if an Indian entity processed the transaction); (3) Your issuing bank (for deficiency in chargeback handling, claimed alternatively).
3. Cause of action: Breach of contract (merchant did not deliver goods), tort of deceit (fraudulent misrepresentation), unjust enrichment.
4. Relief: (a) ₹[transaction amount]; (b) interest at a reasonable rate from the transaction date; © litigation costs.

Interim prayer:

1. Application under Order XXXVIII Rule 5 CPC for attachment before judgment of the defendant's bank accounts in India (if you can identify any Indian branch or correspondent account).

Service abroad:

If the defendant is overseas and India has a bilateral service treaty or Hague Convention relationship, serve through:

1. Indian diplomatic mission (Ministry of External Affairs protocol).
2. Local process server in the defendant's country (retain affidavit of service).
3. Email / courier with proof of delivery (permissible in appropriate cases under the CPC where the defendant's email appears on invoices).

Even if the foreign merchant does not appear, you can obtain an ex parte decree and then seek to enforce it via MLAT or by attaching Indian payment-gateway escrow accounts where available.

Citizen tip — File the suit in the District Court that has jurisdiction; under CPC Section 20 a suit may be filed where the cause of action wholly or partly arises, and part of the cause of action (the fraud-induced debit) arose where your bank account was debited.

• Indian courts and cross-border effect: Indian criminal courts can take cognizance of cross-border fraud where the consequence of the offence — the debit of the victim's account — is felt in India. Place-of-trial rules under the BNSS allow trial where the act was done or where the consequence ensued, which is the basis for registering an FIR for international transaction fraud.
• RBI customer-liability framework: RBI's circular on customer liability for unauthorised electronic banking transactions (DPSS.CO.PD.No.629/02.14.003/2017-18, 6 July 2017) places clear obligations on banks to investigate disputes and limits the customer's liability where the customer reports promptly and the bank is at fault. Where a bank fails to act on a timely, well-documented dispute, the customer can pursue both the RBI Ombudsman and a civil claim against the bank for deficiency in service.

These touchpoints confirm: (a) Indian jurisdiction over international fraud, (b) enforceable bank duties under the RBI framework, and © the value of acting within card-network and reporting timelines, because a bank's failure to act despite your timely report strengthens your claim against the bank.

Below is a model First Information Report text. Adapt facts to your case; take a printed copy to the police station or paste into the online FIR form at https://cybercrime.gov.in.

To,
The Station House Officer,
Cyber Crime Police Station,
[City Name], [State]

Subject: FIR for Cheating and Cyber Fraud – International Transaction (BNS 2023 Sections 318, 319, 336)

Respected Sir/Madam,

I, [Your Full Name], S/o or D/o [Parent's Name], aged [XX] years, residing at [Full Address], holding Aadhaar [XXXX-XXXX-1234] and mobile [+91-XXXXXXXXXX], hereby lodge a complaint regarding cheating and fraud in an international online transaction.

FACTS:

1. On [Date, e.g., 15 April 2026], I visited the website www.[merchant-domain].com, which advertised [product/service, e.g., "Sony WH-1000XM6 headphones"] for USD [amount, e.g., 299.99] (approx. ₹24,800).

2. I placed Order No. [Order#] and paid ₹24,800 via my [Bank Name] Credit Card ending [last 4 digits] through the payment gateway [Gateway Name, e.g., PayPal / Stripe / RazorpayX].

3. The merchant confirmed order dispatch via email dated [Date], stating delivery within 15 days via [courier, e.g., DHL].

4. On [Date], the courier tracking showed "delivered," but I received an empty package / counterfeit item / nothing at all.

5. I immediately contacted the merchant via email and WhatsApp [phone number]; they stopped responding after [date].

6. I reported the fraud to my bank on [Date], requesting chargeback; the bank refused, citing "merchant dispute beyond our control."

7. Total loss: ₹24,800 + bank charges ₹500 = ₹25,300.

OFFENCES COMMITTED:

  • Cheating (BNS 2023 Section 318): The merchant induced me to pay by fraudulent representation that genuine goods would be delivered.
  • Cheating by personation (BNS 2023 Section 319): The website impersonated a legitimate brand / used fake business registration.
  • Forgery (BNS 2023 Section 336): Forged invoices, dispatch records, or website identity were used to commit the cheating through electronic records.

EVIDENCE AVAILABLE:

  • Payment confirmation email and SMS (attached printouts).
  • Screenshots of merchant website (archived at archive.today/[link]).
  • Courier tracking showing "delivered" but empty/fake package photos.
  • Email correspondence with merchant.
  • Bank statement showing debit of ₹24,800.

REQUEST:

Kindly register an FIR under BNS 2023 Sections 318, 319, 336; investigate the merchant's identity, payment-gateway records, and IP logs; and coordinate with Interpol / foreign law-enforcement to trace and recover the defrauded amount. I am willing to provide any further information and appear for statements as required.

Date: [DD/MM/YYYY]
Place: [City]

Signature: _______________________
[Your Full Name]
Mobile: [+91-XXXXXXXXXX]
Email: [[email protected]]

Do this immediately — After filing, obtain the CRN (Complaint Registration Number) or FIR number; this reference is mandatory for RBI Ombudsman and bank escalations.

Yes. Indian law (BNS 2023, Consumer Protection Act 2019) and RBI circulars create obligations on your bank to investigate and facilitate chargeback. If the bank refuses, escalate to the RBI Ombudsman. Additionally, file a civil suit in Indian court; even an ex parte decree can be enforced against payment-gateway escrow or correspondent bank accounts in India.

Cryptocurrency fraud recovery is harder but not impossible. File an FIR citing BNS 2023 s.318 and s.336, and report to the Financial Intelligence Unit (FIU-IND, fiuindia.gov.in) for the money-laundering angle. For hawala or informal remittances, inform the Enforcement Directorate; such channels violate FEMA, and the ED can act against domestic assets of intermediaries.

It varies by case. If the bank settles during the early mediation stage, resolution can be quicker; otherwise the Ombudsman may hold a hearing and issue an Award. Awards, once accepted, are binding and enforceable.

You may still have options: (1) Pursue the bank for deficiency in service if it failed to initiate the chargeback within the card-network window despite your timely reporting — raise this with the bank's grievance cell and the RBI Ombudsman. (2) Pursue the merchant directly in civil court for breach of contract; the residuary limitation period is 3 years from when the right to sue accrues (Limitation Act 1963, Article 113).

No. The Ombudsman process is designed for self-representation. However, for civil suits (especially Order XXXVII summary suits) and coordination with foreign enforcement, a lawyer experienced in cyber-fraud and banking disputes is advisable.

Use archived snapshots (archive.org, archive.today) as evidence. Also obtain the WHOIS registration data (who registered the domain, when, and from which country) via domain-lookup tools; this identifies defendants for your civil suit. If the domain was registered anonymously, you can seek a court order to compel the registrar to disclose details.

No. Cheating under BNS 2023 s.318 is a cognizable offence; police are duty-bound to register an FIR under BNSS 2023 s.173 (which replaces CrPC s.154 and gives statutory recognition to the Zero FIR). If refused, note the officer's name and badge number, then (a) approach the Superintendent of Police with a written complaint, or (b) file online at cybercrime.gov.in, which forwards a Zero FIR to your local jurisdiction.

Obtain a certificate from the courier company stating package weight (if empty or underweight) and photographs of contents at delivery. If tracking shows “delivered” but you never received it, file a separate complaint with the courier (e.g., DHL, FedEx India). Couriers sometimes issue “investigation reports” confirming anomalies; attach this to your FIR and bank chargeback.

For criminal proceedings, courts can order compensation to victims under the BNSS victim-compensation provisions (Sections 395–397). Civil suits under the CPC have no upper limit; for larger claims that do not fit the summary procedure, follow the regular-suit procedure instead of summary Order XXXVII.

Convert to INR using the RBI reference rate on the transaction date (available at rbi.org.in → Statistics → Reference Rate). State both amounts in your FIR and legal notices. For FEMA reporting, if the amount required a declaration, ensure your bank filed Form A2; request a copy for your records.

• AI RTI Drafter (generate custom RTI applications for banking records): https://righttoinformation.wiki/tools/rti-assistant
• PIO Reply Checker (validate bank's refusal to provide transaction logs): https://righttoinformation.wiki/tools/pio-reply-checker
• Citizen Crisis Response Network (central hub for fraud recovery protocols): https://righttoinformation.wiki/citizen-crisis-response-network
• RTI Act 2005 Complete Guide (invoke transparency for payment-gateway records): https://righttoinformation.wiki/rti-act-2005-complete-guide

International transaction fraud in 2026 is no longer a “foreign problem beyond Indian law.” The Bharatiya Nyaya Sanhita 2023, the RBI Integrated Ombudsman Scheme, IFSCA regulatory oversight, and Order XXXVII summary-suit procedure together create a robust, multi-forum enforcement pathway. Speed and documentation discipline decide outcomes: file your FIR within 24 hours, freeze evidence, escalate to the RBI Ombudsman after the bank's refusal, and launch a civil suit promptly. The Citizen Crisis Response Network protocol — document, report, escalate, sue — compresses recovery timelines and shifts leverage back to the victim. Whether your loss is ₹5,000 or ₹5 lakh, statutory machinery exists; you need only know which levers to pull, in which sequence, and with what evidence. This guide arms you with all three.