Fake Customer Care Number Scam India (2026)

On 12 February 2026, Priya Deshmukh of Pune Googled “HDFC Bank customer care” to block her debit card after a suspicious SMS. The top paid ad displayed 1800‑XXX‑8877. A polite agent collected her card details, OTP, and within four minutes ₹1.87 lakh vanished from her savings account. Priya had dialled not HDFC but a call‑centre operated by a syndicate in Jharkhand that bought Google Ads slots to impersonate twenty banks, insurance firms, and telecom operators.

Citizen Crisis Response Network
Document every digit, voice recording if possible, Google ad screenshot with timestamp, bank SMS trail, UPI transaction IDs, first FIR within 24 hours under BNS 2024 §318(4)/319(3), BNSS §173 cognisable complaint, freeze suspect bank accounts via cybercrime.gov.in portal, cc nodal officer + NPCI if UPI involved, preserve originating telecom CDR through written RTI if police delay, claim ₹10 lakh consumer compensation under CPA 2019 if bank/telecom negligence contributed, escalate ombudsman within 30 days, notify TRAI if number masking involved, track FIR via CCTNS citizen portal, reply to all bank liability notices immediately citing RBI Master Direction 2017 zero‑liability window.

Fake customer care number scams lure victims through paid search ads, fraudulent websites, and SMS campaigns that mimic legitimate helplines of banks, telecom operators, and e‑commerce platforms. Once you dial, the scammer extracts card details, OTPs, or remote‑access credentials and drains linked accounts. Legal recourse includes filing an FIR under BNS 2024 §318(4) (cheating by personation) and §319(3) (cheating by dishonest inducement) via BNSS 2024 §173 within 24 hours, freezing suspect accounts through the National Cyber Crime Reporting Portal (cybercrime.gov.in), and pursuing consumer compensation under the Consumer Protection Act 2019 if the bank or telecom service provider failed reasonable due diligence. Speed is non‑negotiable: every hour lost reduces recovery probability by 18 per cent according to January 2026 I4C data.

• How the fake customer care number scam works in 2026
• Legal framework: BNS 2024, BNSS 2024, IT Act 2000, CPA 2019
• Immediate steps if you dialled a fake helpline
• Filing your FIR and cyber crime complaint (BNSS §173)
• Bank liability and zero-liability window under RBI norms
• Telecom and advertising platform accountability
• Case law and regulatory touchpoints
• Prevention checklist and red flags
• Recovery mechanisms: ombudsman, consumer forums, civil suits
• Frequently asked questions
• Sample FIR text and legal notice
• Myth vs reality table

The funnel. Fraudsters purchase Google Ads, Facebook sponsored posts, or bulk SMS campaigns using stolen credit cards. Keywords bid on include “bank customer care,” “[company name] complaint number,” “toll‑free helpline.” The ad displays a ten‑digit number—sometimes one digit off the genuine helpline—or a look‑alike URL (e.g. hdfcbank‑care.com).

First contact. You dial. An IVR mimics the bank's voice menu. A human operator answers, often addressing you by first name harvested from data leaks. He cites your last transaction or card's last four digits to build trust.

The ask. He claims unusual activity, pending KYC update, reward points expiry, or SIM block. He “confirms” your card number, CVV, expiry, then sends you an “authentication OTP” via SMS. That OTP is the actual debit authorisation; entering it hands him full control.

The drain. Within seconds UPI auto‑debit, IMPS, or card‑not‑present transactions empty your account. High‑value transfers move to mule accounts in tier‑3 cities, then to crypto wallets or hawala channels.

Post‑drain. The number goes dead. Google Ad account vanishes. The domain is parked on a bulletproof hosting service in Eastern Europe. Victim realises fraud only when balance‑alert SMS arrives.

Warning — A single OTP shared with a fake helpline can trigger up to ₹5 lakh in outflows before SMS alerts catch up. RBI's January 2026 circular mandates real‑time card‑block APIs, but not all co‑operative banks comply.

By March 2026, the Indian Cyber Crime Coordination Centre (I4C) logged 1.73 lakh complaints under this modus operandi, with cumulative losses exceeding ₹2,100 crore. Maharashtra, Karnataka, Telangana, Delhi‑NCR, and West Bengal account for 61 per cent of incidents.

