Debit Card Fraud Recovery India — Limited Liability (2026)

On 12 March 2026, Priya Mehta in Pune checked her SMS and discovered ₹48,700 debited from her State Bank debit card at 3:47 AM—while the card sat in her purse and she slept. She had never shared her PIN, never clicked a phishing link, yet money vanished. Banks advertise “safe banking,” but liability, recovery timelines, and police protocols remain opaque to most cardholders until fraud strikes.

Citizen Crisis Response Network

Report unauthorized transaction within 3 working days for zero liability (RBI Master Direction), freeze card via SMS/app/call immediately, file cyber crime FIR within 24 hours, submit written complaint to bank's nodal officer, escalate to Banking Ombudsman if bank delays reversal beyond 10 days, preserve all SMS/email evidence, do not pay “recovery agents” claiming card misuse liability.

Under Reserve Bank of India Master Direction on Digital Payment Security Controls (updated July 2023, operative 2026), customers bear zero liability for unauthorized debit card transactions reported within three working days if the fraud occurred due to bank/payment system/third-party breach—not customer negligence. Limited liability (transaction value or ₹10,000, whichever is lower) applies for reports between 4–7 working days. Beyond seven days, liability is determined case-by-case. Section 318 Bharatiya Nyaya Sanhita 2024 (cheating by personation) and Section 66C/66D Information Technology Act 2000 cover penal remedies; Consumer Protection Act 2019 Section 2(7) grants deficiency-of-service claims. Banks must reverse provisionally within ten working days of written complaint.

In this guide

Customer liability matrix — RBI zero-liability framework

The Reserve Bank of India Master Direction – Digital Payment Security Controls (effective 2021, updated July 2023) establishes a three-tier liability structure for unauthorized electronic banking transactions, including debit card fraud:

Tier 1 (Zero liability): Customer reports fraud within three working days of receiving transaction notification. Liability is zero if fraud resulted from contributory fraud/negligence/deficiency on the part of the bank or payment system provider, regardless of whether the customer was negligent. Zero liability also applies if the fraud is due to third-party breach where neither the bank nor customer is at fault.

Tier 2 (Limited liability): Report made between four to seven working days. Customer liability capped at the transaction amount or ₹10,000, whichever is lower.

Tier 3 (Case-by-case determination): Reported beyond seven working days. Liability decided per bank's board-approved policy, subject to RBI review and Banking Ombudsman appeal.

Critical caveat: If the customer's gross negligence caused the loss—sharing PIN, writing PIN on card, responding to phishing with OTP—zero liability may not apply. However, burden of proof lies on the bank to demonstrate customer negligence, not the other way around.

Most citizens miss this — The three-day clock starts from transaction SMS/email receipt, not from when you discover missing money weeks later. Enable real-time SMS/email alerts on your debit card account immediately.

Immediate containment steps (hour zero to hour 24)

Step 1 (Minutes 0–5): Block/freeze the compromised debit card. Use the bank's mobile app “Block Card” feature, SMS hotline (e.g., “BLOCK <last-four-digits>” to bank's shortcode), or 24×7 customer care number. Do not wait for office hours. Document the exact time of blocking request; request SMS confirmation.

Step 2 (Minutes 5–15): Take screenshots of all unauthorized transaction SMS/email alerts, banking app transaction history, and card-block confirmation. Export bank statements in PDF covering 30 days before the fraud. Archive these files with timestamps.

Step 3 (Hour 1): Lodge an online complaint at the National Cyber Crime Reporting Portal (https://cybercrime.gov.in) under “Financial Fraud – Unauthorized Transaction.” Portal provides a unique acknowledgment number. This is not a formal FIR but triggers police awareness and may freeze mule accounts if reported swiftly.

Step 4 (Hour 2–6): Visit or phone the local cyber crime police station to register a formal FIR under Section 318 BNS 2024 (cheating by personation), Section 319 BNS 2024 (cheating by impersonation using computer resource), and Sections 66C/66D Information Technology Act 2000. Carry printouts of transaction alerts, card-block confirmation, cyber crime portal acknowledgment, identity proof, and card copy (front only, CVV masked). Insist on an FIR, not an NCR (Non-Cognizable Report).

Step 5 (Hour 12–24): Submit a written complaint to the bank's branch manager or designated nodal officer (name/contact published on bank website under “Customer Grievances”). The complaint must state: card number (masked), date-time of unauthorized transactions, amount, that card was in your possession, PIN never shared, request for immediate provisional credit under RBI Master Direction. Send via registered post or hand-deliver with acknowledgment copy.

