Part 2: How verifying telemarketing calls turns harassment into evidence — and evidence into compensation.
In Part 1 of this series, I covered what to do when banks and NBFCs bombard a DND-registered number with unsolicited calls — the deny-deflect-bribe-ghost playbook, and how to escalate through RBI and TRAI. This time, I want to talk about what happened when I stopped just blocking these calls and started verifying them instead.
The result: ₹15,000 in compensation from Bajaj Finance Limited, and ₹5,000 from Kotak Mahindra Bank — for a total of perhaps a dozen phone calls across both cases. Here is exactly how that happened, and how you can replicate it.
The Shift: From Blocking to Verifying
Most people do one of two things when an unknown number calls pitching a loan or credit card: they either ignore it, or they get annoyed and hang up immediately. Both reactions are understandable. Both also throw away your single best piece of leverage — the call itself.
Every unsolicited call pitching a financial product, from a regular 10-digit mobile number instead of the TRAI-mandated 140 or 160 series, is already a regulatory violation before the agent says a word. If you stay on the line for two more minutes and ask the right questions, you can turn that violation into documented proof that no bank can later deny.
The Verification Protocol
Here is the exact sequence I used, every time, once I realized what was happening.
Step 1 — Ask if they are an official employee or a partner
The moment the agent starts pitching a loan, overdraft, or credit card, I would ask directly: "Are you an official employee of this bank, or are you calling from a partner agency — a DSA or a freelancer?"
This single question does a lot of work. A genuine representative will usually answer honestly because they have nothing to hide. A vague or evasive answer is itself useful — it tells you the call is operating in a gray zone the bank would later try to disown.
Step 2 — If it's a partner, verify the partner
If they named a DSA (Direct Selling Agent) or partner company, I asked for the company name and checked their website. Two things mattered: was the website actually operational, and did it list the bank as an official partner? Many of these "partner" companies have a real web presence specifically because they need it to look legitimate to potential recruits and clients — which makes them easy to verify.
Step 3 — The financial-data line
This is the centerpiece of the whole approach. When the agent asked for my salary or other financial details, I would say something like: "This is financial information, and I'm not comfortable sharing it with someone over a call I didn't initiate — for all I know, you could be a spammer or a scammer. How can you prove to me that you're a genuine representative of this bank or its authorized partner?"
This is not rude, and it's not a trick question. It is, in fact, exactly the question every bank's own fraud-awareness messaging tells customers to ask. You are simply asking the caller to meet the standard their own employer publicly claims to uphold.
Step 4 — Watch what happens next
At this point, one of three things happens, and all three are useful to you:
- The agent hangs up. This itself is informative — a legitimate representative pitching a legitimate product should be able to provide some form of verification.
- The agent pushes back and asks again whether your salary is above a certain threshold, without offering any proof. Document this — it shows the entity prioritizing data collection over basic verification, which is itself a compliance failure.
- The agent agrees to verify. This is where the evidence starts.
The Smoking Gun: WhatsApp IDs and Official Emails
In several cases, agents who agreed to verify themselves did so in one of two ways: they messaged me on WhatsApp from their personal number with a photo of their employee ID card, or they sent me the loan/credit card offer via an official email address on the bank's domain.
This is the evidence that makes everything else possible. Once you have a timestamped call recording and a timestamped WhatsApp message or email from a verifiable source — an employee ID card, or an @bankname.com email address — the entity can no longer claim "this number doesn't belong to us" or "this person doesn't work for us." You have closed that escape route before they can even open it.
This also directly answers the question the DPDP Act 2023 entitles you to ask: where did this entity get your number, and who within their ecosystem is processing it? You're not asking them to investigate anymore — you're handing them the investigation, already completed.
Why You Should Still Follow Up (and Why RBI Cares)
Once I had the recording and the verification, I emailed the entity's Grievance team and Nodal Officer, attaching the evidence and asking them to confirm the call was from their team or an authorized partner, and to stop further calls.
The responses fell into two categories: templated replies that didn't really engage with the evidence, or responses that kept "extending" — asking for more time, more details, more patience.
Here is the part that matters: I followed up again after a few days, every time. RBI's process implicitly looks at whether the complainant made a genuine attempt to resolve the matter before escalating. A single email followed by an immediate RBI complaint looks different from a documented attempt at resolution that the entity failed to act on. The follow-up isn't just politeness — it's part of the evidence trail.
