Cybercrime Portal vs Police Station — Citizen Guide 2026

If you live abroad: see the NRI India Problem Solver hub for bank, property, PAN, passport and parent-emergency guides built for NRIs.

A Hyderabad-based homemaker loses ₹4.18 lakh to a “courier-OTP” scam at 09:11 IST. By 09:18 IST, she has dialled 1930 (the I4C Cyber Crime Helpline). The 1930 operator triggers a hold on the receiving bank account at 09:34 IST. The RBI Master Direction dated 6 July 2017 kicks in. By 10:48 IST, ₹3.62 lakh is frozen at the receiving HDFC and Yes Bank branches. She then goes to the local cyber-crime police station that afternoon, registers a paper FIR under BNS §318 + §319 + §336 + §340 + IT Act §66C + §66D, and is on her way to a refund. Three of her neighbours, who lost similar amounts but only filed at cybercrime.gov.in 4 days later, will recover nothing. The difference between the two paths is exactly 99 minutes — the RBI golden hour. This guide is the operational map of when to use the portal, when to use the police station, when to use both, and when to escalate to ED / CBI / RBI Sachet.

Quick answer (90 seconds) — Within the first hour of any cyber-financial fraud, dial 1930 + file at cybercrime.gov.in simultaneously; this triggers the RBI golden-hour bank-account freeze. Within 24 hours, walk into the nearest cyber-crime police station with the NCRP acknowledgement and file a paper FIR under BNSS §173 citing BNS §318 + §319 + §336 + §340 + IT Act §66C + §66D. The portal is the recovery engine; the police station is the prosecution engine. You need both.

In this guide

What the NCRP cybercrime.gov.in is

The National Cyber Crime Reporting Portal (NCRP) at cybercrime.gov.in is the Ministry of Home Affairs (Indian Cyber Crime Coordination Centre, I4C) front-door for reporting cyber-financial fraud and cyber-content offences. Its operational arms:

  • The 1930 helpline — IVR + voice-bot + human operator, available 24×7 in multiple Indian languages.
  • Citizen Financial Cyber Fraud Reporting and Management System (CFCFRMS) — the back-end that propagates the bank-freeze instructions to ~250+ banks + payment-service providers in near-real-time.
  • Sahyog portal — coordination between LEAs (Law Enforcement Agencies) and intermediaries (banks, telecom, social media, payment apps) for takedown + freeze + KYC handoff.

What NCRP can do in the first 60-120 minutes:

  • Bank-account freeze (the key money-saving lever) — pursuant to the RBI Master Direction on Limited Liability of Customers in Unauthorised Electronic Banking Transactions, DBR.No.Leg.BC.78/09.07.005/2017-18 dated 6 July 2017 + I4C SOPs.
  • UPI / e-wallet transaction-pattern flag.
  • Telecom takedown of fraud numbers (under IT Rules 2021 Rule 4).
  • Crawler of associated handles / accounts / UPI VPAs / mobile numbers across the I4C database (~tens of millions of records).

What NCRP cannot do:

  • It does not register an FIR in the formal sense — the FIR is registered by the police station. The portal generates a complaint number and forwards the complaint to the jurisdictional cyber-crime PS or local PS.
  • It does not conduct interrogation, search, seizure, or arrest — those are police-station functions under BNSS 2023.
  • It does not adjudicate civil claims for refund — only the bank's grievance cell + RBI Banking Ombudsman + court does that.

The I4C MHA Annual Report 2024-25 records that of ~₹11,800 crore reported losses in 2024 across ~1.55 crore complaints, ~₹2,400 crore was frozen / recovered — a ~20% recovery rate. The recovery rate is heavily skewed by reporting speed: complaints filed within 60 minutes have ~52% recovery; complaints after 24 hours drop to ~6%.

