Skip to main content
FinWiz24
TravelCashbackPremiumLifetime FreeFuelRewardsDiningShoppingAll cards
Back to Blog
Fraudulent Accounts on Your CIBIL Report? Here's What to Do
Credit Score

Fraudulent Accounts on Your CIBIL Report? Here's What to Do

Identity theft via credit-card fraud is rare but real. The recovery process is well-defined — if you act fast.

Priya Sharma

Personal-finance reporter focused on first-time cardholders and CIBIL. CAMS-certified mutual-fund writer.

17 June 2026
4 min read
DisputeFraudLost CardStolen Card

How identity theft via credit cards happens

Credit-card identity theft in India is less common than in the US or UK, but it does happen. The patterns:

  • KYC fraud: someone uses your Aadhaar/PAN to open a card in your name. Typically requires access to your documents.
  • Skimming + identity data: a merchant or POS skims your card data and pairs it with leaked personal data (name, address, phone) to make online purchases.
  • Phishing: you enter your card details on a fake merchant page; the fraudster uses them for online purchases.
  • Data breach fallout: a merchant or aggregator is breached, your stored card details are stolen, and the fraudster uses them at other merchants.

In all cases, the fraudster has your card data and may use it to either spend on the existing card or open a new one in your name.

The first signs of fraud

  • Unexpected SMS alerts for transactions you didn't make.
  • A credit card you didn't apply for showing up at your address.
  • A CIBIL report showing an account you don't recognise.
  • A loan rejection for an account you didn't know existed.
  • A credit-card bill for a card you don't have.

If you see any of these, act within 24 hours.

The 5-step recovery

Step 1: hotlist the card (if it's yours)

If the fraud is on a card you already have, call the bank's 24×7 helpline and hotlist the card immediately. The bank will block further transactions. Get the hotlist reference number in writing (SMS or email).

Ad slot: article

Step 2: file a police complaint

Visit your local police station or file an e-FIR on your state police's website. Get the FIR number. The bank will require this for any dispute.

Step 3: dispute the transactions

Call the bank's fraud cell (every bank has a separate number for fraud). Dispute each unauthorised transaction. The bank will:

  • Mark the disputed amount as "under investigation" — it won't accrue interest.
  • Issue a new card (if the existing one was compromised) within 7–10 days.
  • Investigate the transactions, typically resolving in 30–90 days.

Step 4: dispute the fraudulent account (if a new card was opened in your name)

If a card was opened in your name without your consent, dispute with:

  • The bank that issued the card: provide the FIR, your ID proof, and a written statement that you didn't apply.
  • CIBIL: file a dispute through the CIBIL portal. CIBIL will mark the account as "disputed" and ask the bank to investigate.
  • The bank must close the fraudulent account and remove it from your CIBIL report within 30 days.

Step 5: monitor for 6 months

After recovery, monitor your CIBIL report monthly. Fraudsters sometimes use stolen identity data months after the original breach. If new fraudulent accounts appear, repeat the process.

What the RBI's zero-liability rule means

The RBI's 2021 zero-liability rule: if you report a fraud within 3 days of becoming aware, you owe nothing. The bank must reverse the disputed amount and the loss is borne by the bank or the card network.

What zero-liability doesn't cover:

  • Transactions where you shared your PIN or OTP.
  • Transactions on a card you gave to a friend or family member.
  • Transactions where the bank proves you participated (your IP, your device, your OTP).

Most fraud that meets the zero-liability criteria is reversed in 7–30 days. The investigation is real, but the default outcome favours the customer when the timeline and evidence are clean.

How to prevent card fraud

  • Never share your PIN, OTP, or CVV with anyone, including bank staff. No bank will ever ask for these.
  • Use tokenised payments (Apple Pay, Google Pay, Samsung Pay) wherever possible. Tokenised data is useless to fraudsters.
  • Enable transaction alerts for every transaction. The fastest fraud detection is the alert itself.
  • Check your CIBIL report every 6 months. Look for unfamiliar accounts.
  • Don't store your card details on shopping sites. Most sites now support tokenised checkout; use it.
  • Set international transaction blocking by default. Most bank apps let you toggle international transactions off until you need them.
  • Avoid public Wi-Fi for online shopping. Public Wi-Fi is a known vector for session hijacking.

What to do if you're a victim repeatedly

If you find yourself repeatedly falling victim to fraud:

  • File a written complaint with your bank's Nodal Officer.
  • File a complaint with the RBI Banking Ombudsman.
  • Consider a credit freeze at CIBIL (incoming applications for new credit will be blocked until you lift the freeze).
  • File a complaint with the Cyber Crime Cell of your state police.

The credit freeze is the nuclear option — it prevents you from getting new credit too. Use it if the fraud is severe or recurring.

The bottom line

Identity theft via credit-card fraud is rare but real. The recovery process is well-defined: hotlist, FIR, dispute, monitor. The RBI's zero-liability rule protects you if you act within 3 days. The biggest risk is delay — the longer you wait, the harder the recovery. If you see an unfamiliar transaction or account, act within 24 hours. Most cases resolve in 30 days with a full reversal and a clean credit report.

Share: