How fast can an AI voice agent block a lost or stolen bank card?

Block applied within 90–120 seconds of call start — 60–90 seconds for authentication and 10–20 seconds for the CMS API call. SMS confirmation with block timestamp within 30 seconds. Human equivalent: 6–12 minutes hold plus 4–6 minutes processing. RBI zero-liability clock starts at the block report timestamp.

How does the AI verify my identity when I've lost my card?

Card-loss-specific multi-factor flow: registered mobile OTP (no card required), date of birth, and a third factor — Aadhaar last 4, PAN last 4 or custom security question. After 3 failed attempts: security hold placed on account and immediate escalation to a human security agent. The caller is never simply disconnected.

Is 24/7 AI card blocking available for Indian banks?

Yes — full capability 24/7/365, no reduced-service mode. Card theft peaks at night, weekends and holidays when human call centres are understaffed. AI answers within 2 rings at any hour with the same block speed and authentication quality. Available as a standalone service or layered above an existing IVR.

Which card types can be blocked through a Kallix AI voice agent?

All card types your CMS supports via API: Visa, Mastercard and RuPay debit cards; credit cards across all networks; prepaid, travel and gift cards; corporate and fleet cards (with administrator authorisation layer). Card type identified from CMS — caller confirms which card to block, not the card details.

Can the AI issue a virtual card immediately after blocking the physical card?

Yes, if your CMS supports virtual card issuance via API. 16-digit virtual card number, expiry and CVV delivered via app push notification or encrypted WhatsApp — never read aloud. Active immediately for online transactions and mobile wallets (Google Pay, PhonePe). Eliminates days-long gap between block and physical replacement.

What happens to my UPI autopay and standing instructions after my card is blocked?

Agent reads active UPI autopay mandates, standing instructions and EMI debits from your payment system and flags those due within 7 days. SMS or WhatsApp summary sent before call ends. Advice on updating payment source in UPI apps provided. Service request created for standing instruction updates via relationship manager.

Can I temporarily block my card instead of permanently cancelling it?

Yes — temporary block is the default unless the caller confirms theft. Reversible via a follow-up AI call with the same authentication. Permanent cancel: card number invalidated, replacement required, cannot be undone. For suspected stolen cards, permanent cancel recommended — a blocked physical card can still be used for online CNP transactions with the card number.

What if unauthorised transactions happened before I reported the card lost?

Agent captures dispute details per transaction (date, amount, merchant) after blocking, creates a formal fraud case in your CRM, issues a dispute reference number, and warm-transfers to the fraud team with full context pre-loaded. RBI zero-liability or limited-liability determination begins from the block report timestamp. One call covers both block and fraud report.

Is AI card blocking compliant with RBI guidelines?

Yes. Compliant with RBI's 2017 circular on limiting customer liability and Master Direction on Digital Payment Security Controls 2021. Block timestamp logged with millisecond precision — starts RBI liability clock. DPDP 2023: India data residency (AWS ap-south-1), purpose-limited processing. Audit trail on every call available for RBI inspection.

How quickly can a replacement card be delivered after blocking?

Standard: 5–7 business days via India Post or bank courier partner. Express (major metros): same-day or next-business-day via tier-1 courier. Delivery options and timelines read from your CMS. Virtual card offered for immediate digital use while waiting for physical replacement. Address confirmation or change captured in the same blocking call.

Can I unblock my card if I find it after reporting it lost?

Yes, if the card was placed on temporary hold rather than permanently cancelled. Call back with the same authentication, request block reversal. AI checks CMS status and reverses if bank policy permits. Permanent cancel cannot be reversed — agent explains and offers virtual card. Reversal takes under 2 minutes.

What if I'm travelling internationally and my card is stolen?

AI accessible via international dialling. OTP fallback (Aadhaar last 4 or PAN last 4) if Indian SMS unavailable abroad. Visa Global Customer Assistance and Mastercard Global Service numbers provided for emergency replacement abroad. Current country captured — agent provides correct local assistance contact. NRI authentication path configured during onboarding.