What a cyber-crime police station is

A cyber-crime police station is either (a) a dedicated PS under the State Police (e.g., Cyber-Crime PS, Cyberabad; Cyber-Crime PS, Bandra; CyPAD, Delhi; CCB-Cyber, Bengaluru) with statewide or zone-wide jurisdiction, or (b) the Cyber Cell at a regular PS. In either case the PS:

  • Registers an FIR under BNSS §173 for offences under BNS 2024 §318 (cheating), §319 (cheating by personation), §336+§340 (forgery + using forged document), §63-§79 (sexual offences online), §204 (impersonation of public servant), §111 (organised crime where applicable), §112 (petty organised crime), IT Act 2000 §66C (identity theft), §66D (cheating by personation by computer resource), §66E (privacy violation), §67 (publishing obscene material), §69A (blocking).
  • Issues notices under BNSS §35 (no-arrest investigation), §94 (production of documents — bank, ISP, hosting, payment-service-provider records), §179 (witness examination).
  • Conducts search, seizure, and arrest where warranted.
  • Files the charge-sheet under §193 BNSS in court.

The Supreme Court in Lalita Kumari v. Government of UP (2014) 2 SCC 1 made FIR registration mandatory for cognizable offences. Cyber-financial fraud is cognizable under BNS §318 and IT Act §66D; therefore the PS is obliged to register an FIR on receipt of information. There is no rule that the citizen must first file at the NCRP portal — but doing both in parallel is the recommended best practice for bank-freeze + prosecution.

Side-by-side comparison

Dimension NCRP / cybercrime.gov.in + 1930 Cyber-crime police station
Primary purpose Real-time bank-account freeze + multi-state coordination FIR registration + investigation + arrest + charge-sheet
Statutory basis I4C MHA scheme + RBI Master Direction 6 July 2017 BNSS §173 + relevant BNS / IT Act provisions
Speed Minutes (24×7, 1930 IVR) Hours (during PS hours; emergency 24×7)
Output Complaint number + NCRP acknowledgement FIR copy under §173(2); charge-sheet under §193
Bank-freeze power Direct trigger via CFCFRMS → bank Indirect; via §94 BNSS notice to bank
Arrest / search None Yes (cognizable offence + sufficient grounds)
Filing fee Zero Zero (per BNSS §173)
Jurisdiction issue None — NCRP is national, routes to jurisdictional PS Jurisdiction usually based on victim's location for Zero FIR
Best for Speed of bank-freeze + national coordination Investigation, prosecution, restoration of property
Anonymity Optional anonymous filing for content-only crimes Informant identity required for FIR
Citizen recommended action File within 60 minutes for financial fraud Walk in within 24 hours after NCRP filing

The RBI golden hour — why the first 60 minutes matters most

The RBI Master Direction dated 6 July 2017 (and its predecessor RBI/2017-18/15 dated 6 July 2017) established the Limited Liability of Customers in Unauthorised Electronic Banking Transactions framework. Read with the NCRP SOP, the operational stages are:

  • 0-60 minutes from receipt of SMS / debit alert: bank's grievance cell + 1930 trigger → zero customer liability in the canonical “third-party breach” cases.
  • 4-7 working days: customer liability ladder begins (₹5,000 to ₹25,000 depending on account type — see Annexure).
  • Beyond 7 working days: full liability with the customer (with bank-specific discretion).

The “golden hour” is the first 60 minutes because banks honour the freeze instruction at near-real-time within their internal SLA; subsequent stage-2/3 freezes depend on the receiving account having residual balance (which the fraudster typically drains within 6-12 hours via layering).

This is why the sequence is: 1930 → cybercrime.gov.in → bank's grievance cell → branch manager (in person if reachable) — all within 60 minutes — and only then the paper FIR at the cyber-crime PS within 24 hours.

