Your NCRP acknowledgement is a 14-digit complaint number issued by cybercrime.gov.in after you call 1930 or file online. It puts the fraud on record and triggers a lien on the receiver bank account, but it does not guarantee a refund. This guide decodes every field and gives you the exact follow-up letters that move the case forward.
Quick answer. The 14-digit number is your only legal proof that the bank and the cyber cell are on notice. Track status on the NCRP dashboard, escalate to the state cyber cell after 7 days, and file an RTI to the bank if the lien is silent. See the case ID follow-up workflow below.
The 14-digit receipt is your only proof that the bank and the cyber cell are now legally on notice. Read it slowly, save it in three places, and use it every time you write to the bank.
If you are short on time, jump to the case ID follow-up workflow and the sample request for lien release.
Citizens who call 1930 or file at cybercrime.gov.in receive a complaint number, then nothing. The bank silently marks a lien on the receiver account, the receiver panics, and the victim still has no refund. Both sides assume the system is doing something. Both are wrong unless somebody follows up.
This article decodes the receipt, walks the lien chain step by step, and gives you exact letters to push the case forward. It is a sibling of bank account frozen after cyber fraud, removing a lien mark, and the 1930 helpline script.
The acknowledgement is a 14-digit numeric string. The Indian Cyber Crime Coordination Centre (I4C) issues it under the National Cyber Crime Reporting Portal (NCRP), backed by §§65, 66, 66C, 66D of the Information Technology Act, 2000.
You see it twice. First on the confirmation page right after submission. Second by email from [email protected]. If you called 1930, the operator dictates the number. Always read it back digit by digit and ask the operator to repeat it.
Save the number in three places, phone notes, email to yourself, and a photo on a second device. People lose the SMS, the email lands in spam, and the portal logs them out after 15 minutes.
Most citizens picture one event (“they froze his account”). The reality is a five-stage chain. Each stage takes a different amount of time and a different department.
The lien sits in stage 4 for the duration of the investigation. If the money is still in the first receiver account, recovery is possible. If it has been layered through 2–3 mule accounts, each hop must be traced and lien-marked one by one.
The 5-stage lien chain
① You call 1930 → ② 14-digit acknowledgement → ③ CFCFRMS routes to both banks → ④ receiver bank marks lien → ⑤ state cyber cell takes the file
| Stage | Department | Typical time | Citizen action |
|---|---|---|---|
| 1 | 1930 helpline (I4C) | 0–30 minutes | Note the temporary reference |
| 2 | NCRP portal | 0–24 hours | Save the 14-digit number |
| 3 | CFCFRMS to both banks | 1–4 hours | None, automated |
| 4 | Receiver bank lien | 4–24 hours | Email your bank with the case ID |
| 5 | State cyber cell | 3–7 working days | Visit if no contact by day 10 |
This is the single most misunderstood point. Citizens read the receipt and assume the money is safe. It is not.
When the fraud is reported quickly, the receiver bank places a lien within hours. If you are the victim, the lien is on the receiver, not on you. If you are the receiver (mule scenario), the lien is on your account.
In SBI, the entry appears in the YONO app under “Holds and liens” with a narration like “LIEN-CFCFRMS-XXXXXXXXXX”. In HDFC NetBanking it shows under “Account services → Lien Enquiry”. In ICICI iMobile it sits in “Service requests → View liens”. In Axis it is “Account information → Holds”.
If the entry has no narration and only a code, call the bank's 24×7 helpline, give your NCRP acknowledgement number, and ask for the lien reason code and the lien reference. Banks are required to share this with the account holder under the RBI customer protection framework.
This is the painful side of the lien chain. A friend transfers ₹40,000 to you, you spend ₹35,000, and a week later your account is debit-frozen because the original transfer was traced back to a cyber fraud.
This does not mean you are guilty. It means your account sat downstream of a fraud transaction. Police call this a “mule account” suspicion. The law gives you a clear path out.
Most innocent-receiver liens release in 14 to 45 days once the cyber cell verifies the receiver is not the fraudster. Stay calm, document everything, and never pay the “agent” who claims he can release the lien for a fee. That second scam is common.