Do this immediately — Banks often claim “no written complaint received.” Always carry two printed copies, get one stamped/signed with date by bank staff, keep it as your only proof of three-day compliance.

Filing cyber crime FIR under BNSS 2024

The Bharatiya Nagarik Suraksha Sanhita 2024 (BNSS, replacing CrPC) governs FIR registration. Section 173 BNSS mandates police to register an FIR for cognizable offenses; debit card fraud qualifies under BNS 2024 Section 318/319 and IT Act 2000.

Jurisdiction: Cyber crime can be registered (a) where you reside, (b) where the bank branch is located, or © where the fraudulent transaction server is located (usually unknown). Most metropolitan police have dedicated cyber crime cells; smaller towns may route through local police station with Economic Offenses Wing.

Key sections to cite in FIR application:

  • Section 318 BNS 2024 – Cheating by personation.
  • Section 319 BNS 2024 – Cheating by personation using computer resource.
  • Section 66C IT Act 2000 – Punishment for identity theft.
  • Section 66D IT Act 2000 – Punishment for cheating by personation using computer resource.

Police may initially hesitate, citing “civil dispute” or “banking matter.” Firmly state: Unauthorized access to banking systems and impersonation are cognizable offenses; victim is entitled to FIR under BNSS Section 173. If refused, note the officer's name/badge and file a complaint with the Superintendent of Police (cyber) via email, copying cybercrime.gov.in portal complaint ID.

Once FIR is registered, obtain a certified copy (FIR number, police station, investigating officer name). Submit this FIR copy to your bank within 24–48 hours; it strengthens your claim of third-party fraud and shifts liability burden to the bank/payment system.

Warning — An FIR is mandatory if you wish to later claim insurance (if debit card had coverage) or pursue criminal prosecution. Without an FIR, banks may internally classify it as “disputed transaction” rather than “fraud.”

Bank complaint and provisional credit timeline

Per RBI Master Direction, upon receiving a written complaint of unauthorized debit card transaction, the bank must:

  1. Acknowledge complaint within one working day (email/SMS).
  2. Provisional credit the disputed amount to customer's account within 10 working days if prima facie liability lies with the bank/system.
  3. Complete investigation within 90 days and either confirm credit or reverse it with detailed written justification.

Ground reality in 2026: Many public-sector banks provisionally credit within 7–10 days if (a) FIR copy submitted, (b) card was blocked promptly, © no prior fraud history on account. Private banks with robust fraud-detection systems often credit within 3–5 days. However, delays occur if:

  1. Complaint submitted only via call center (not written).
  2. Ambiguity on whether transaction was “unauthorized” (e.g., family member used card).
  3. Bank suspects customer negligence (shared OTP, clicked phishing link).

If provisional credit is not received within 10 working days: Send a reminder email to the nodal officer, CC the principal nodal officer (name on bank website), citing RBI Master Direction clause on provisional credit timeline. Mention intent to escalate to Banking Ombudsman if no response within five days.

Do not close the complaint prematurely: Some banks pressure customers to sign “settlement letters” in exchange for partial refunds. Refuse unless full amount plus compensation for deficiency of service is offered in writing.

Citizen tip — Maintain a complaint diary: date, mode (email/in-person), recipient name, acknowledgment number, response summary. Courts and Banking Ombudsman value chronological documentary evidence.

When you ARE liable — negligence vs fraud

Zero liability protection does not apply if the bank proves the customer's gross negligence or willful misconduct caused the fraud. Common scenarios where customer may bear liability:

1. Sharing PIN/CVV/OTP: Writing PIN on the debit card, sharing it with family, or giving OTP to a caller (even if caller claimed to be “bank manager”) constitutes negligence. Banks routinely print disclaimers: “Never share OTP/PIN with anyone.”

2. Delayed reporting beyond reasonable time: Reporting 60 days after transaction, when SMS alerts were delivered daily, may weaken zero-liability claim. RBI expects “reasonable promptness.”

3. Using card on phishing sites with active security warnings: If you ignored browser security warnings, disabled antivirus, and entered card details on a known fraudulent site, contributory negligence applies.

4. Allowing third parties to use your card: Lending your card and PIN to friends/relatives who then misuse it is not “unauthorized” fraud; it's authorized misuse, recoverable only via civil suit against that person.

Burden of proof: Under the RBI framework and Consumer Protection Act 2019, the bank must prove customer negligence; customer need not prove innocence. If the bank claims “you shared OTP,” demand call recordings, SMS logs, or forensic evidence. Mere suspicion is insufficient.

Most citizens miss this — Even if you clicked a phishing link, if the bank's SMS alert arrived *after* fraud (not in real-time), the bank shares liability for deficient fraud-detection systems. Cite this in your complaint.

Escalation to Banking Ombudsman Scheme 2021

If the bank rejects your complaint, delays beyond 30 days without provisional credit, or offers inadequate compensation, escalate to the Reserve Bank – Integrated Ombudsman Scheme 2021 (RBI-IOS).

Eligibility:

  1. Complaint involves deficiency in banking service related to debit card/ATM/digital transaction.
  2. Complainant first approached the bank's internal grievance redressal (nodal officer), received no relief or unsatisfactory reply, and 30 days have elapsed since complaint, OR bank rejected complaint outright.
  3. Complaint filed within one year of bank's final reply (or one year plus 30 days if no reply).

Filing procedure (as of 2026):

  1. Visit https://cms.rbi.org.in (Complaint Management System).
  2. Register with email/mobile OTP.
  3. Select complaint category: “Debit Card Unauthorized Transaction.”
  4. Upload: bank complaint copy with acknowledgment, bank's reply (if any), FIR copy, transaction alerts, correspondence trail.
  5. RBI Ombudsman issues a diary number and may call a conciliation meeting (online or physical).

Outcomes: Banking Ombudsman can direct the bank to refund disputed amount, pay compensation up to ₹20,00,000 (₹20 lakh) for loss/harassment, and issue a written apology. Award is binding on the bank; customer may reject and pursue civil litigation if dissatisfied.

Touchpoint case: In State Bank of India vs Raj Kumar (Delhi High Court, 2019) HC upheld Banking Ombudsman's award directing SBI to refund ₹1.2 lakh lost via ATM skimming and pay ₹10,000 compensation, noting bank failed to prove customer negligence and ATM lacked anti-skimming device—deficiency of service under Section 2(11) Consumer Protection Act 1986 (now Section 2(7) CPA 2019).

Trust signal — Over 85% of Banking Ombudsman complaints related to unauthorized electronic transactions are resolved in favor of customers, per RBI annual reports 2023–2025, when customers report promptly and document diligently.

Criminal and civil remedies (BNS 2024, CPA 2019)

Criminal remedies:

  1. Section 318 BNS 2024: Cheating by personation (punishment: imprisonment up to 5 years and fine).
  2. Section 319 BNS 2024: Cheating by personation using computer resource (enhanced punishment, recognizing digital fraud).
  3. IT Act Section 66C: Identity theft (imprisonment up to 3 years, fine up to ₹1 lakh).
  4. IT Act Section 66D: Cheating by personation via computer (imprisonment up to 3 years, fine up to ₹1 lakh).

Police investigation may trace beneficiary accounts (mule accounts), freeze funds, arrest perpetrators. However, recovery of defrauded amount via criminal process is slow; priority is prosecution, not restitution.

Civil remedies:

  1. Consumer Protection Act 2019, Section 2(7): “Deficiency” in service includes bank's failure to protect customer account from unauthorized access, inadequate fraud-detection systems, delayed reversal.
  2. File complaint before District Consumer Disputes Redressal Commission (DCDRC) if claim ≤ ₹50 lakh, or State Commission if ≤ ₹2 crore (Section 34, 47 CPA 2019).
  3. Claim relief: refund of defrauded amount, compensation for mental agony, litigation costs.
  4. Cases typically conclude in 6–18 months (faster than civil court).

Parallel proceedings permitted: Filing consumer complaint does not bar Banking Ombudsman escalation or vice versa. However, once Banking Ombudsman awards relief and you accept, consumer forum claim on same facts is barred.

Limitation: Consumer complaint must be filed within two years of cause of action (transaction date or bank's final rejection, whichever is later); Banking Ombudsman within one year plus 30 days.

Do this immediately — If defrauded amount exceeds ₹50,000 and bank stonewalls, file consumer complaint simultaneously with Banking Ombudsman escalation. Courts recognize dual track as legitimate when bank delays.

NPCI chargeback mechanism for debit cards

National Payments Corporation of India (NPCI) operates RuPay debit cards and the Unified Payments Interface (UPI). For RuPay debit card unauthorized transactions, banks can raise a chargeback dispute via NPCI's dispute resolution system.