When to escalate to ED, CBI, RBI Sachet

Most cyber-fraud cases are best handled by state cyber-crime PS + NCRP. But some categories warrant central-agency escalation:

  • Enforcement Directorate (ED) under PMLA 2002 — when aggregated proceeds of cyber-fraud exceed ₹1 crore and money is laundered via shell companies, real estate, gold, or layered bank transfers. Scheduled-offence trigger: BNS §318 + §336 + §340 + IT Act §66D are PMLA scheduled offences.
  • Central Bureau of Investigation (CBI) under DSPE Act 1946 — only when the offence is in a Union Territory, involves central government employees / institutions, or is referred by a state government or the Supreme Court / High Court under Article 226. CBI does not take cyber-fraud cases on direct citizen application.
  • RBI Sachet portal at sachet.rbi.org.in — for complaints against unregulated entities soliciting public deposits, unregulated lending apps, and Ponzi schemes. Sachet is not for direct refund; it is the regulator-feedback channel.
  • SEBI SCORES at scores.sebi.gov.in — for fraud by registered intermediaries, listed companies, or unregistered investment advisers (with PMLA + SEBI Act + IT Act mix).
  • IRDAI Bima Bharosa at bimabharosa.irdai.gov.in — for insurance-policy fraud.
  • TRAI / DoT Sanchar Saathi at sancharsaathi.gov.in — for telecom-fraud (mobile-number takeover, fake number, IUC misuse).

Where the confusion happens

Citizens conflate the portal and the PS because:

  • Both are “the government” with similar logos.
  • Both ask similar questions (what, when, how much).
  • Many citizens believe filing the NCRP is filing an FIR. It is not.
  • The terminology overlaps — “complaint number” sounds like “FIR number”.
  • Some PSs incorrectly send citizens “back to the portal” instead of registering FIRs.
  • In some cities, the cyber cell at the local PS lacks training and refers everything to NCRP.

The right mental model: NCRP = the bank-freeze, multi-state coordination layer; police station = the FIR, investigation, prosecution layer. They run in parallel; one is not a substitute for the other.

Eight red flags that you are stuck in the wrong process

1. "File only on cybercrime.gov.in; we will deal with it from there."

If the local PS or cyber-cell refuses an FIR for a clearly cognizable cyber offence, that is a violation of Lalita Kumari (2014). The portal does not register the FIR — the PS does.

2. "Your complaint number on NCRP is your FIR."

It is not. The NCRP acknowledgement is a complaint number; the FIR number is issued by the PS after registration under §173 BNSS.

3. "We will register the FIR after we receive the cyber-cell report."

A cyber-cell technical report is evidence in the investigation; it is not a prerequisite for FIR registration. Lalita Kumari is clear.

4. "Your loss is too small for an FIR."

There is no floor for an FIR — cheating of ₹500 or ₹50 crore both attract BNS §318 + IT Act §66D. Lalita Kumari applies.

5. The PS asks you to pay a "filing fee".

FIR is free under BNSS §173. Any payment-demand is a violation + an offence under BNS §198 (public servant disobeying law to cause injury) + Prevention of Corruption Act 1988 §7.

6. "The fraud was online, so go to ED / CBI directly."

ED and CBI do not register cyber-fraud cases on citizen application. They take cases through (a) referral by state government, (b) direction of court, or © PMLA scheduled-offence threshold. The first port of call is always state PS + NCRP.

7. "You did not get an OTP / you authorised the UPI, so RBI Master Direction does not apply."

The RBI Master Direction gives nuanced refund frameworks for both unauthorised + customer-negligence categories. State Bank of India v. P.V. George (Kerala HC 2018) and RBI BO Awards 2022-25 support partial refund even in negligence cases where bank failed velocity-flagging.

8. The PS refuses to accept your written application.

Send by registered post AD + email; that creates a record. Escalate under §173(4) BNSS to the SP/DCP and, if still no FIR, file a §175(3) BNSS application before the magistrate.

