Credit Card Fraud in India: How to Protect Yourself and What to Do If It Happens

Credit card fraud in India has grown sharply with the rise of digital payments. Fake customer care calls, phishing websites, card skimmers at ATMs, and UPI scam links are everywhere. The good news: banks and the RBI have built strong protections for cardholders. The bad news: most people still don’t know how to use them. Here’s what you need to know.

Table of Contents

Common types of credit card fraud in India

1. Phishing calls and SMS

You get a call claiming to be from “bank security” saying your card has been blocked or there’s a suspicious transaction. They ask you to verify your card number, CVV, OTP, or install an app. Anyone who calls and asks for these details is a fraudster. Banks never ask for full card numbers or OTPs over phone.

2. Fake customer care numbers

You search for “bank customer care number” on Google or social media and call the first number you see. It’s a fraudster who collects your card details under the pretext of helping you. Always use the number printed on your card itself or on the official bank website.

3. Card skimming at ATMs and POS machines

A small device attached to an ATM or PoS machine reads your card details as you swipe. Combined with a hidden camera capturing your PIN, they clone your card. Always cover the keypad when entering your PIN, and prefer ATMs inside bank branches over standalone ones.

4. Phishing websites

A fake e-commerce site that looks identical to the real one. You enter your card details to complete a purchase that never actually ships. Always check the URL (https://, correct spelling) and prefer major, known sites.

5. QR code and UPI scams

You’re asked to scan a QR code to “receive” money, but scanning actually debits your account. If you’re receiving money, you never need to scan anything or enter a PIN. Any app that asks for a PIN during a “receive” transaction is running a scam.

6. SIM swap fraud

A fraudster gets a duplicate SIM of your number issued by convincing the telecom operator. They then receive OTPs sent to your number and drain your card. If your phone suddenly loses network for hours without reason, call your telecom operator immediately.

7. Identity theft and card application fraud

Someone uses your stolen documents (PAN, Aadhaar) to apply for a credit card in your name. You only find out when collections calls start or when you check your credit report.

How to prevent fraud: the essentials

Card-level protections

Enable international and online transactions only when needed. Most banks now let you toggle card settings in the app — domestic only, ATM only, online only. Enable international or high-limit online use only for the duration of your need.
Set transaction limits. Cap your daily online and ATM limits at what you actually need. If your lifestyle needs ₹50,000, don’t keep the limit at ₹2 lakh.
Register for SMS and email alerts. Every transaction, even a ₹1 one, should trigger an SMS. This is your first line of defense.
Use a virtual card number for online purchases. Banks offer these one-time or limited-use card numbers in the app. They mask your real card from merchants.
Don’t save card details on websites. The RBI’s tokenization rules now prevent most websites from storing card numbers. If an older site still does, remove your card.

Personal behavior protections

Never share your CVV, OTP, PIN, or full card number over phone or email — with anyone.
Cover the keypad when entering your PIN at ATMs and PoS terminals.
Don’t hand your card to waiters or attendants out of your sight. Ask for a mobile PoS to be brought to the table.
Check your credit card statement every single month, line by line. Small unauthorized charges of ₹100-500 are common and often missed.
Don’t use public Wi-Fi for transactions. Use mobile data or a trusted home network.
Keep your phone locked with a strong PIN or biometric. Your banking apps are linked to it.

Credit report monitoring

Check your CIBIL report every 3-6 months. Free reports are available from CIBIL, Experian, and via apps like Paisabazaar.
Look for unrecognized accounts, inquiries, or address changes — these are red flags for identity theft.

What to do the moment you suspect fraud

Speed matters. The faster you act, the less liability you bear under RBI rules. Here’s the exact sequence:

Step 1: Block the card immediately (within minutes)

Use your banking app to block the card. Most banks have a single-tap block option. If the app isn’t available, call the bank’s customer care number printed on your card. Some banks support blocking via SMS to a specific number too.

Step 2: File a written complaint with the bank (within 3 days)

Send an email to the bank’s fraud department (address is on their website) detailing the transactions you didn’t make. Include screenshots, SMS alerts, and the block reference number. Under RBI’s circular on customer protection, if you report within 3 working days of receiving communication about the unauthorized transaction, your liability is typically zero for third-party fraud.

Step 3: File a cybercrime complaint (within 24-48 hours)

Go to the official National Cybercrime Reporting Portal at cybercrime.gov.in or call 1930 (the cyber fraud helpline). The faster this is filed, the better the chance of freezing the fraudster’s account and recovering funds.

Step 4: File a police complaint (FIR)

For larger amounts or identity theft, file an FIR at your local police station or the cyber crime cell. Keep multiple copies of the FIR.

Step 5: Notify credit bureaus

If your identity was stolen, notify CIBIL and other bureaus to add a fraud alert to your file. This makes it harder for new accounts to be opened in your name.

Step 6: Follow up in writing

Keep all correspondence documented. Banks have 90 days to resolve fraud claims. If they don’t, you can escalate to the RBI’s Banking Ombudsman.

What your liability actually is under RBI rules

The RBI’s 2017 circular on “Customer Protection — Limiting Liability of Customers in Unauthorised Electronic Banking Transactions” is clear:

Zero liability if the fraud is due to bank negligence (even if you don’t report it immediately) or due to third-party breach where you report within 3 working days.
Limited liability (₹10,000-25,000 depending on card type) if you report within 4-7 working days.
Full liability if you don’t report within 7 working days or if the fraud was due to your negligence (like sharing OTP or PIN).

In short: report fast, and your loss is capped or zero. Delay, and you could be on the hook for the full amount.

Special case: you shared the OTP or PIN yourself

This is where most people get stuck. If you shared your OTP with someone claiming to be from the bank, the fraud is technically due to “customer negligence” and liability falls on you.

However, file the complaint anyway, quickly. Banks in some cases still reverse charges when they can trace the fraud. Also, cybercrime authorities are increasingly successful at freezing fraudster accounts within hours if the complaint is filed at 1930 quickly.

Simple daily habits that prevent 90% of fraud

Turn on SMS alerts for every transaction. No exceptions.
Disable international transactions unless traveling.
Never share OTP, PIN, or CVV with anyone, ever.
Always check the merchant name in transaction SMS. Unknown name? Call the bank immediately.
Don’t click on payment links sent over SMS or WhatsApp. Open the bank app or website yourself.
Lock your credit card in the app when not using it — takes two taps, unlocks instantly before transactions.

Final thoughts

Credit card fraud is preventable in most cases, and highly recoverable when reported fast. The RBI has built strong consumer protections into the system. Your job is to know them, use them, and act instantly when something looks wrong. A five-minute delay can cost you money that a five-second card block would have saved.