Introduction
Cyber crime investigations often require data and assistance from multiple agencies including banks, telecom providers, social media platforms, and regulatory bodies. Effective inter-agency coordination is essential for successful investigation and prosecution.
By the end of this part, you will understand how to coordinate with banks for financial data, request telecom data, work with social media companies, and leverage RBI/NPCI guidelines for dispute resolution.
Bank Coordination (Bankon ke Saath Samanvay)
Banks hold critical information for financial cyber crime investigations. Establishing effective coordination with banks is essential for fund freezing, transaction tracing, and KYC information retrieval.
Types of Information from Banks
Account Details
Account holder name, address, KYC documents, account opening date, nomination details, linked accounts.
Transaction History
Complete transaction statements, beneficiary details, UPI IDs, NEFT/RTGS/IMPS details, cheque images.
Freeze Information
Current balance, freeze status, any existing liens, court orders affecting account.
CCTV/Branch Records
ATM CCTV footage, branch visit records, cash deposit/withdrawal records with images.
Bank Request Procedures
| Request Type | Authority Required | Typical Timeline |
|---|---|---|
| Account Freeze | IO letter to Branch Manager | Immediate (same day) |
| Transaction Statement | IO requisition | 3-7 working days |
| KYC Documents | IO requisition | 5-10 working days |
| CCTV Footage | IO letter with date/time/location | 7-15 days (limited retention) |
| IP Logs (Net Banking) | Court order preferred | 15-30 days |
Bank Freeze Letter Format
Sample Freeze Letter
To: The Branch Manager
[Bank Name, Branch Address]
Subject: Request to Freeze Bank Account - FIR No. [X]
Sir/Madam,
A case vide FIR No. [X] dated [DD/MM/YYYY] u/s [Sections] has been registered at PS [Name] regarding online fraud. During investigation, it has been revealed that the fraudulently obtained amount was transferred to the following account:
Account Number: [XXXX]
Account Holder: [Name if known]
IFSC Code: [XXXX]
You are requested to immediately freeze the said account and preserve all records including KYC, transaction history, and any linked accounts. Please provide account details and current balance at the earliest.
Yours faithfully,
[IO Name, Designation]
[PS Name, Contact]
Nodal Officers System
All major banks have designated Cyber Cell Nodal Officers for coordinating with law enforcement:
- Contact nodal officer directly for urgent matters
- Nodal officer contact details available on bank website and through I4C
- Use official email for written requests
- Follow up within 48-72 hours if no response
- Escalate to higher authorities if needed
For urgent fund freeze, simultaneously contact: (1) 1930 helpline for immediate action through CFCFRMS portal, (2) Bank's nodal officer via email, and (3) Local branch manager in person. This multi-channel approach maximizes chances of stopping fund movement.
Telecom Data Requests (Telecom Daata)
Telecom service providers maintain crucial data including Call Detail Records (CDR), subscriber information, and cell tower data that are essential for identifying and locating suspects.
Types of Telecom Data
| Data Type | Description | Retention Period |
|---|---|---|
| CDR (Call Detail Record) | All incoming/outgoing calls with duration, time, cell tower | 2 years |
| CAF (Customer Acquisition Form) | KYC documents submitted at SIM purchase | Permanent |
| SDR (Subscriber Detail Record) | Subscriber name, address, alternate contact | Permanent |
| IPDR (IP Detail Record) | Internet usage records with IP addresses | 1 year |
| Tower Dump | All devices connected to specific tower at given time | 6 months |
| Cell ID Location | Geographic location of cell towers | Available on request |
Authority for Telecom Data Requests
- SP/DCP Level: Required for CDR and subscriber details
- Designated Nodal Officer: Each district has designated officer for telecom requests
- Online Portal: CCTNS integration allows some requests online
- Court Order: May be required for historical data beyond standard retention
CDR Analysis Basics
- A-Number: Calling party number
- B-Number: Called party number
- Call Date/Time: When call was made/received
- Duration: Length of call in seconds
- Cell ID: Tower through which call was routed
- IMEI: Device identifier
- Call Type: Voice, SMS, data
IMEI Tracing
IMEI (International Mobile Equipment Identity) is a 15-digit unique identifier for mobile devices. Tracing IMEI helps track stolen phones or identify devices used in crimes:
- Request IMEI trace through CEIR (Central Equipment Identity Register)
- Can identify all SIM cards used in the device
- Shows device movement across different cells
- Useful even if SIM is changed
Social Media Companies (Social Media Companiyaan)
Social media platforms hold valuable evidence including user data, content, and communication records. Understanding how to obtain data from these companies is crucial for modern investigations.