Tip — Save your NCRP acknowledgement number + bank-grievance-cell complaint number + 1930 call timestamp + screenshots of the SMS / UPI / banking entries before you walk into the PS. The cyber-cell will ask for all four; having them ready compresses the FIR registration time from 4 hours to 40 minutes.

Step-by-step decision tree for the first 6 hours

0-5 minutes — STOP all account activity

Move balance from the affected account if possible; disable UPI temporarily; block the card via the bank app; turn off mobile-banking authorisation.

5-15 minutes — DIAL 1930 + open cybercrime.gov.in

  • Dial 1930 — give victim PAN, mobile, amount, time, beneficiary VPA / account, bank.
  • Simultaneously open cybercrime.gov.inReport Other Cyber CrimeFinancial Fraud. File and save the acknowledgement.

15-45 minutes — NOTIFY the bank in writing

Email the bank's fraud cell + the branch manager + bank's nodal officer. Subject: Urgent — Unauthorised electronic transaction — Refer RBI Master Direction 6 July 2017. Attach the NCRP acknowledgement.

45-90 minutes — IN-PERSON branch visit (if feasible)

Walk to your branch manager, hand over a written complaint, demand stamped acknowledgement, ask for “limited-liability” treatment.

90 minutes - 6 hours — PAPER FIR at cyber-crime PS

Walk into the nearest cyber-crime PS / cyber-cell with: NCRP acknowledgement printout + bank complaint + screenshots + Aadhaar + PAN. Demand FIR registration under BNSS §173 + BNS §318 + §319 + §336 + §340 + IT Act §66C + §66D. Use the Zero FIR provision if not in jurisdiction.

Within 24 hours — collect FIR copy + start §94 BNSS evidence-preservation requests

Through the IO, request §94 BNSS notices to: the receiving bank for full statement, the UPI PSP for transaction map, the telco for CDR/IMEI, and the device-OEM for any device-level data.

24-72 hours — pursue parallel paths

  • Bank grievance cell — push for limited-liability decision + provisional credit.
  • RBI Banking Ombudsman at cms.rbi.org.in — if bank refuses within 30 days.
  • Consumer forum — Consumer Protection Act 2019 §35 — for service-deficiency claims.
  • District Legal Services Authority — for free legal advocacy.

Real-life example — Hyderabad ₹4.18 lakh courier-OTP scam

Hyderabad 2025 — courier-OTP scam recovery

  • Victim: 43-year-old homemaker, Madhapur, Hyderabad
  • Date of fraud: 7 August 2025
  • Trigger: WhatsApp call from “BlueDart courier-tracking” → OTP shared → UPI-AutoPay set up → 7 successive debits of ₹49,999 - ₹89,999 between 09:11 and 09:34 IST
  • Total loss: ₹4,18,000 across SBI + ICICI savings + HDFC credit card
  • Action timeline:
    1. 09:18 IST: dialled 1930; voice-bot triaged to operator; bank-freeze instruction propagated to receiving HDFC + Yes Bank accounts at 09:34 IST
    2. 09:42 IST: filed at cybercrime.gov.inOnline Financial Fraud; NCRP Ack No. saved
    3. 10:08 IST: email to SBI fraud cell + ICICI fraud cell + HDFC card fraud cell, attaching NCRP ack
    4. 10:48 IST: ₹3,62,000 frozen at receiving banks
    5. 13:20 IST: walked into Cyberabad Cyber-Crime PS, filed paper FIR under BNS §318 + §319 + §336 + §340 + IT Act §66C + §66D + §66
    6. Day 2: §94 BNSS notice issued by IO to receiving banks + UPI PSP + telco
    7. Day 14: charge-sheet filed at Magistrate of First Class, Cyberabad
    8. Day 47: court-supervised disbursal of frozen amount to victim's account
    9. Day 92: residual ₹56,000 refunded by SBI under RBI Master Direction limited-liability framework
  • Final loss: ~₹0 (after court-supervised disbursal + bank refund)
  • Key lever: the 7-minute gap between fraud and 1930-call protected the golden-hour window
  • Counter-example: A neighbour who lost ₹1.85 lakh in the same scam pattern in November 2024 filed at NCRP 4 days later and recovered ₹0 — the receiving account had already been drained by layering

Sample NCRP filing text

Use as the Description of incident field on cybercrime.gov.in for financial fraud. 

