How to Report Cyber Crime in India in 2026: 1930, NCRP, FIR Guide

Cyber crime reporting in India is no longer a single phone call or a single portal. The Indian Cyber Crime Coordination Centre (I4C) under the Ministry of Home Affairs runs a layered system, and most victims lose money simply because they pick the wrong door first. This guide walks a retail user, a worried parent and an enterprise SOC analyst through exactly which lever to pull, in what order, in 2026.

The Indian cyber-crime reporting stack

Think of reporting as four concentric layers. The 1930 helpline is the fastest layer and exists to do one thing well: freeze the money mid-flight. The NCRP portal at cybercrime.gov.in is the formal complaint layer that creates an acknowledgement number, routes the case to the correct state and triggers SMS updates. The State Cyber Cell or local police station FIR is the prosecution layer, the only one that can lead to arrests, search-seizure and a chargesheet. Sitting alongside is the Sanchar Saathi ecosystem from the Department of Telecommunications, which handles the telecom-layer evidence: SIM swaps, spoofed numbers and stolen handsets. Each layer has a purpose; none of them substitutes for the others.

The mistake most complainants make is to file on NCRP and wait. By the time the portal complaint is read at the state nodal officer’s desk, the fraudster’s mule account has been emptied. Speed matters more than paperwork.

The 1930 helpline — what to do in the first 60 minutes

1930 is the national toll-free cyber financial fraud helpline. It is operated by I4C in coordination with banks, payment aggregators and wallet operators. The call agent does not investigate, but they can push a freeze request through the Citizen Financial Cyber Fraud Reporting and Management System (CFCFRMS) within minutes.

1. Call 1930 from the registered mobile number of the bank or wallet account that has been debited. Calling from a different number slows verification.
2. Have these ready before you dial: the exact transaction ID or UTR, the debit amount, the time of debit, the beneficiary VPA or account number if visible, the SMS or app notification, and your Aadhaar or PAN for identity match.
3. Choose your language when prompted. The helpline supports Hindi, English and major regional languages including Tamil, Telugu, Bengali, Marathi, Kannada, Gujarati, Malayalam, Punjabi, Odia and Assamese.
4. The agent will read back a ticket number and ask you to log it on NCRP within 24 hours. Note this number; it links your phone complaint to the portal entry.
5. If the debit was via UPI, also call your bank’s fraud line and your UPI app’s in-app fraud reporter in parallel. Three parallel signals beat one.
6. For card fraud, block the card from the issuer app or net-banking before anything else; 1930 will not block the card for you.
7. For wallet fraud (Paytm, PhonePe, Mobikwik, etc.), use the in-app dispute flow alongside 1930; wallet operators have their own internal hold mechanisms.

Realistically, a 1930 freeze that lands within the first 30 to 60 minutes catches the money before it is layered through three or four mule accounts. After that window, recovery odds drop sharply.

The NCRP portal — cybercrime.gov.in step-by-step

The National Cyber Crime Reporting Portal is the formal entry point for every kind of cyber complaint, not just financial fraud. It is the digital equivalent of walking into a cyber cell.

Step 1: Registration

Go to cybercrime.gov.in and click File a Complaint. Accept the disclaimer. For a Report and Track complaint, register with your mobile number, receive an OTP, and provide name, email, state and either PAN or Aadhaar for identity verification. Anonymous reports are accepted only for the Women and Child category.

Step 2: Category selection

Pick the right bucket. Financial Fraud covers UPI, internet banking, card, wallet, business email compromise and crypto scams. Women and Child Related Crime covers stalking, non-consensual intimate imagery, online grooming and CSAM, and may be filed anonymously. Other Cyber Crime covers data breach, ransomware, profile impersonation, hacking, online job fraud and matrimonial fraud.

Step 3: Evidence upload

Upload everything you have. Screenshots of the chat or the spoofed website. Bank SMSes. Transaction reference numbers. The fraudster’s UPI ID, phone number, email and any URLs they sent. If you recorded the call, upload the audio. Maximum file size per upload is typically 5 MB and accepted formats include JPG, PNG, PDF, MP3 and MP4. Compile a single PDF if your evidence is bulky.

Step 4: Receiving the acknowledgement number

On submission the portal generates a complaint ID and sends an SMS. This ID is your handle for every follow-up. Save it. Save the PDF acknowledgement.