Can a family member report a lost card on behalf of the account holder?

Yes, if the account holder's registered mobile is accessible for OTP. Both the account holder's OTP and a secondary knowledge factor from the reporter are required. Card and registered phone both missing: immediate human security escalation for video KYC or branch verification. No AI block without registered mobile OTP — prevents social engineering.

Does the AI initiate a chargeback for fraudulent transactions on a lost card?

AI captures structured dispute data (date, amount, merchant, reason classification) and creates a formal case in your CRM with a reference number. Disputes team files the chargeback with Visa, Mastercard or NPCI using the AI case. RBI dispute acknowledgement clock starts at AI case creation timestamp. AI does not interface directly with card networks.

What happens if I fail all identity verification during lost card reporting?

Security hold placed on account after 3 failed attempts — not a block. Failed attempt log with timestamps. Immediate escalation to human security agent with priority flag. Human agent can complete video KYC, Aadhaar e-auth or branch verification and apply block retrospectively to original call timestamp. AI never disconnects — always provides escalation path.

How does the AI confirm the card block was successfully applied?

Synchronous CMS API response: success code received before agent verbally confirms. SMS with block timestamp and case reference within 30 seconds. Card declined for new transactions at moment of confirmation. CMS status re-queried before call ends to verify block is active. API failure: caller advised immediately and given alternative block methods.

What data does a bank get from AI-handled card blocking calls?

Block reports by hour and day (fraud hotspot detection), average call-start-to-block time, authentication success and failure rates, dispute initiation rate per block, replacement volumes, geographic clustering for ATM skimming detection. Webhook export to fraud analytics platform for real-time model enrichment. All data available for regulatory reporting.

Why report a lost card through AI instead of visiting a branch?

AI: 24/7, 2-ring answer, block in under 2 minutes, accessible from any phone anywhere. Branch: unavailable nights, weekends and holidays — up to 10+ hour delay. Net banking: requires remembered credentials, inaccessible if phone is also stolen. Voice is the most universally accessible channel in the highest-risk moments for card loss.

How much does an AI card blocking service save compared to a human contact centre?

AI cost per call ₹8–₹12 vs human ₹50–₹80. 5,000 monthly card block calls: AI saves ₹2.1L–₹3.4L/month. 24/7 coverage included — no night-shift staffing cost (₹60,000–₹1.75L/month saved). Payback within 3–4 months. One prevented ₹50,000 fraud incident covers months of AI operating cost.

Can the AI handle both debit and credit card blocking in the same call?

Yes. After one authentication, the agent retrieves all cards on the account and presents a masked list. Caller selects any or all cards to block in the same session. Essential for wallet theft where debit and credit cards are stolen together. Multi-card block completes in under 60 seconds after authentication.

Updated May 19, 202628 min readPriya Sharma30 questionsFinance

AI voice agent for lost and stolen card reporting: instant blocking, any hour

Comprehensive FAQ on deploying a Kallix AI voice agent for lost and stolen card reporting: instant card blocking, identity verification without the physical card, replacement issuance, unauthorised transaction dispute triage, RBI zero-liability compliance and 24/7 availability — 30 expert answers.

The 30-second answer · TL;DR

A Kallix AI voice agent handles the full lost or stolen card workflow in a single call: multi-factor identity verification without the physical card, instant block applied via your card management system API, replacement request initiated, SMS confirmation delivered within 30 seconds, and — if unauthorised transactions have occurred — a structured dispute case opened with a reference number before the call ends. Average call duration is 2.5–3.5 minutes. Available 24/7/365, including the late nights, weekends and holidays when card theft is most likely to happen.

Direct answer

A Kallix AI voice agent receives a lost or stolen card report, verifies caller identity through multi-factor authentication without requiring the physical card, blocks the card instantly via your card management system API, initiates a replacement request, dispatches SMS confirmation within 30 seconds, and opens a dispute case if unauthorised transactions have occurred — all in one call under 3.5 minutes.