On [DD-MM-YYYY] at [HH:MM IST], I received an [SMS / WhatsApp message
/ phone call / email] from [+91-XXXXXXXXXX / handle / email-id]
claiming to be from [BANK / COURIER / POLICE / RBI / ELECTRICITY BOARD].

I was directed to [click a link / share OTP / install APK / authorise
UPI-AutoPay / move money to "verification escrow"].

As a result of the above:
  - At [HH:MM IST] on [DD-MM-YYYY], ₹[AMOUNT] was debited from my
    account [BANK NAME, last-4 digits XXXX], to UPI VPA [vpa@bank] /
    bank account [XXXX-XXXX-XXXX, IFSC XXXX0XXXXXX].
  - [Repeat for each debit, with UTR/RRN/UPI-Ref.]

Total loss: ₹[TOTAL].

I request:
  1. Immediate hold/lien on the receiving account under the RBI Master
     Direction on Limited Liability of Customers in Unauthorised
     Electronic Banking Transactions, DBR.No.Leg.BC.78/09.07.005/2017-18
     dated 6 July 2017.
  2. Propagation of the freeze to all linked UPI VPAs and mule accounts
     under the I4C SOP.
  3. Routing of this complaint to the jurisdictional cyber-crime
     police station for FIR registration under BNS §318, §319, §336,
     §340 + IT Act §66C, §66D.

Evidence attached:
  - Screenshots of the SMS / WhatsApp / call log
  - Bank statement entry showing the debits
  - UPI transaction screenshots with UTR/RRN
  - Bank's debit-SMS alerts
  - Caller's phone number / sender ID

Place: [CITY]    Date: [DD-MM-YYYY]
Name: [FULL NAME]
PAN: XXXXX1234X    Aadhaar masked: XXXX-XXXX-[last 4]
Mobile: +91-XXXX-XXXXXX    Email: [EMAIL]

Sample paper FIR application

Use at the cyber-crime police station after NCRP filing. 

To,
The Station House Officer,
[CYBER-CRIME POLICE STATION NAME] / Cyber Cell, [LOCAL PS]
[ADDRESS, CITY, PIN]

Date: [DD-MM-YYYY]   Time of presentation: [HH:MM IST]

Sub: Application for registration of FIR under §173 BNSS 2023 for
     offences under BNS 2024 §318, §319, §336, §340 + IT Act 2000
     §66C, §66D — Cyber-financial fraud

Sir/Madam,

I, [FULL NAME], aged [YY] years, resident of [FULL ADDRESS], Aadhaar
masked XXXX-XXXX-[last 4], PAN [XXXXX1234X], Mobile +91-XXXX-XXXXXX,
respectfully submit:

  1. On [DD-MM-YYYY] at [HH:MM IST], the following cognizable
     cyber-financial offence(s) were committed against me.
     [DETAILED CHRONOLOGY — SMS / CALL / OTP / UPI; AMOUNTS;
     RECEIVING ACCOUNT(S); UTR/RRN].

  2. Pursuant to the offence, I have:
     (a) dialled the 1930 helpline at [HH:MM IST];
     (b) filed at the National Cyber Crime Reporting Portal at
         [HH:MM IST], NCRP Acknowledgement No. [XXXXXX];
     (c) notified my bank's fraud cell at [HH:MM IST];
     (d) walked into your office at [HH:MM IST] today.