Some entities eventually replied saying they had added my number to their "internal DND list" and that calls would stop. That's a fine outcome for future calls — but it does nothing about the time and disruption already caused. That's where the Ombudsman complaint comes in.
When are you actually eligible to go to RBI? There are two clear triggers. If you emailed the entity's grievance team and received no response at all, you become eligible to approach the RBI Ombudsman once 30 days have passed from your complaint. If you did receive a response but it was unsatisfactory — a template reply, a denial, or anything that doesn't actually resolve the issue — you don't need to wait the full 30 days; you can escalate to RBI within a couple of days of that unsatisfactory response. Either way, keep both your original complaint and the entity's response (or lack of one) as part of your evidence.
Filing with RBI Ombudsman: The Practical Mechanics
This is the part most guides skip, so I'll be specific about what actually goes into the complaint.
If you've complained to this entity before, lead with your most recent complaint. If you have a history of complaints over months or years, the portal generally wants your most recent reference as the active one — don't bury it under older complaint numbers.
Convert everything to JPG or PDF. The RBI portal does not accept audio files as attachments — so the call recording itself doesn't go to RBI directly. Instead, the recording's role is to go to the entity first: when you email the grievance team and nodal officer, you mention (and ideally attach or share) the recording with them as part of your complaint to them. Their response — or failure to respond — to an email that references a recording becomes part of your written trail. For the RBI portal itself, what you upload is the JPG/PDF evidence of that trail: the entity's response emails, your follow-up emails, screenshots of WhatsApp messages, and the employee ID card photo.
The "Facts and Figures" section has a hard limit — keep it under 2000 characters, and it does not allow special characters at all. This isn't a case of special characters being poorly handled — they are simply not permitted in this field. That includes hyphens and colons, which people don't usually think of as "special." Write dates as words ("15 April 2026" rather than "15-04-2026"), write phone numbers as plain digit strings without hyphens or plus signs, and avoid currency symbols, parentheses, slashes, apostrophes, and em-dashes entirely. Stick to plain sentences using only letters, numbers, full stops, and spaces.
Explain that the entity's own investigation burden was effectively done by you. Be explicit: the entity was obligated under TRAI TCCCPR 2018 to scrub its calling lists and ensure its partners did the same. When you reported the calls, the standard response was denial. You then had to invest your own time recording calls and obtaining verification just to prove the call originated from their ecosystem — work that was, by regulation, theirs to do.
State a specific compensation figure, scaled to severity. This matters more than people realize — an open-ended "please compensate me" invites a token gesture. Depending on the number of calls and how long the issue persisted (a few calls over two weeks versus a pattern stretching over months), a reasonable ask might range from roughly Rs 25,000 for a brief, low-volume case up to Rs 3,00,000 — the ceiling for mental agony and harassment under the RBI Integrated Ombudsman Scheme — for a prolonged, high-volume pattern. Anchor your number to the actual disruption, not just a round figure.
Attach everything as evidence, not as narrative. The 2000-character field is your summary. The actual proof — your email correspondence with the entity (which references the recordings you already shared with them), screenshots, and written admissions — goes in as JPG/PDF attachments the investigating officer will review.
What Happened Next
Once RBI forwards a complaint to the entity, the dynamic changes completely. This is no longer a citizen's email that can be slow-walked with templates — it's a regulator asking for a response, on a timeline, with consequences for non-response.
| Bajaj Finance Limited | Kotak Mahindra Bank | |
|---|---|---|
| Calls received | Multiple, over an extended period | 2–3 calls |
| Verification obtained | Call recordings, written correspondence | Call recordings |
| Outcome | Entity acknowledged the issue, compensated for time and mental agony | Entity acknowledged the issue, compensated for time and mental agony |
| Compensation received | Rs 15,000 | Rs 5,000 |
The pattern is consistent: more calls and a longer duration translated into a higher compensation figure. Even a relatively minor case — just 2-3 calls from Kotak Mahindra — was enough to result in compensation, because the verification evidence made denial impossible from the outset.
In both cases, the entity also formally acknowledged to RBI that no further marketing calls would be made to that number from their side.
If They Call Again: Don't Dilute, File Fresh
If the same entity calls again after a resolved complaint, don't fold the new incident into the old, already-closed case. File a fresh complaint, with fresh evidence, treating it as a new instance.
This matters for two reasons. First, a closed complaint with a "no further calls" commitment that gets violated again is itself a stronger case — the entity broke a commitment made to a regulator, which is more serious than an initial violation. Second, keeping the incidents separate means your compensation request for the new incident isn't averaged down by the previous resolution. Each violation stands on its own.
A Note on Safety: Verification Is Not Entrapment
I want to be clear about what this approach is, and what it isn't.
This works because the calls were coming from real, identifiable financial institutions and their registered partners — entities with a legal existence, a compliance obligation, and a regulator. The verification protocol succeeds because it asks a genuine representative to do something they're already supposed to be able to do: prove who they are.
This is not a method for engaging with random scam calls in the hope of "catching" a fraudster. If a caller cannot or will not provide any verifiable identity and continues to push for sensitive information, that is not an opportunity for an RBI complaint — that's a potential fraud attempt, and the right destination is the National Cyber Crime Helpline at 1930 or cybercrime.gov.in.
And regardless of what "verification" a caller offers — even a seemingly genuine employee ID — never share OTPs, CVVs, full card numbers, or net banking credentials over a call you didn't initiate. No legitimate sales process requires these. The verification protocol above is about confirming who is calling and why, never about handing over anything that could be misused.
Appendix: A Fill-in-the-Blank RBI Complaint Template
Below is a plain-text template for the "Facts and Figures" field. The RBI portal does not permit special characters in this field at all — not hyphens, not colons, not brackets, not apostrophes, nothing beyond letters, numbers, full stops, and spaces. The template below is written entirely in that format. Replace the capitalised placeholder phrases with your own details before pasting, and make sure your replacements also avoid special characters — write dates as words and phone numbers as plain digit strings.
I am writing to file a complaint against BANK NAME for unsolicited telemarketing calls in violation of TRAI TCCCPR 2018 and the RBI Fair Practices Code. My mobile number YOUR MOBILE NUMBER is registered on the National DND registry under TRAI NCPR. Despite this I received repeated calls from individuals identifying themselves as employees or partners of BANK NAME pitching PRODUCT NAME such as a personal loan or credit card or overdraft facility. The calls were received from the following numbers on the following dates. CALLER NUMBER ONE on DATE ONE. CALLER NUMBER TWO on DATE TWO. CALLER NUMBER THREE on DATE THREE. None of these calls originated from the TRAI mandated 140 or 160 series for commercial communication which is a separate and independent violation. When I asked the callers to verify their identity DESCRIBE VERIFICATION RECEIVED such as the caller sending a photo of their employee identity card over WhatsApp from number CALLER WHATSAPP NUMBER or the caller sending an offer email from an official company email address. This confirmed the calls originated from BANK NAME or its authorized partner PARTNER NAME. I raised this matter with the entity grievance team and nodal officer by email on DATE OF FIRST COMPLAINT and followed up again on DATE OF FOLLOW UP but FIRST received only a template response with no resolution OR received no response at all. This has caused repeated disruption and mental distress over a period of DURATION OF ISSUE for example two weeks or three months. I have already shared the call recordings of these conversations with the entity grievance team by email as part of my complaint to them. I request RBI to direct BANK NAME to conduct a thorough investigation confirm the source of my personal data ensure permanent cessation of such calls from their ecosystem including all partners and compensate me for the time and mental agony caused in line with the provisions of the RBI Integrated Ombudsman Scheme for harassment and deficiency of service. I am attaching screenshots and email correspondence as supporting evidence with this complaint.
A note on the "FIRST received only a template response with no resolution OR received no response at all" line — pick whichever applies to your case and remove the other option entirely before submitting, since "OR" as a placeholder marker should not remain in the final text.
Useful Links
- RBI CMS (Ombudsman Portal): https://cms.rbi.org.in
- TRAI DND Registry: https://trai.gov.in/portals-apps/trai-apps
- National Cyber Crime Helpline (for genuine fraud, not telemarketing): 1930 or https://cybercrime.gov.in
- MeitY / DPDP Act: https://www.meity.gov.in
This article is a continuation of "They Called Me 50+ Times. I'm Not Even Their Customer. Here's What You Can Do About It." All figures and outcomes described are based on the author's own documented complaints.
0 Comments