The lost card call is one of the most time-critical interactions in retail banking. Every minute between the theft and the block is a window in which the card can be used fraudulently. An AI agent that answers within 2 rings, 24/7, and completes the block in under 90 seconds from authentication removes that window regardless of when the loss is discovered.

Beyond the block itself, the agent handles the full downstream workflow: replacement card request with delivery preference captured, virtual card issuance if your card management system supports it, an SMS summary of linked UPI mandates and standing instructions that will be affected, and a dispute case reference number for any unauthorised transactions — all before the caller hangs up. Human agents handling the same call average 8–15 minutes including hold time.

Block applied via CMS API within 90 seconds of authentication
Multi-factor identity verification without requiring the physical card
Replacement request initiated with delivery address confirmed in-call
SMS confirmation with block timestamp and case reference within 30 seconds
Unauthorised transaction dispute case opened with reference number
Average total call time: 2.5–3.5 minutes vs 8–15 minutes for human agents

AI banking FAQ

Direct answer

The card block is applied at the moment of caller confirmation — typically within 90–120 seconds of the call starting, covering 60–90 seconds for authentication and 10–20 seconds for the card management system API call. SMS confirmation of the block lands on the registered mobile within 30 seconds of the block being applied.

Speed is the primary safety metric for card blocking. RBI's zero-liability framework uses the time of the customer's block report as the reference point for determining financial liability for unauthorised transactions — the faster the block is confirmed, the clearer the liability boundary. An AI that answers within 2 rings and completes the block in under 2 minutes is structurally faster than any human call centre that requires navigating an IVR, waiting on hold, and re-explaining the situation to an agent.

For comparison: in most Indian bank contact centres during peak hours, the average wait time before reaching a card blocking agent is 6–12 minutes. After connecting, human authentication and block processing adds 4–6 minutes. The AI eliminates both delays, reducing the window for fraudulent transactions to minutes rather than hours.

Block applied within 90–120 seconds of call start — authentication included
CMS API call completes block in 10–20 seconds after confirmation
SMS confirmation with block timestamp within 30 seconds of block applied
Human equivalent: 6–12 minutes hold + 4–6 minutes processing
RBI zero-liability clock starts at the block report timestamp — speed is financial protection
Available within 2 rings, 24/7 — no hold time, no shift gap

Direct answer

Kallix uses a card-loss-specific authentication flow that does not require the card to be present. Standard factors: registered mobile OTP, date of birth, last 4 digits of Aadhaar or PAN, and a custom security question configured by your bank. The exact factor set is agreed with your compliance team during onboarding to meet RBI requirements for phone-based card blocking.

Standard banking authentication relies partly on physical possession of the card — its number, CVV, or PIN. A lost card call breaks that assumption entirely. The authentication flow we configure for card blocking uses knowledge factors and possession of the registered mobile only: OTP on registered mobile (proving the caller controls the registered number), date of birth (a knowledge factor), and one additional factor from a list your bank configures — Aadhaar last 4, PAN last 4, mother's maiden name, or last transaction amount.

For callers who have also lost their registered mobile along with the card — a common scenario in a bag theft — the AI flags the call as a 'dual-loss event' and immediately escalates to a human security agent with a priority flag. The AI does not attempt to authenticate without the registered mobile OTP in this scenario, as doing so would create a social engineering vulnerability.

Factor 1: OTP on registered mobile — no card number needed
Factor 2: date of birth (knowledge factor)
Factor 3: Aadhaar last 4, PAN last 4, or custom security question (bank-configured)
Dual-loss event (phone and card both lost): immediate human security escalation
Authentication factor set agreed with your compliance team during onboarding
No card number, CVV or PIN required — designed specifically for card-loss scenarios

Direct answer

Yes. The AI card blocking agent operates 24/7/365 with no capability reduction outside business hours. Card theft and loss happen disproportionately late at night, on weekends and during festivals — precisely when human call centres are understaffed, have extended hold times, or route to a reduced-service IVR. Immediate availability is the single most important safety feature of AI-handled card blocking.