Step 5: Following up

Log in to cybercrime.gov.in, use Track your Complaint, and watch the status move through Under Review, Forwarded to State, Action Taken and Closed. If it sits at Under Review beyond 15 days, escalate to the state nodal cyber officer whose contact appears on the state police website, and quote your acknowledgement number.

Sanchar Saathi for SIM and mobile fraud

The Department of Telecommunications runs sancharsaathi.gov.in for the telecom layer. Chakshu is where you report suspicious calls and SMSes, including fake KYC, parcel scams and digital arrest pretexts. Tafcop shows every mobile connection issued against your Aadhaar so you can flag and disconnect SIMs you did not authorise. Know Your Mobile (KYM) validates the IMEI of a handset before purchase, and the CEIR service blocks a lost or stolen phone across all networks. Sanchar Saathi is the right tool when the fraud rides on a spoofed number or a SIM you never asked for; it is not a substitute for NCRP when money has been taken.

When you must file a local FIR

• Loss exceeds a few thousand rupees and you want a chargesheet, not just a portal ticket.
• Identity theft: a loan, credit card, SIM or bank account has been opened in your name.
• Persistent harassment, sextortion, threats or stalking.
• Physical safety is implicated, including digital-arrest scams that escalate to threats.
• The fraudster is identifiable and you want search-seizure to be possible.

Walk into the local police station with a printed NCRP acknowledgement, all evidence and a written complaint. If the duty officer refuses to register an FIR for a cognisable offence, cite the Supreme Court’s ruling in Lalita Kumari v Government of Uttar Pradesh (2014), which makes FIR registration mandatory when the complaint discloses a cognisable offence. Escalate to the SHO, then the DCP, then the State Cyber Cell. Most states now also have dedicated Cyber Crime Police Stations in each district; you can approach them directly for cyber-specific offences.

Banking chargeback path for financial fraud

The Reserve Bank of India’s Limited Liability circular (Customer Protection Master Direction, updated through 2023 and reaffirmed in 2025 guidance) caps your liability if you report quickly. Speed of reporting to the bank is the decisive variable.

If the bank stalls beyond 30 days, escalate to the RBI Integrated Ombudsman at cms.rbi.org.in. The Ombudsman route is free, online and binding on the bank up to ₹20 lakh.

What actually works vs what doesn’t

Honest data from cases that I4C has shared publicly: the instant 1930 freeze succeeds in roughly one in four cases when the call lands inside the first hour, and that ratio collapses to under 5% after six hours. The chargeback route works well for card-not-present fraud where the merchant can be disputed, and works poorly for UPI push-payment fraud where the victim authorised the transfer under social engineering. An FIR is essential if you want any chance of prosecution under the Bharatiya Nyaya Sanhita (BNS) and the IT Act, 2000 (sections 66C, 66D, 43, 72), but realistic recovery timelines through court are measured in years, not months. The NCRP portal alone, without a parallel 1930 call and an FIR, rarely returns the money. Treat the three channels as a single coordinated response, not alternatives.

For business victims (not just retail)

If the victim is an organisation, additional obligations attach. CERT-In’s April 2022 Direction requires reporting of specified cyber incidents — including ransomware, data breach and BEC — within 6 hours of noticing, to incident@cert-in.org.in. Regulated entities face parallel duties: RBI-supervised banks and NBFCs report under the Cyber Security Framework and the IT-Examination guidelines; SEBI-regulated intermediaries report through the SEBI portal under the CSCRF; IRDAI regulated insurers report under the Information and Cyber Security Guidelines, 2023. The Digital Personal Data Protection Act, 2023 adds notification duties to the Data Protection Board for any personal-data breach. None of these replace the criminal complaint, which still goes through NCRP and the local police; they sit on top of it.

Useful contacts and links

• Cyber Financial Fraud Helpline: 1930 (toll-free, 24×7)
• National Cyber Crime Reporting Portal: cybercrime.gov.in
• Sanchar Saathi (telecom fraud, SIM, IMEI): sancharsaathi.gov.in
• CERT-In incident reporting: [email protected]  |  RingSafe CERT-In 6-hour reporting guide
• DPDP Act breach notification: RingSafe DPDP Act guide
• India compliance map for businesses: RingSafe India compliance overview
• RBI Integrated Ombudsman: cms.rbi.org.in

Bookmark this page. If you or a family member is hit, the first thing you will lose is composure; the second is time. Having the numbers, the URLs and the order of operations already in front of you is what turns a panicked half-hour into a successful freeze.