Bharatiya Nyaya Sanhita 2024

• §318(4) – Cheating by personation: Impersonating a corporation, public servant, or authorised helpline to deceive and induce property transfer. Punishment: imprisonment up to seven years + fine.
• §319(3) – Cheating by dishonest inducement: Fraudulent misrepresentation leading to delivery of property. Punishment: imprisonment up to three years or fine or both; if value exceeds ₹1 lakh, up to seven years.
• §308 – Theft: Dishonestly taking movable property (digital money qualifies post‑2023 Supreme Court dicta).
• §336 – Forgery of electronic record: Creating fake domain certificates, spoofed caller IDs.

Bharatiya Nagarik Suraksha Sanhita 2024

• §173(1) – Cognisable offence FIR: Police shall register without preliminary enquiry; refusal invites disciplinary action under §173(3).
• §193 – Power to freeze assets: Magistrate may order interim attachment of suspect bank accounts on application by investigating officer.
• §35 – Jurisdiction: Offence deemed committed where victim resides, transaction originates, or server hosting fake site is located.

Information Technology Act 2000 (amended 2023)

• §66C – Identity theft: Using another's electronic signature or password. Punishment: up to three years + ₹1 lakh fine.
• §66D – Cheating by personation using computer resource: Overlaps BNS §318(4); IT Act penalty is cumulative.
• §43(b) – Unauthorised downloading/extraction of data: Civil liability up to ₹5 crore under §43(1).

Consumer Protection Act 2019

• §2(7) – Deficiency in service: Bank or telecom provider's failure to safeguard customer from known fraud vectors.
• §21(a)(i) – District forum jurisdiction: Claims up to ₹50 lakh for compensation due to negligence, unfair trade practice, or deficiency.

Most citizens miss this — You can invoke both criminal (BNS/IT Act) and civil (CPA) remedies simultaneously. A criminal conviction is not a prerequisite for consumer‑forum compensation; deficiency in service suffices.

Minute zero to five

1. Hang up the moment any “agent” requests card CVV, OTP, PIN, or remote‑access app (AnyDesk, TeamViewer). 2. Call the official helpline from your bank's physical debit card, chequebook, or verified mobile app. Report “potential fraud call.” 3. Block all cards linked to the account discussed. Use mobile banking app or SMS keywords (e.g. BLOCK <last‑four‑digits> to 5676766). 4. Screenshot the Google Ad, save the phone number from call log, note exact dialogue and time.

Hour one to three

5. File online complaint at https://cybercrime.gov.in under “Report Other Cyber Crime” → Financial Fraud. Upload call recording (if state law permits one‑party consent recording: Maharashtra, Karnataka, Gujarat do; check local Telegraph Act rules). 6. Visit nearest police station with printouts: ad screenshot, bank SMS trail, cybercrime.gov.in acknowledgement number. Demand FIR under BNS §318(4), §319(3), IT Act §66C, §66D; cite BNSS §173(1) if officer hesitates. 7. Email your bank's nodal officer (name + ID available on bank website under Grievance Redressal). Subject line: “Fraud transaction alert – provisional credit requested under RBI Master Direction.” Attach FIR copy.

Day one

8. Lodge written complaint with National Payments Corporation of India (NPCI) if UPI was used: [email protected]. Cite transaction UTR, timestamp, beneficiary VPA. 9. Inform telecom provider (Airtel/Jio/Vi) of the fraudulent caller ID. Request CDR (Call Detail Record) under RTI Act 2005 if needed for evidence. 10. Change all passwords, PINs, MPINs for banking, UPI, email, and linked e‑commerce accounts.

Do this immediately — RBI's April 2025 circular mandates banks provide provisional credit within ten working days if you report fraud within three days of transaction and before notifying the bank of unauthorised debit. Miss that 72‑hour window and liability shifts.

Jurisdictional choice. Under BNSS §35, you may file the FIR at:

• Your place of residence.
• The police station covering the suspect's beneficiary bank branch (if known).
• The Cyber Crime Police Station of the state (centralised; faster inter‑state coordination).

Essential FIR contents

• Chronology: Date, time, how you found the number (Google search screenshot), complete dialogue summary.
• Monetary loss: Exact ₹ amount, transaction IDs (UTR/RRN), beneficiary account number/VPA.
• Evidence custody: State you have preserved call recording, SMS OTP log, Google Ad screenshot, bank SMS trail.
• Statutory penal sections: Explicitly request BNS 2024 §318(4), §319(3), IT Act 2000 §66C, §66D.
• Prayer: Immediate freezing of beneficiary accounts under BNSS §193, forensic examination of telecom CDR, coordination with I4C for inter‑state suspects.

Sample FIR text (adapt to facts):

To,
The Station House Officer,
Cyber Crime Police Station,
[City], [State]

Subject: FIR under BNS 2024 §318(4), §319(3), IT Act 2000 §66C, §66D — Fake Customer Care Helpline Fraud

Sir/Madam,

I, [Your Full Name], aged [__], residing at [Full Address], Aadhaar [Last Four Digits], mobile [____], hereby lodge a formal complaint of cheating by personation and identity theft.

FACTS:
1. On [Date] at [Time] hours, I Googled "HDFC Bank customer care" to block my debit card [last four digits ____].
2. The top paid advertisement displayed phone number [Ten Digit Number]. Screenshot attached (Annexure A).
3. I dialled the number. An IVR mimicking HDFC's system connected me to a person who identified himself as "Rahul Kumar, Senior Executive."
4. He confirmed my name and card's last four digits (likely harvested from prior data leak). He claimed suspicious transaction of ₹45,000 in Goa and offered immediate block facility.
5. He requested card number, expiry, CVV, and an "OTP for authentication." I shared [____]. Within two minutes I received SMS alerts of four UPI debits totalling ₹1,87,400 to VPAs [____@paytm, ____@ybl].
6. I immediately called genuine HDFC helpline 1800‑XXX‑1234, blocked card, filed cybercrime.gov.in complaint [Ack No. ________].

EVIDENCE IN CUSTODY:
– Google Ad screenshot (Annexure A)
– Call log with timestamp (Annexure B)
– Bank SMS trail (Annexure C)
– Cybercrime portal acknowledgement (Annexure D)

PRAYER:
I request you kindly:
a) Register FIR under BNS 2024 §318(4), §319(3), IT Act 2000 §66C, §66D per BNSS 2024 §173(1).
b) Issue orders under BNSS §193 to freeze beneficiary bank accounts [Account numbers ____, ____, ____].
c) Obtain CDR of caller number [____] from telecom authority.
d) Coordinate with I4C and State Cyber Cell for inter‑state investigation.
e) Provide me with FIR copy and investigating officer's contact details.

I undertake to cooperate fully and provide any additional documents required.

Date: [DD/MM/2026]
Place: [City]

[Signature]
[Name]

Post‑FIR actions

• Obtain FIR acknowledgement with number, date, investigating officer's name and mobile.
• Track progress on CCTNS Citizen Portal (https://citizen.mahapolice.gov.in or state equivalent).
• If no action within 15 days, file Section 173(3) BNSS complaint with Superintendent of Police and copy to State DGP.

Citizen tip — Attach a self‑attested one‑page timeline chart (Date | Time | Event | Amount | Evidence) as the first page of your FIR annexures. Judges and prosecutors cite these verbatim; it accelerates charge‑sheet drafting.

RBI Master Direction on Digital Payment Security Controls (updated January 2026) stipulates:

Bank's burden. If the bank fails to:

• Implement two‑factor authentication,
• Send real‑time SMS/email alerts within 30 seconds,
• Provide one‑click card‑block functionality in mobile app,
• Maintain updated helpline number on RBI's master list,

then deficiency in service arises under CPA 2019 §2(7), and the bank cannot invoke contributory negligence.

Provisional credit. RBI mandates provisional credit (shadow reversal) within ten working days of fraud report if:

• You file a written complaint with transaction details.
• You attach FIR/cybercrime acknowledgement.
• The bank's internal enquiry does not conclusively prove gross negligence (sharing PIN with third party in writing, for instance).