Fraud data consistently shows that stolen cards are used most aggressively in the first 2–4 hours after theft, often late at night or in locations far from the victim's home city. Human contact centre staffing patterns are the inverse of this risk profile: skeleton night shifts, long queues during peak fraud periods like festival seasons, and full capability only during business hours. The AI maintains the same response capability at 2am on a public holiday as at 2pm on a Tuesday.

For banks with existing 24/7 human card blocking operations, the AI doesn't replace the overnight team — it handles the volume of routine block requests so human agents can focus on complex cases, dual-loss events, and high-value account escalations. Banks without 24/7 human coverage use the AI to provide genuine around-the-clock service without the cost of a full overnight shift.

Full capability 24/7/365 — no reduced-service mode at any hour
Card theft risk peaks at night, weekends and festivals — when human coverage is lowest
Answers within 2 rings regardless of call volume or time of day
Same authentication, same block speed, same confirmation at 3am as at 3pm
For banks without overnight human teams: provides genuine 24/7 card safety
For banks with overnight teams: handles routine volume so humans focus on complex cases

Direct answer

The agent blocks any card type your card management system supports via API: debit cards (Visa, Mastercard, RuPay), credit cards across all networks, prepaid cards, corporate expense cards, add-on or supplementary cards, and multi-currency travel cards. Card type and network are read from your CMS record — the caller only needs to confirm which card they are reporting.

Card type identification is handled by the agent, not the caller. After authentication, the agent retrieves all active cards linked to the account from your CMS and reads back a masked list — for example, 'I can see a Visa debit card ending 4821 and a RuPay credit card ending 7934. Which one are you reporting?' This prevents errors from callers who don't know their card network and ensures the right card is blocked.

For RuPay cards — the dominant debit card network for Jan Dhan accounts and government scheme beneficiaries — we support NPCI's card management API for blocking and replacement initiation. This is particularly important for public sector banks and NBFCs with large rural customer bases where RuPay penetration is highest.

Debit cards: Visa, Mastercard, RuPay — all issuing banks
Credit cards: all networks, primary and supplementary cards
Prepaid cards: gift cards, travel cards, government benefit cards
Corporate and fleet cards: with additional administrator authentication layer
RuPay: NPCI CMS API supported for block and replacement initiation
Card identified from CMS — caller confirms which card, not the card details

Direct answer

Yes. Most card management systems support a temporary block distinct from permanent cancellation. The AI defaults to temporary block unless the caller explicitly confirms the card is stolen and they want a replacement issued. A temporary block can be reversed by the AI in a follow-up call if the card is found — permanent cancellation requires a new card number and cannot be undone.

The distinction between temporary block and permanent cancellation is important because many 'lost card' calls turn out to be misplaced cards. If the card is permanently cancelled and the caller finds it an hour later, they must wait for a replacement card — creating unnecessary friction and cost. The AI defaults to the reversible option and asks a single clarifying question: 'Do you believe this card has been stolen, or might you have misplaced it?' The answer determines whether a temporary block or permanent cancel is the appropriate action.

For stolen card reports where fraud is suspected, the agent always recommends permanent cancellation and a new card number — a temporary block does not help if the card number has been compromised. The agent explains this distinction in plain language: 'Since you believe it was stolen, I recommend permanently cancelling and issuing a new card, as the old card number could still be used for online transactions even if the physical card is blocked.'

Temporary block: card declined for new transactions, reversible via a follow-up call
Permanent cancellation: card number invalidated, replacement required
AI defaults to temporary block and asks one clarifying question before cancelling
Stolen card: AI recommends permanent cancel to prevent CNP (card-not-present) fraud
Misplaced card: temporary block confirmed — caller can request reversal if found
Block type and rationale explained in plain language before action taken

Direct answer

The AI card blocking agent is accessible via international dialling to the bank's published helpline number. It supports English and Hindi for Indian nationals abroad and completes the same multi-factor authentication regardless of the caller's location. For international emergency cash, the agent can initiate a referral to your bank's emergency cash advance or Western Union partner programme.