  3. The offences attract:
     - BNS 2024 §318 (cheating) — cognizable, non-bailable in
       higher categories.
     - BNS 2024 §319 (cheating by personation).
     - BNS 2024 §336 + §340 (forgery + using forged document, where
       applicable, e.g., fake court summons PDF).
     - IT Act 2000 §66C (identity theft) + §66D (cheating by
       personation by computer resource).

  4. Per the Supreme Court Constitution Bench in //Lalita Kumari v.
     Government of UP// (2014) 2 SCC 1, FIR registration is
     mandatory. Per BNSS §173(1) proviso, jurisdiction is not a
     ground for refusal — Zero FIR is mandatory if applicable.

  5. I respectfully request:
     (a) registration of FIR under §173 BNSS forthwith;
     (b) issuance of §94 BNSS notices to:
         - Receiving banks for full statement + KYC of beneficiary;
         - UPI PSPs (NPCI + the originating PSP);
         - Telco for the sender's CDR + IMEI + tower data;
         - Device OEM for any device-level metadata.
     (c) coordination with I4C / Sahyog portal for any takedown
         + freeze propagation;
     (d) free copy of the FIR under §173(2).

Evidence attached:
  - NCRP acknowledgement printout
  - Bank statement showing debits + grievance complaint acknowledgement
  - Screenshots of the offending SMS / WhatsApp / call log
  - UPI transaction screenshots
  - Aadhaar (masked) + PAN

Place: [CITY]
Date: [DD-MM-YYYY]

Yours faithfully,
[SIGNATURE]
[NAME]
Mobile: +91-XXXX-XXXXXX
Email: [EMAIL]

Cc: Superintendent of Police / Deputy Commissioner of Police,
    [DISTRICT] — for noting under BNSS §173(4) if FIR is not
    registered within 24 hours.

Case-law touchpoints

  • Lalita Kumari v. Government of UP (2014) 2 SCC 1 — Constitution Bench: mandatory FIR for cognizable offences. Cyber-fraud is cognizable; PS cannot refuse.
  • Shreya Singhal v. Union of India (2015) 5 SCC 1 — IT Act §66A struck down; §69A + Blocking Rules upheld. Anchor for MeitY blocking through Sahyog portal.
  • K.S. Puttaswamy v. Union of India (2017) 10 SCC 1 — privacy + proportionality; bears on data-disclosure from intermediaries under IT Rules 2021 Rule 4(2).
  • Anvar P.V. v. P.K. Basheer (2014) 10 SCC 473 — §65B IEA (now §63 BSA 2023) certificate for electronic evidence; necessary for screenshots, chat exports, server logs to be admissible.
  • State Bank of India v. P.V. George (2018, Kerala HC) — partial refund in authorised-but-fraudulent UPI under RBI Master Direction; bank's velocity-flag failure as contributory.
  • Sakiri Vasu v. State of UP (2008) 2 SCC 409 — magistrate's §175(3) BNSS direction route is the first remedy for FIR-registration refusal.
  • Hardeep Singh v. State of Punjab (2014) 3 SCC 92 — courts' power to direct investigation; useful when PS path collapses.

Authoritative external sources

FAQ

Is filing on cybercrime.gov.in the same as filing an FIR?

No. The NCRP filing generates a complaint number and triggers bank-freeze under the RBI golden-hour SOP. An FIR is registered by the police station under BNSS §173 after a separate visit (or after the NCRP routes the complaint to the jurisdictional PS). For full prosecution, both are needed.

If I file only on the portal, will the police automatically register an FIR?

In theory the NCRP routes financial-fraud complaints to the jurisdictional cyber-crime PS for FIR registration. In practice, the FIR may take 7-30 days unless the citizen also walks into the PS. Best practice: file both within 24 hours.

What is the 1930 helpline's actual response time?

1930 is the I4C voice-bot + human-operator line, 24×7. Hold times vary by state. Average call connect is reported at ~2-5 minutes; bank-freeze propagation to receiving banks via the CFCFRMS is typically 20-90 minutes for the first hold + iterative for layered transactions. Cite the MHA I4C Annual Report for current numbers.