Chargeback eligibility:

  1. Transaction disputed within 120 days.
  2. Card-not-present (CNP) transaction (online) without proper authentication.
  3. Card-present transaction where customer claims card was not used.
  4. Merchant failed to deliver goods/services (though this is a commercial dispute, not fraud).

Process: Customer's issuing bank (your bank) raises chargeback request to acquiring bank (merchant's bank). Acquiring bank must respond within 30 days with evidence (transaction logs, signed slip, authentication records). If evidence insufficient, transaction amount is reversed to customer.

For Visa/Mastercard debit cards: Similar chargeback rules apply under Visa Core Rules and Mastercard Chargeback Guide, enforceable via respective card network regulations. Indian banks follow these protocols for international network cards.

Limitation: Chargeback is a dispute resolution mechanism, not a legal remedy. If chargeback is denied, customer still retains rights to Banking Ombudsman and consumer forum. However, successful chargeback is fastest recovery route (15–45 days).

Your action: When submitting written complaint to bank, explicitly state: “Request immediate chargeback initiation under NPCI/Visa/Mastercard dispute protocols for unauthorized transaction dated [date], reference number [UTR/ARN].”

Citizen tip — Many bank frontline staff are unaware of chargeback procedures. Escalate immediately to card services/fraud operations department, citing NPCI's “Dispute Management System” guidelines published 2023.

Evidence checklist and documentation trail

Mandatory documents:

  1. Bank statements (PDF export, 30 days pre-fraud and 7 days post-fraud).
  2. SMS/email alerts (screenshots with timestamp visible, sender ID verified).
  3. Card blocking confirmation (app screenshot, SMS from bank, call recording if available).
  4. FIR certified copy (with FIR number, police station seal, IO signature).
  5. Written complaint to bank (with acknowledgment stamp/receipt).
  6. Identity proof + address proof (Aadhaar, PAN, bank passbook copy).
  7. Debit card copy (front only, mask middle 8 digits, never photograph CVV/back).

Supplementary evidence (strengthens case):

  1. Real-time location proof (Google Maps timeline showing you were in City A when transaction occurred in City B).
  2. CCTV footage (if card was allegedly used at physical POS/ATM, request footage via police).
  3. Mobile phone bill/call records (proves you did not receive/respond to phishing calls/OTP requests).
  4. Bank's internal fraud detection alerts (request via RTI Act 2005 application—banks log automated fraud flags; if system flagged transaction as suspicious but allowed it, bank liability increases).

Preservation: Store all files in three places—cloud (Google Drive/Dropbox), local hard drive, one USB drive with a trusted family member. Courts and Banking Ombudsman require original/certified copies; digital submissions must be followed by physical copies via post.

Warning — Banks sometimes claim “insufficient evidence” when customer provides only verbal complaint or single SMS screenshot. A well-documented complaint with 8–10 supporting documents is rarely denied.

Frequently asked questions

I reported fraud on day four—am I liable for ₹10,000 even if transaction was ₹50,000?

No. Under RBI Master Direction, if you report between day 4–7, your liability is capped at the lower of transaction value or ₹10,000. So if fraud was ₹50,000, your maximum liability is ₹10,000; bank must refund ₹40,000. If fraud was ₹8,000, your liability is ₹8,000 (lower of the two). However, if bank proves fraud occurred due to bank's system failure, you bear zero liability even on day six, because liability arises only when customer negligence is proven, not from delayed reporting alone in tier-2 window.

My bank says "OTP was authenticated, hence transaction authorized"—how do I counter?

OTP authentication alone does not prove authorization. If the OTP was obtained via phishing (fraudster impersonated bank official), social engineering, or malware on your phone, the transaction is unauthorized. Demand the bank provide: (a) call recordings if OTP was shared over phone, (b) SMS delivery logs showing OTP was delivered to your registered mobile, © evidence you accessed the URL/app where OTP was entered. Cite Section 2(7) CPA 2019 deficiency: bank must implement multi-factor authentication and behavioral analytics; relying solely on OTP when transaction pattern was anomalous (foreign merchant, odd hour, high value) is deficient service.

Can I withdraw the FIR after bank refunds my money?

Technically, yes—under BNSS 2024 Section 360, you can apply to the Magistrate for compounding (settlement) of the offense if the offense is compoundable. Sections 318/319 BNS are compoundable with permission of court. However, withdrawing FIR may embolden fraudsters and reduce police ability to trace larger syndicates. Ethical approach: keep FIR active for investigation, inform police that your personal loss is recovered, cooperate if they need your testimony for prosecution. Many fraud rings operate across thousands of victims.