International lost card scenarios have two complications: the caller may not be able to receive an Indian mobile SMS for OTP, and they may need emergency cash or a replacement card in a foreign country. The AI handles the first by offering an alternative verification factor — Aadhaar last 4 or date of birth — if the caller confirms they cannot receive the OTP on their Indian number. This must be configured as an allowable fallback in your policy for international callers.

For emergency cash and emergency card replacement abroad, the agent captures the country, city and preferred contact method and creates a high-priority referral case for your bank's international assistance team or VISA/Mastercard emergency services. It provides the caller with the relevant network's international emergency assistance number — Visa Global Customer Assistance Services or Mastercard Global Service — so they have an immediate escalation path while the bank's team responds.

Accessible via international dialling to the bank's published helpline number
English and Hindi supported for Indian nationals calling from abroad
OTP fallback for callers who cannot receive Indian SMS internationally
Emergency cash referral: bank's international assistance or network partner
Visa Global Customer Assistance and Mastercard Global Service numbers provided
International caller policy (OTP fallback) configured during onboarding

Direct answer

Yes. After blocking the card, the agent asks whether the caller is aware of any unauthorised transactions. If yes, it captures structured details — date, amount, merchant, transaction type — creates a formal dispute case in your CRM, issues a dispute reference number, and warm-transfers to the fraud investigations team with full context pre-loaded. RBI's zero-liability or limited-liability determination begins from the block report timestamp.

The dispute capture flow runs immediately after the block confirmation, while the caller is still on the line. The agent asks: 'Before I let you go, are you aware of any transactions on this card that you did not make?' If the caller says yes, it collects details for each transaction systematically — date, approximate amount, merchant name or transaction description — and creates a structured fraud case in your CRM without requiring a second call to the disputes team.

RBI's 2017 circular on limiting customer liability establishes that zero liability applies when the fraud is reported within 3 working days of the bank notifying the customer, and limited liability (capped at ₹5,000–₹25,000 depending on account type) applies in other scenarios. The precise timestamp logged by the AI becomes the formal evidence of when the report was made — making accurate, immediate logging a direct financial protection tool for the customer.

Dispute triage runs immediately after block, before call ends
Structured capture: date, amount, merchant, transaction type for each disputed transaction
Formal fraud case created in CRM with reference number issued to caller
Warm transfer to fraud investigations with full case context pre-loaded
RBI zero-liability clock starts at the AI's block report timestamp
One call covers both the block and the fraud report — no second call needed

Direct answer

After blocking, the agent confirms the mailing address on file, asks whether standard or express delivery is preferred, captures any address change if needed, creates a replacement card request in your card management system, and sends an SMS confirmation with the expected delivery window. The caller can also request a virtual card number for immediate digital use while waiting.

Replacement card initiation is a single API call to your card management system after the block is confirmed. The agent reads back the registered mailing address, asks the caller to confirm it or provide an alternate address, presents the delivery options available (standard or express, with timelines), and submits the replacement request — all within 45–60 seconds of the block being applied.

For cases where the customer needs immediate purchasing capability — they are traveling or have an urgent online payment — the agent asks whether a virtual card number would be helpful and, if the bank's CMS supports virtual card issuance via API, delivers the 16-digit virtual card number, expiry and CVV via a secure channel (encrypted WhatsApp message to the verified registered mobile or the bank's app push notification). This eliminates the days-long gap between block and replacement for customers with urgent need.