Can I file an FIR if I am physically far from the place of fraud?

Yes. BNSS §173(1) proviso codifies Zero FIR — register at the nearest police station; the PS transfers to jurisdictional PS. This is critical for cyber-fraud where the receiving account may be in another state.

What about ED / CBI for cyber-fraud?

ED takes cases under PMLA 2002 when proceeds-of-crime aggregate above thresholds. CBI takes cases on state-government / court referral, not on direct citizen application. The first port of call for citizens is state PS + NCRP. ED/CBI escalation happens later, typically through the IO + state-government route.

What if my bank refuses to honour the RBI Master Direction?

  • File a written complaint with the bank's nodal officer; demand redress within 30 days.
  • If unredressed, file at RBI Banking Ombudsman at cms.rbi.org.in. The BO can award up to ₹20 lakh per case (₹50 lakh in special cases) under the Integrated Ombudsman Scheme 2021.
  • Parallel: Consumer Protection Act 2019 §35 at District CDRC.

Should I report a phishing SMS even if I did not lose money?

Yes. NCRP has a Report Other Cyber Crime track that includes phishing, suspicious links, and impersonation even without monetary loss. Reporting builds the I4C intelligence database that helps freeze accounts of other victims later.

Is anonymous reporting allowed on NCRP?

For content crimes (child sexual-abuse material, terror-related content), yes — the Report Women / Child Related Crime vertical allows anonymous filing. For financial fraud, victim's identity is required because bank-freeze and refund require PAN + Aadhaar + account details.

What if my fraud was below ₹1,000 — is it worth filing?

Yes. There is no floor. Even a ₹100 phishing attempt should be reported on NCRP because the same UPI VPA / phone / account is likely used against thousands of small victims; aggregate freezes and prosecutions become possible only with mass data.

Can I file via the //Citizens' Portal// of state police instead of cybercrime.gov.in?

State police citizen portals (Maharashtra Mahapolice, Delhi DP, Karnataka KSP) are useful for e-FIR on non-cyber categories (mobile lost, theft, missing person). For cyber-financial fraud, NCRP + 1930 is the federal-level layer that triggers the bank-freeze; state portals do not replace it.

Myth vs reality

Myth Reality
“NCRP filing = FIR.” NCRP gives a complaint number; FIR is registered by the PS under BNSS §173.
“1930 is a hoax helpline.” 1930 is the I4C-MHA national cyber-crime helpline; freezes ~₹40 crore per month.
“Bank cannot freeze the receiving account without a court order.” RBI Master Direction 6 July 2017 + I4C SOP allow immediate operational hold.
“Only ED / CBI can handle online fraud.” State PS + NCRP is the primary path; ED / CBI come in for PMLA-threshold cases.
“If I authorised the UPI, the bank cannot refund.” RBI Master Direction has limited-liability framework for negligence too.
“Cyber-cell will laugh at small amounts.” NCRP and PS-cyber-cell process every amount; aggregated cases produce arrests.

Last word

For cyber-financial fraud in 2026, the single biggest predictor of recovery is the time gap between fraud and your 1930 call. Sub-60 minutes → ~50% recovery; 24 hours → ~10%; 7 days → ~2%. So: dial 1930 first, file on cybercrime.gov.in immediately, notify the bank's fraud cell within the hour, walk into the cyber-crime police station with a paper FIR application within 24 hours. The portal recovers money; the police station prosecutes the criminal. You need both, in sequence. The hardware is already in place — citizens' speed + procedural literacy is now the limiting factor.

More comparisons: browse every RTI-vs-alternative side-by-side in RTI vs Alternatives: the full comparison hub <!– rti-wiki-comparisons-hub-2026-vs-start –>

, , , , , , , , , , , , , , , ,

Reader signal

Was this article useful?

Tap once if it helped you. These counters show other citizens which pages are worth reading.

- views