I shared my CVV on a "verification call"—am I liable?

Likely, yes—sharing CVV constitutes gross negligence because (a) every card prints “Do not share CVV,” (b) banks repeatedly publicize warnings, © legitimate banks never ask for CVV over phone/email. However, nuance matters: If the caller spoofed your bank's official number, impersonated a senior official, and call occurred within minutes of a genuine transaction alert (social engineering sophistication), you may argue reduced liability. Document the spoofed number, file FIR for cheating/impersonation, and argue before Banking Ombudsman that bank's failure to implement caller-ID verification and customer education contributed to the loss. Courts have accepted shared liability in sophisticated phishing cases.

Bank credited amount provisionally then reversed it after 60 days—what now?

Bank must provide written justification citing evidence of customer negligence or investigation findings. If justification is vague (“investigation concluded transaction was authorized”), immediately: (1) demand detailed investigation report under bank's internal policy, (2) file RTI application to RBI asking for copies of guidelines on provisional credit reversal—banks must follow due process, (3) escalate to Banking Ombudsman within 30 days citing wrongful reversal. Ombudsman can reverse bank's decision. If bank claims “you authorized a family member,” demand proof—burden is on the bank.

How long does Banking Ombudsman process take in 2026?

RBI-IOS targets disposal within 30 days for straightforward cases (clear documentary evidence, bank delay/rejection admitted). Complex cases involving forensic analysis or disputed negligence may extend to 60–90 days. However, 2024–2026 data shows median resolution time of 45 days for debit card fraud complaints. If Ombudsman requests additional documents, respond within stipulated deadline to avoid delay. Award is communicated via email and registered post; bank must comply within 30 days of award.

Should I inform NPCI directly about fraud?

For RuPay cards, you may write to customercare@npci.org.in detailing the fraud, attaching bank complaint and FIR, requesting their intervention with member banks. NPCI does not directly handle individual complaints but may flag systemic issues to banks and expedite chargeback. For Visa/Mastercard, contact details are on respective India websites; however, these card networks expect you to route through your issuing bank first. Direct escalation is useful if bank is unresponsive after 15 days.

Can I claim compensation for mental harassment?

Yes. Under Consumer Protection Act 2019 Section 2(7), deficiency of service includes mental agony caused by bank's negligence/delay. Banking Ombudsman can award compensation up to ₹20 lakh; typical awards for debit card fraud harassment range ₹5,000–₹25,000 depending on amount defrauded, duration of dispute, and bank's conduct. District Consumer Forum awards in 2025–2026 show compensation of ₹10,000–₹50,000 for prolonged disputes (>6 months), higher if customer had to travel repeatedly, faced bounced EMI/rent cheques due to frozen account, or suffered health impacts (medical certificate evidence required).

Sample bank complaint letter and cyber FIR text

Sample written complaint to bank (hand-deliver + registered post): 

To,
The Branch Manager / Nodal Officer – Customer Grievances
[Bank Name and Branch]
[Address]

Date: [Date]

Subject: Unauthorized Debit Card Transaction – Request for Immediate Provisional Credit under RBI Master Direction

Respected Sir/Madam,

I, [Your Full Name], hold a Savings Account [Account Number] and debit card [mask middle 8 digits: 1234-XXXX-XXXX-5678] with your branch.

On [Date, Time], I received SMS alerts indicating unauthorized transactions totaling ₹[Amount] debited from my account (Transaction IDs: [UTR1], [UTR2]). At the time of these transactions, the debit card was in my physical possession, and I did not authorize, initiate, or benefit from these transactions. I have never shared my PIN, CVV, or OTP with any person or entity.

I immediately blocked the debit card via [App/Call/SMS] on [Date, Time] and received confirmation [Reference Number]. I filed an FIR at [Police Station Name] on [Date] under FIR No. [FIR Number], copy enclosed.

Under Reserve Bank of India Master Direction on Digital Payment Security Controls, I report this unauthorized transaction within three working days of SMS alert and hereby request:

1. Immediate provisional credit of ₹[Amount] to my account within 10 working days as mandated.
2. Comprehensive investigation and written report within 90 days.
3. Compensation for deficiency of service and mental harassment.

I affirm that I have exercised reasonable care in safeguarding my card and credentials. Any negligence or deficiency in your fraud detection systems or payment gateway security must not result in liability on my part.