Address confirmation or update captured before replacement request submitted
Standard or express delivery options presented with real timelines
Replacement request submitted to CMS via API before call ends
SMS confirmation with replacement reference and expected delivery window
Virtual card option offered for immediate digital purchasing capability
Entire replacement initiation adds 45–60 seconds to the call — not a separate interaction

Direct answer

Yes, if your card management system supports virtual card issuance via API. After the physical block, the agent requests a virtual card number from your CMS, and delivers the 16-digit number, expiry and CVV via your bank's registered app push notification or an encrypted WhatsApp message to the verified mobile — active immediately for online and contactless transactions.

Virtual card issuance during the blocking call eliminates the most painful consequence of a lost card: the days-long gap between block and physical replacement during which the customer has no payment capability. For a customer who loses their card on a work trip, or whose card is the only payment method in their wallet, an immediately active virtual card is transformational — they can continue transacting online and via mobile wallets (Google Pay, PhonePe) within minutes of the report.

Security for virtual card delivery is critical. The virtual card number, expiry and CVV are never read aloud over the phone — they are delivered only through a secure, authenticated channel: an encrypted push notification to the bank's registered app on the customer's device, or an end-to-end encrypted WhatsApp message to the verified registered number. The delivery channel is agreed with your security team during onboarding and cannot be overridden during a call.

Virtual card active immediately after physical block — no gap in payment capability
Available if your CMS supports virtual card issuance via API
Card details never read aloud — delivered via app push or encrypted WhatsApp only
Works with Google Pay, PhonePe, Paytm and other mobile wallets immediately
Eliminates days-long payment gap for urgent-need customers (travel, solo earner)
Delivery channel configured during onboarding — cannot be changed during a call

Direct answer

The agent reads active UPI autopay mandates, standing instructions and upcoming EMI debits linked to the blocked card from your payment system (where available via API) and reads them back to the caller. It flags any payment due within the next 7 days and sends a WhatsApp or SMS summary of affected payments to the registered mobile before the call ends.

A blocked card creates silent failures downstream: UPI autopay mandates fail on execution, standing instructions for utility bills and insurance premiums bounce, and EMI debits decline — often triggering late payment fees and affecting credit scores without the customer realising the connection to the card block. Proactively surfacing this list during the blocking call is one of the highest-value actions the AI takes, because it gives the customer time to update payment methods before the next due date.

The agent does not automatically cancel any linked payments — it surfaces the list and advises. For UPI autopay mandates, it explains that the customer will need to update the payment source in the relevant app (PhonePe, GPay, BHIM) once the new card is activated. For standing instructions registered directly with the bank, it offers to create a service request for the customer's relationship manager to assist with the update.

Active UPI autopay mandates listed and flagged if due within 7 days
Standing instructions and ECS debits identified from payment system
EMI debits linked to card: upcoming dates flagged with amounts
SMS or WhatsApp summary of all affected payments sent before call ends
Advice on updating payment source in UPI apps (GPay, PhonePe, BHIM)
Service request created for standing instruction update via relationship manager

Direct answer

Yes. After one successful authentication, the agent retrieves all active cards linked to the account from your CMS and presents a masked list to the caller. The caller can select any or all cards to block in the same session. This is essential for joint accounts, family floater cards and customers who had both a debit and credit card in a stolen wallet.

Wallet theft — the most common physical card theft scenario — typically results in multiple cards being stolen at once. A customer whose wallet is stolen usually needs to block their debit card, credit card and any co-branded cards simultaneously. Requiring separate calls for each card creates both customer friction and risk: the unblocked cards remain active while the caller navigates multiple call flows.

The agent presents the masked card list — for example, 'I can see three cards: Visa debit ending 4821, HDFC credit card ending 7934, and a RuPay debit ending 2201. Would you like to block all three, or specific ones?' — and processes the blocks sequentially with a single CMS API call per card. The entire multi-card block takes under 60 seconds once authentication is complete.