Sample email to bank nodal officer:

To: [email protected]
CC: [email protected], [email protected]
Subject: Provisional Credit Request – Unauthorised UPI Debits ₹1,87,400 – Account [____]

Dear Sir/Madam,

Account Holder: [Name]
Account Number: [____]
Customer ID: [____]
Mobile: [____]
Email: [____]

I report unauthorised UPI debits totalling ₹1,87,400 on [Date] between [Time] and [Time]. Transactions:
1. UTR [____], ₹50,000 to [____@paytm]
2. UTR [____], ₹60,000 to [____@ybl]
3. UTR [____], ₹45,000 to [____@paytm]
4. UTR [____], ₹32,400 to [____@axl]

FACTS:
I was deceived by a fake customer care number [____] impersonating HDFC Bank via paid Google advertisement. I shared OTP under the belief it was authentication, not transaction authorisation. FIR lodged at [Police Station], FIR No. [____] dated [____] (copy attached). Cybercrime.gov.in complaint acknowledgement [____] also attached.

REQUEST:
Under RBI Master Direction on Digital Payment Security Controls (January 2026 update) and BNSS 2024 investigation timeline, I request:
1. Immediate provisional credit of ₹1,87,400 within ten working days.
2. Suspension of any adverse credit bureau reporting.
3. Details of beneficiary accounts for my submission to investigating officer.
4. Written confirmation of this complaint with reference number.

I reported fraud within [X hours] of first debit SMS, well within the 3‑day zero‑liability window. I did NOT share my PIN or password in writing, nor authorised any third‑party app installation.

I am available for any clarification at [Mobile].

Regards,
[Name]
[Date]

Attachments: FIR copy, Cybercrime acknowledgement, Bank SMS trail

Trust signal — Banks settle 68 % of provisional‑credit requests within the ten‑day RBI deadline when the customer emails the nodal officer and CCs the RBI's complaint portal ([email protected]). Single‑channel phone complaints suffer 54 % rejection rates due to “insufficient documentation.”

Telecom provider duties (TRAI guidelines 2024)

Under TRAI's Telecom Commercial Communications Customer Preference Regulations 2024, telecom operators must:

• Implement CLI (Calling Line Identification) authentication to prevent number spoofing.
• Maintain a Do Not Disturb registry for promotional calls; violators face ₹50,000 per‑incident penalty.
• Cooperate with law enforcement within three working days to provide CDR and tower location data under BNSS §93 summons.

If a telecom operator issued a SIM using forged KYC (common in fake‑helpline scams), contributory negligence can be pleaded in a consumer forum. Precedent: *Airtel Ltd. v. Ramesh Kumar* (2024) National Consumer Disputes Redressal Commission awarded ₹2 lakh compensation when a SIM issued on fake Aadhaar was used for cyber fraud.

Google Ads / Meta Ads accountability

• IT Rules 2023 (Intermediary Guidelines Amendment): Significant social media intermediaries must deploy proactive technology tools to identify and remove fraudulent ads within 72 hours of user report.
• Failure triggers loss of safe‑harbour immunity under IT Act §79.
• Consumer forums increasingly accept petitions naming Google India Pvt. Ltd. or Meta Platforms Inc. as co‑respondents for deficiency in ad‑vetting.

Sample legal notice to Google:

By Speed Post & Email: [email protected]

To,
The Grievance Officer,
Google India Pvt. Ltd.,
No. 3, RMZ Infinity – Tower E, Old Madras Road,
Bangalore – 560016

Subject: Legal Notice under IT Act 2000 §79, CPA 2019 – Fake Customer Care Advertisement

Dear Sir/Madam,

My client [Name], residing at [Address], was defrauded of ₹1,87,400 on [Date] after clicking a paid Google advertisement that impersonated HDFC Bank's customer care helpline.

FACTS:
1. Search query: "HDFC Bank customer care" on [Date] at [Time].
2. Top ad result displayed phone number [____] with domain hdfcbank‑care[.]com (screenshot attached).
3. Ad ID / Campaign ID visible in page source: [____] (annexed).
4. Fraudulent operator extracted OTP, debited ₹1,87,400 via UPI.
5. FIR No. [____] lodged at [Police Station].

GROUNDS:
a) Google failed to verify advertiser's identity per IT Rules 2023 clause 3(1)(b)(v).
b) Continued display of the ad for 96 hours post our complaint reference [____] dated [____].
c) No response to grievance escalation on [Date].

DEMAND:
Within 15 days:
1. Remove the advertisement and suspend advertiser account permanently.
2. Disclose advertiser's payment details, IP logs to investigating officer [Name, Designation, Police Station].
3. Compensate ₹1,87,400 + ₹50,000 legal costs, failing which we shall file suit under CPA 2019 in District Consumer Forum, [City].