The cybercrime portal has a real dashboard. Most citizens never log in to it because they reported by phone and never set a password. Fix this in five minutes.
The dashboard refreshes after each update by the assigned cyber cell. If status sits on “Under processing” for more than 10 days, escalate.
The state cyber cell is a “public authority” under §2(h) of the RTI Act, 2005. You can file an RTI asking for the case status, officer name, action taken, and any letter sent to the receiver bank.
Use the AI RTI Drafter to generate the application in two minutes. Cite §6(1) for the question, §7(1) for the 30-day timeline, and §6(3) for transfer if the wrong cell receives it.
If you are within 50 km of the state cyber crime headquarters, a 30-minute walk-in often beats two months of emails. Carry the 14-digit acknowledgement, ID proof, bank statement showing the debit, and any screenshots of the fraud. Ask politely for the investigating officer name and contact. Once you have a human name, every follow-up gets faster.
If the cyber cell or the bank ignores you, file a Centralised Public Grievance Redress and Monitoring System grievance at https://pgportal.gov.in. Map it to the Ministry of Home Affairs / I4C. Quote the NCRP acknowledgement. Average reply time is 21 days.
Copy this into an email to [email protected] with the subject line “Follow-up: NCRP Acknowledgement [your-14-digit-number], status request”.
To, The Incident Response Team, National Cyber Crime Reporting Portal (NCRP), Indian Cyber Crime Coordination Centre (I4C), Ministry of Home Affairs. Subject: Status request and request for action, NCRP acknowledgement [14-digit number] dated [DD/MM/YYYY]. Sir / Madam, 1. I had filed a cyber fraud complaint on [DD/MM/YYYY] at [HH:MM] through [1930 helpline / cybercrime.gov.in portal]. The acknowledgement number assigned to me is [14-digit number]. 2. The dispute concerns an amount of Rs. [amount] debited from my account [your account number, last 4 digits] held with [bank name] to the beneficiary [UPI ID / account / IFSC] on [DD/MM/YYYY]. 3. As on date, the NCRP dashboard shows status as "[exact status text]". No officer has contacted me. The receiver bank has not confirmed whether a lien has been marked. 4. I request the following: (a) Confirmation of which state cyber cell has been assigned; (b) Name and contact of the investigating officer; (c) Status of the lien on the receiver account; (d) Whether the case is being converted to an FIR. 5. I rely on the RBI master direction DBR.No.Leg.BC.78/09.07.005/2017-18 dated 6 July 2017 on customer protection, and the Information Technology Act 2000, sections 43A, 66, 66C and 66D. A reply within 15 days will be appreciated. Failing that, I will file an RTI under the Right to Information Act, 2005 and a grievance on CPGRAMS. Yours sincerely, [Name] [Mobile] | [Email] [Date]
If you are the innocent receiver and want the lien removed, use this template. Send by email to the branch manager and the bank's nodal officer for grievances, with a copy to the principal nodal officer.
To, The Branch Manager and Nodal Officer (Grievances), [Bank name], [Branch address]. Subject: Request for release of lien on Account [last 4 digits], NCRP reference [14-digit number], innocent receiver. Sir / Madam, 1. A lien of Rs. [amount] was marked on my account [last 4 digits] on [DD/MM/YYYY] under the CFCFRMS / NCRP route, reference [14-digit number if known, else "not disclosed to me"]. 2. I am the bona fide account holder. The credit that appears to have triggered the lien came from [source, friend / employer / vendor] on [DD/MM/YYYY] for [purpose]. Supporting documents are enclosed: (a) KYC and PAN copy; (b) Bank statement showing the credit narration; (c) WhatsApp / email / invoice evidence of the underlying transaction; (d) Latest ITR or salary slip. 3. I am willing to record a statement before the investigating officer. I have not been contacted yet. Please share the officer's name and the cyber cell jurisdiction so I can co-operate. 4. Under the RBI master direction on customer protection and your Internal Ombudsman Scheme, a lien cannot be perpetual without communication. I request: (a) A copy of the lien instruction received by the bank; (b) Release of the lien on production of cleared evidence; (c) Or, at minimum, partial release of the non-disputed balance. 5. If no reply is received within 10 working days, I will approach the Banking Ombudsman under the Reserve Bank, Integrated Ombudsman Scheme, 2021. Yours sincerely, [Name] [Account number, last 4 digits] [Mobile] | [Email] [Date]
These three are different. Treating them as the same is the most common citizen mistake.