Single authentication covers all cards on the account
Masked card list read back: caller selects cards to block
All selected cards blocked sequentially in the same call
Critical for wallet theft: debit + credit + add-on cards blocked together
Joint account cards identified and listed — caller confirms which to block
Multi-card block under 60 seconds after authentication completes

Direct answer

Yes. AI card blocking aligns with RBI's 2017 circular on limiting customer liability in unauthorised electronic banking transactions. The AI logs the exact timestamp of the block report, which is the reference point for applying the zero-liability or limited-liability framework. DPDP 2023 compliance is maintained through India data residency and purpose-limited data access.

RBI's circular on customer liability establishes that a customer bears zero liability for fraud if the breach is in the bank's system — and limited liability (₹5,000–₹25,000 depending on account type) if the breach is at the customer end but reported within 3 working days. The precise timestamp of the loss report — not the call connection time, but the moment the block is confirmed — determines liability calculation. The AI logs this timestamp in your CMS with millisecond precision and includes it in the SMS confirmation sent to the customer, creating an auditable record.

For DPDP 2023, the card blocking call processes sensitive personal and financial data under the 'legitimate use' basis in a banking context. Call recordings, authentication logs and case notes are stored on AWS ap-south-1 (India) by default, processed only for the purpose of executing the card block and any associated fraud case, and retained according to your bank's document retention policy.

Block timestamp logged with millisecond precision in CMS — starts RBI liability clock
SMS confirmation to customer includes timestamp — creates auditable customer record
Compliant with RBI circular on limiting customer liability (2017)
Zero-liability applies when reported promptly: AI's 24/7 availability protects customers
DPDP 2023: India data residency, purpose-limited processing, configurable retention
Audit trail for every block event available for RBI inspection on demand

Direct answer

The AI offers multiple fallback verification paths: registered mobile OTP (most common), date of birth, last 4 digits of Aadhaar or PAN, last transaction amount on the account, or registered email OTP. If all configured factors fail after 3 attempts, the call escalates to a human security agent with a priority 'security escalation' flag — the caller is never simply disconnected.

Lost card calls are inherently stressful, and stressed callers frequently fail authentication steps they would pass under normal conditions — forgetting security answers, misremembering dates, or mistyping OTPs. The AI is configured to be patient: it reads the options clearly, gives the caller time to respond, and offers a different factor if the first attempt fails, rather than repeating the same failed factor.

The escalation path after 3 failed attempts is designed specifically to avoid creating a social engineering gap: the AI does not give any indication of which factor was close or which was far off, does not offer unlimited retries, and does not allow the block to proceed without successful authentication. It places the account on a temporary security watch and escalates to a human agent who can complete manual verification through your bank's in-branch or video-KYC process.

Primary: OTP on registered mobile — available for most callers
Fallback 1: date of birth
Fallback 2: Aadhaar last 4 or PAN last 4
Fallback 3: last transaction amount on account
Fallback 4: registered email OTP (if email on file)
After 3 failed attempts: security hold on account + human security escalation

Direct answer

Standard delivery in India is 5–7 business days via India Post or your bank's courier partner. With express card issuance enabled in your card management system, same-day or next-business-day delivery is available in major metro cities. The AI presents all available delivery options with timelines during the call and confirms the caller's preference.

Delivery timelines are determined by your card issuance and logistics configuration, not by the AI — the agent reads the options your CMS exposes. Standard delivery uses India Post or Blue Dart depending on your bank's contract. Express delivery, where available, typically uses a tier-1 courier (Delhivery, DTDC, Blue Dart Express) and is available in the top 25–30 cities.

For customers with urgent need — traveling, living alone, or in a medical situation — the agent flags the case as urgent in the replacement request, which may unlock priority processing in your bank's card issuance workflow. If virtual card issuance is available, it is offered alongside the physical replacement so the customer has payment capability immediately without waiting for the courier.

Standard: 5–7 business days via India Post or bank courier partner
Express (metro cities): same-day or next-business-day via tier-1 courier
Delivery options and timelines read from your CMS — accurate at call time
Urgent flag applied to replacement request for priority processing
Address confirmation or change captured before replacement submitted
Virtual card offered alongside physical replacement for immediate use

Direct answer

Yes, if the card was placed on a temporary hold rather than permanently cancelled. The caller dials back, completes the same multi-factor authentication, and requests a block reversal. The AI checks the card status in the CMS and — if your bank's policy permits reversal and the card is not permanently cancelled — unblocks the card and sends SMS confirmation.