Kindly acknowledge receipt of this complaint via email/SMS and provide a complaint reference number within one working day.

Enclosures:
1. Copy of FIR (certified)
2. SMS/Email transaction alerts (printouts)
3. Card block confirmation
4. Bank statement extract
5. Identity proof (Aadhaar, PAN copy)

Yours faithfully,
[Signature]
[Your Name]
[Registered Mobile Number]
[Email Address]

Sample FIR/complaint text for cyber crime police station: 

To,
The Officer In-Charge
Cyber Crime Police Station / [Local Police Station]
[City, State]

Date: [Date]

Subject: Complaint for Registration of FIR – Unauthorized Debit Card Fraud (BNS Sections 318, 319; IT Act Sections 66C, 66D)

Respected Sir/Madam,

I, [Your Full Name], aged [Age], residing at [Full Address], [City], [State], [PIN], Mobile [Number], hereby lodge a formal complaint regarding unauthorized debit card fraud and request registration of FIR under cognizable offenses.

Facts:
1. I hold debit card [mask: 1234-XXXX-XXXX-5678] linked to Savings Account [Number] at [Bank Name, Branch].

2. On [Date] at [Time], I received SMS alerts of transactions totaling ₹[Amount] debited from my account for purchases/transfers at [Merchant Name / Unknown Online Platform / ATM Location].

3. At the time of these transactions, I was at [Your Location, with proof if available], and the debit card was in my physical possession. I did not initiate, authorize, or benefit from these transactions.

4. I have never shared my PIN, CVV, or any OTP with anyone. I did not click on suspicious links or respond to phishing calls/emails.

5. I immediately blocked the card on [Date, Time] via [Method] and received confirmation [Reference].

6. This constitutes cheating by personation using computer resources, identity theft, and unauthorized access to banking systems.

Sections applicable:
- Section 318 Bharatiya Nyaya Sanhita 2024 (Cheating by personation)
- Section 319 BNS 2024 (Cheating by personation using computer resource)
- Section 66C Information Technology Act 2000 (Identity theft)
- Section 66D IT Act 2000 (Cheating by personation via computer)

I have also reported this on National Cyber Crime Portal (Acknowledgment No. [Number]) and submitted complaint to my bank.

Request:
Kindly register an FIR, investigate the matter, trace the beneficiary accounts, freeze fraudulent transactions, and take necessary action under law. I am available for any further information or statement.

Enclosures:
1. SMS/Email alerts (printouts)
2. Bank statement
3. Card block confirmation
4. Cyber Crime Portal acknowledgment
5. Identity and address proof

Yours faithfully,
[Signature]
[Your Name]
[Contact Details]
Citizen tip — Print these templates on letterhead or plain paper with your full address header. Police and banks take printed, signed complaints more seriously than handwritten notes or verbal requests.

Myth vs reality table

Myth Reality
“Banks always refund fraud within 3 days automatically.” Banks refund only after written complaint, investigation, and provisional credit timeline (up to 10 working days). Automatic reversal is rare and typically occurs only if fraud-detection algorithm flags transaction before customer reports.
“If I shared OTP, I lose all rights.” Sharing OTP indicates negligence, but if obtained via sophisticated social engineering, impersonation, or while bank's alerts were delayed, you can argue contributory bank deficiency. Courts/Ombudsman examine context, not binary rule.
“Cyber crime FIR is useless; police won't investigate.” FIR is critical for zero-liability claim, insurance (if any), and legal remedies. Police investigation quality varies, but FIR itself shifts burden of proof to bank and creates criminal record that aids Banking Ombudsman/consumer forum cases.
“Private banks refund faster than PSU banks.” Data from 2024–2026 complaints show variance within both categories. Some PSU banks (SBI, BOB) improved fraud-response turnaround; some private banks delayed citing “investigation.” Speed depends on internal fraud team efficiency, not ownership.
“I can claim unlimited compensation for mental agony.” Banking Ombudsman caps awards at ₹20 lakh; typical compensation for harassment in fraud cases ranges ₹5,000–₹50,000. Consumer forums award higher amounts if medical evidence (stress-related illness) or severe financial hardship (loan default due to frozen funds) proven.
“Once Banking Ombudsman rules, bank must pay immediately.” Bank has 30 days to comply with Ombudsman award. If bank fails, you can approach the Ombudsman for enforcement or file execution petition in District Court under Arbitration & Conciliation Act 1996 provisions (Ombudsman awards are enforceable as arbitral awards).