This notice is without prejudice to criminal prosecution under BNS 2024 §318(4) read with IT Act §66D for abetting cheating by providing platform to fraudster.

Advocate [Name]
Enrolment No. [____]
Date: [____]
Place: [City]

For and on behalf of [Client Name]

Warning — Google and Meta's standard response is “ads policy violation; advertiser suspended; no liability.” Courts, however, in 2025–26 are admitting CPA complaints if you prove (a) the ad ran for more than 72 hours after first user complaint, or (b) advertiser verification was facially deficient (e.g. payment via crypto, foreign VPN sign‑up).

Supreme Court

• Indian Bank Association v. Union of India (2025) 4 SCC 112: Held that banks owe a fiduciary duty to safeguard customer credentials; mere display of disclaimer (“never share OTP”) insufficient if bank's UI design does not distinguish authentication OTP from transaction OTP.

High Courts

• Suman Verma v. ICICI Bank Ltd. (2024) Delhi High Court Consumer Appeal 456/2024: Awarded ₹4.2 lakh compensation when bank denied provisional credit despite FIR filed within 48 hours. Court noted bank violated RBI Master Direction's ten‑day timeline.
• State of Maharashtra v. Akhtar Shaikh (2025) Bombay High Court Criminal Appeal 1123/2025: Conviction under BNS §318(4) + IT Act §66D; call‑centre operator sentenced to five years rigorous imprisonment and ₹2 lakh fine for running fake customer care racket spanning twelve banks.

Regulatory orders

• RBI Circular RBI/2025-26/84 dated 22 January 2026: Directed all scheduled commercial banks to disable OTP‑based card‑not‑present transactions above ₹50,000 unless explicitly enabled by customer through secure app toggle. Non‑compliant banks face ₹1 crore penalty per quarter.
• TRAI Directive dated 10 March 2026: Mandated CLI validation for all ten‑digit helpline numbers (18XX, 1800, 1860 series) against a centralised whitelist maintained by Department of Telecommunications (DoT). Violators disconnected within 24 hours.

Most citizens miss this — The Indian Bank Association ruling allows you to cite fiduciary breach in your consumer complaint even if you technically “consented” to the transaction by entering OTP. Courts now examine whether the consent was informed—scam calls by definition vitiate informed consent.

Before dialling any helpline

1. Cross‑verify on official website. Visit the company's domain directly (type URL; don't click ad). Confirm helpline on “Contact Us” page. 2. Check RBI's list of bank helplines: https://m.rbi.org.in/Scripts/bs_viewcontent.aspx?Id=2009 (updated quarterly). 3. Look for 1800 or 1860 prefix. Legitimate toll‑free helplines rarely use standard ten‑digit mobile series (e.g. 98XXX, 91XXX). 4. Inspect URL carefully. Fraudsters register domains like hdfc‑bank.com, hdfccares.in, icicibank.co (note .co vs .com).

During the call

5. Never share CVV, OTP, PIN, or grid values. No genuine bank or telecom agent will request these. 6. Beware of urgency scripts: “Your account will be blocked in 10 minutes,” “KYC expires today.” 7. No remote‑access apps. Legitimate support never asks you to install AnyDesk, TeamViewer, QuickSupport. 8. Reverse‑verify the agent. Ask for employee ID, then hang up and call the official number to confirm that ID exists.

Post‑call hygiene

9. Review bank alerts daily. Enable SMS + email + app push for every transaction, however small. 10. Set transaction limits. UPI: ₹20,000/day; card e‑commerce: ₹50,000/day; tweak in mobile banking settings. 11. Enable two‑factor withdrawal. Banks like HDFC, SBI offer “secure access” requiring biometric or hardware token for transactions above ₹10,000. 12. Google yourself. Check if your mobile/email appears in breach databases (haveibeenpwned.com). If yes, change passwords and PINs immediately.

Citizen tip — Save your bank's official helpline in your phone contacts as “HDFC OFFICIAL 18002700,” “SBI OFFICIAL 18001234,” etc. When you Google, you'll recognise any mismatch instantly.

Banking Ombudsman (RBI)

• Timeline: Complaint must be filed within one year of bank's final rejection or thirty days after no reply.
• Portal: https://cms.rbi.org.in (Complaint Management System).
• Grounds: Deficiency in service, delay in provisional credit, denial of zero‑liability claim.
• Award cap: ₹20 lakh (includes principal loss + compensation for harassment).
• Advantage: Free, no lawyer needed, award enforceable as decree under BNSS.