Indian vs Foreign Platforms
| Aspect | Indian Platforms | Foreign Platforms |
|---|---|---|
| Examples | ShareChat, Koo, Indian apps | Facebook, Instagram, WhatsApp, Google, X (Twitter) |
| Data Location | Servers in India | Servers abroad (mostly USA) |
| Request Channel | Direct to company/Nodal officer | LEA Portal, MLAT |
| Response Time | 7-15 days | 30-90 days |
| Legal Framework | IT Act, BNS | US law, MLAT, company policies |
Law Enforcement Agency (LEA) Portals
Meta (Facebook/Instagram/WhatsApp)
Request through Facebook Law Enforcement Response Portal. Requires official government email. Can request basic subscriber info, IP logs, content.
Legal Investigation Support through Google's LEA portal. Gmail content, Google Drive, location history, YouTube data.
X (Twitter)
LEA guidelines on X website. Account information, IP logs, Direct Message metadata (content requires US court order).
Telegram
Limited cooperation. Only responds to court orders for confirmed terrorism cases. Most data encrypted.
Data Preservation Requests
Critical first step before formal request:
- Send preservation letter immediately upon case registration
- Most platforms preserve data for 90 days on valid request
- Preservation can be extended with follow-up request
- Include: Account ID/URL, date range, FIR details, IO contact
- Use platform's official LEA contact for preservation requests
WhatsApp messages are end-to-end encrypted - WhatsApp cannot provide message content. Only metadata (who communicated with whom, when) can be obtained. Actual message content must be retrieved from seized devices.
MLAT Process
Mutual Legal Assistance Treaty (MLAT) is required for obtaining content data from foreign platforms:
- Prepare MLAT request with full case details
- Submit through State Home Department to MHA
- MHA reviews and forwards to MEA
- Request sent to US DOJ through diplomatic channels
- US court order obtained if approved
- Data provided to Indian authorities
Timeline: 6-12 months (can be expedited for serious cases)
RBI Directions (RBI Nirdesh)
Reserve Bank of India provides guidelines for banks regarding cyber fraud handling, customer liability, and dispute resolution that are crucial for investigators to understand.
Key RBI Circulars
- RBI/2017-18/15: Customer liability in unauthorized electronic banking transactions
- RBI/2019-20/42: Digital payment security controls
- RBI/2020-21/74: Online dispute resolution for digital payments
- Master Direction on Fraud: Classification and reporting of frauds
Customer Liability Framework
| Scenario | Reporting Time | Customer Liability |
|---|---|---|
| Bank/System fault | Any time | Zero liability |
| Third party breach (not customer/bank fault) | Within 3 days | Zero liability |
| Third party breach | 4-7 days | Maximum Rs. 10,000 |
| Third party breach | After 7 days | As per bank's board policy |
| Customer negligence | Any time | Full liability until report |
Fraud Reporting to RBI
Banks are required to report frauds to RBI through XBRL system:
- All frauds above Rs. 1 lakh to be reported within 3 weeks
- Large frauds (Rs. 50 crore+) to be reported within 7 days
- Flash reports for frauds above Rs. 5 crore within 7 days
- Quarterly fraud returns to RBI
NPCI and UPI Disputes (NPCI aur UPI Vivaad)
National Payments Corporation of India (NPCI) operates UPI, IMPS, and other payment systems. Understanding NPCI's dispute resolution mechanism is essential for financial cyber crime cases.
NPCI Dispute Resolution Mechanism
Customer Complaint
Customer first approaches their bank/PSP app. Complaint registered in UDIR (UPI Dispute and Issue Resolution) system.
Inter-Bank Resolution
Banks coordinate through NPCI platform. Debit bank, credit bank, and NPCI mediate resolution.
NPCI Adjudication
If banks cannot resolve, NPCI acts as adjudicator. Decision binding on member banks.
Escalation
Unresolved disputes can be escalated to Banking Ombudsman. Police case runs parallel.
UPI Transaction Reversal
Process for seeking UPI transaction reversal in fraud cases:
- Report fraud on 1930 helpline immediately
- Lodge complaint with bank/PSP app
- Bank initiates dispute in UDIR
- Police sends letter to beneficiary bank for freeze
- If funds available, reversal processed
- If funds withdrawn, recovery through legal process
Timelines for UPI Disputes
| Stage | Timeline |
|---|---|
| Customer complaint to bank | T+0 |
| Bank acknowledgment | T+2 days |
| Resolution by bank | T+5 days (simple), T+15 days (complex) |
| NPCI escalation resolution | 30 days from escalation |
| Banking Ombudsman | 30-60 days |
For UPI fraud cases, coordinate with both victim's PSP (PhonePe, GPay, etc.) and the beneficiary bank simultaneously. Victim's PSP can initiate reversal request while beneficiary bank can freeze funds. Both approaches together increase recovery chances.
- Establish direct contact with bank nodal officers for faster coordination
- Telecom data requests require SP/DCP level authorization
- Foreign social media platforms require requests through LEA portals
- Always send preservation requests before formal data requests
- RBI guidelines define customer liability based on reporting time
- NPCI dispute resolution runs parallel to police investigation