| Term | What it is | Who issues it | Legal weight |
|---|---|---|---|
| NCRP acknowledgement | A 14-digit complaint number from the cybercrime portal | I4C, Ministry of Home Affairs | Triggers bank lien and routes to cyber cell. Not an FIR. |
| FIR | First Information Report under §173 BNSS 2023 (earlier §154 CrPC) | Local police station | Mandatory for cognisable offences. Insurance and bank claims need this. |
| CCTNS | Crime and Criminal Tracking Network and Systems | Ministry of Home Affairs / state police | Internal database. An FIR enters CCTNS; an NCRP complaint usually does not until converted. |
For losses above the threshold notified in your state (often ₹10 lakh, sometimes lower) the cyber cell is expected to convert your NCRP complaint into a CCTNS FIR. Insurance companies and employers asking for “the FIR” will not accept the NCRP receipt alone. If a refund or insurance claim hinges on it, push for the FIR in writing.
Set expectations now to avoid panic later. The numbers below are observed averages from public Right to Information replies and cyber cell briefings.
Recovery is highest in the first 24 hours. After 72 hours, recovery rates drop sharply because mule accounts are emptied fast.
No. The NCRP number is a portal-generated complaint reference issued by I4C. The FIR number is issued by a police station under §173 of the BNSS 2023. The NCRP entry can be converted into an FIR by the cyber cell, but the two numbers are different. Banks accept either, insurers usually need the FIR.
Initial liens are usually placed for 90 days. The cyber cell can extend the lien up to 180 days in writing. Beyond that, the freeze must be replaced by a court order. If your bank says “lien is permanent”, that is wrong. Ask for the dated written instruction. See lien removal explainer.
Go to https://www.cybercrime.gov.in within 24 hours, click “Report Other Cybercrime”, and finish the report. The system will either generate a fresh acknowledgement or surface the draft created from the 1930 call. Quote the 1930 call date and your registered mobile so the operator's draft is matched.
Yes if the bank is a “public authority”, every public sector bank, including SBI, PNB, BoB, Canara, Union, is covered under §2(h) of the RTI Act, 2005. For private banks (HDFC, ICICI, Axis), RTI does not apply directly, but you can RTI the Reserve Bank of India for the master direction on customer protection and the RBI's correspondence with your bank.
No. A lien is a banking action, not an arrest. The cyber cell investigates first. If the receiver has documents showing the credit was for a genuine reason (salary, family transfer, business invoice), the lien is released and no FIR follows. Arrests happen only when the receiver is clearly part of the fraud chain.
Closing the complaint does not bar you from acting. File a written representation to the same cyber cell within 30 days asking for a copy of the closure report and the reasoning. Simultaneously file a private FIR at the local police station and a CPGRAMS grievance. Many “Closed, no action” entries are reopened on representation.
Partially. Cyber fraud insurance policies (offered by HDFC Ergo, ICICI Lombard, Bajaj Allianz, and others) need a police FIR, not just the NCRP receipt. The receipt is acceptable as first notification of loss to satisfy the policy's 7-day reporting clause, but the final claim needs the FIR and a closure or status report from the cyber cell.
Usually no, for privacy reasons. The cyber cell sees both sides. You see only the partial UPI ID or last 4 digits you originally typed. If a chargeback or civil recovery suit later happens, the receiver details are disclosed in court documents. The NCRP portal will not reveal them on the dashboard.
“Forwarded to cyber cell” means the case has been routed but no officer has picked it up. “Under investigation” means an officer is now assigned. Between the two, the case sits in a queue. If you stay on “Forwarded” for more than 10 working days, escalate to the state cyber crime nodal officer.
Yes if the loss is significant. NCRP triggers the lien at the receiver bank within hours. The local police FIR enters CCTNS and is needed for insurance, employer reimbursement, and any later prosecution. Carry your NCRP acknowledgement to the police station, many station-house officers now know the workflow and will register an FIR linked to the NCRP number.
</content> </invoke>