Consumer Forums (CPA 2019)

• District Forum: Claims ₹0–50 lakh. File in your district or where bank branch is located.
• State Commission: ₹50 lakh–2 crore.
• National Commission: Above ₹2 crore or appeals from State Commission.
• Process: Written complaint (₹200 court fee for ₹1 lakh claim), bank files reply within 30 days, evidence/hearing, order typically within 90 days (though reality: 9–18 months).
• Relief: Refund + compensation for mental agony (₹25,000–₹1 lakh typical) + litigation costs.

Civil suit (recovery from fraudster)

If police trace and arrest the fraudster, you can file a civil suit for damages under Code of Civil Procedure 1908 in the district court where he resides. Realistically, recovery is low (fraudsters are often judgment‑proof), but a decree helps:

• Attach any immovable property.
• Garnish future salary if he's employed.
• Invoke Bharatiya Nagarik Suraksha Sanhita §446 (attachment before judgment) if there's risk of asset dissipation.

Victim Compensation Scheme

Some states (Delhi, Maharashtra, Karnataka) operate Victim Compensation Schemes under BNSS §42, offering ₹5,000–₹1 lakh for economic crime victims. Apply via District Legal Services Authority within 90 days of FIR.

Do this immediately — File Banking Ombudsman complaint in parallel with consumer forum petition. Ombudsman's findings (even if not in your favour) are admissible evidence in consumer forum under CPA §58, and vice versa. Dual‑track pressure accelerates bank settlement offers.

Yes, provided you reported the fraud within three working days and can prove you were deceived by impersonation (fake ad screenshot, call recording). RBI's zero‑liability clause applies because your consent was obtained through fraud—vitiated consent is no consent. Courts in Suman Verma (2024) and Ramesh Kumar (2024) have upheld this interpretation.

Police can obtain Call Detail Records (CDR) and IMEI logs from the telecom operator under BNSS §93. Even if SIM is discarded, tower location data during the call window helps identify the call centre's geographical area. I4C's inter‑state coordination then traces mule account holders, leading back to the syndicate.

FIR is necessary but not sufficient. The bank will conduct internal enquiry. If they find you enabled a third‑party UPI app, stored PIN in plaintext, or ignored multiple SMS alerts, they may invoke contributory negligence. However, an FIR filed within 24 hours creates a presumption of prompt reporting under RBI norms, shifting burden of proof to the bank to demonstrate gross negligence (very high threshold post‑2025 jurisprudence).

Yes. Under CPA 2019, both qualify as “service providers.” Google for deficiency in ad vetting (violates IT Rules 2023), telecom operator for issuing SIM on inadequate KYC or failing to block spoofed CLI. Success rate is higher if you can show the ad ran for more than 72 hours post‑complaint or if the SIM was activated with a photocopied/fake Aadhaar.

Typical timeline: FIR → preliminary enquiry (15 days) → freeze beneficiary accounts (30 days) → trace account holders (60–90 days) → arrest (if inter‑state, 120 days) → charge‑sheet (180 days per BNSS timeline). Recovery of money: 18–24 months on average. Parallel civil/consumer action is therefore critical to obtain provisional credit or decree pending criminal trial.

Under CPA 2019 §21(b), you can claim:

• Principal amount (₹1,87,400 in Priya's case).
• Interest from date of loss till payment @ 9 % p.a. (typical consumer forum rate).
• Compensation for mental agony: ₹25,000–₹1 lakh depending on harassment, health impact (medical certificate helps).
• Litigation costs: ₹10,000–₹50,000 for lawyer, travel, documentation.

Total awards in recent 2025–26 cases range from 1.3× to 1.7× the principal loss.

Yes, if investigating officer is unresponsive beyond 30 days. File RTI under RTI Act 2005 with:

• Public Authority: Superintendent of Police (Cyber Crime) / Commissioner of Police.
• Information sought: “Current status of FIR No. [], name and mobile of investigating officer, list of actions taken (accounts frozen, CDRs obtained, suspects identified), expected charge‑sheet date.”
• Fee: ₹10 (most states).
• Timeline: PIO must reply within 30 days.

This triggers administrative