Temporary block reversal is one of the most common follow-up actions after a lost card report. Many 'lost' cards turn out to be misplaced at home, at a friend's place, or left in a hotel room — and found within hours or days of the block. The ability to reverse a temporary block via an AI call, without visiting a branch or waiting for a human agent, is a significant convenience improvement for customers and reduces the cost of handling these follow-up calls.

Permanently cancelled cards — those where a new card number has already been issued — cannot be reversed. The AI explains this clearly: 'Your card was permanently cancelled and a replacement is already in transit. The old card number can no longer be activated. You can use the virtual card while waiting for your physical replacement.' This prevents caller frustration from unclear expectations about what reversal is possible.

Temporary block reversal: available via AI call with same authentication
Block status checked in CMS before reversal is offered
SMS confirmation sent after successful reversal
Permanent cancel: cannot be reversed — agent explains clearly and offers virtual card
Reversal permitted by bank policy configured during onboarding
Reduces follow-up call handling cost — reversal takes under 2 minutes

Direct answer

Yes. An SMS is sent to the registered mobile within 30 seconds of the block being applied, confirming the last 4 digits of the blocked card, the exact block timestamp, and a unique case reference number. If the customer is registered on the bank's WhatsApp Business channel, a WhatsApp confirmation with the same details is also delivered.

The confirmation SMS serves three purposes. For the customer, it is immediate assurance that the block was successfully applied — critical in a stressful situation. For liability purposes, it creates a customer-held record of the block timestamp that matches the bank's CMS log — important if a dispute about liability timing arises later. For your compliance and operations teams, it is auditable evidence of timely communication as required by RBI's customer protection guidelines.

The confirmation message is templated and pre-approved during onboarding. It includes: bank name, card type and last 4 digits, block confirmation time in IST (hours, minutes, seconds), case reference number, and a statement that the card is now declined for all transactions. It does not include sensitive data. If the customer's registered mobile is different from the number they called from — common when reporting from a borrowed phone — the SMS still goes to the registered number on file, which is the number that matters for RBI liability purposes.

SMS delivered to registered mobile within 30 seconds of block applied
Contents: card last 4 digits, exact block timestamp (IST), case reference number
WhatsApp confirmation if customer is on bank's WhatsApp Business channel
Timestamp in SMS matches CMS log — dual record for RBI liability purposes
SMS sent to registered mobile — not the calling number — which is the liability reference
Message template pre-approved during onboarding

Direct answer

Third-party card reporting follows your bank's authorised agent policy. The AI requires both the account holder's registered mobile OTP — meaning the account holder's phone must be accessible to receive the OTP — and a secondary knowledge factor from the reporter. If the registered mobile is also missing, the AI escalates immediately to a human security agent.

Third-party reporting is a nuanced compliance area: banks must balance the urgency of protecting the customer's account against the social engineering risk of an unauthorised person blocking a card. Our standard configuration requires the OTP to be received on the account holder's registered mobile — which means either the account holder is present to receive it, or the family member has access to that device. This is the minimum authentication bar for a card block on behalf of another person.

For situations where both the card and the registered phone are lost — the highest-risk scenario — the AI declines to proceed with AI authentication and escalates immediately to a human security agent with a priority flag. The human agent can invoke your bank's alternative identity verification process, which may include video KYC, Aadhaar e-KYC, or in-branch identity verification. The AI explains this clearly to the caller and provides the escalation path.

Third-party reporting requires registered mobile OTP on the account holder's device
Secondary knowledge factor required from the reporting family member
Both card and registered phone lost: immediate human security escalation
No AI block processed without registered mobile OTP — prevents social engineering
Human escalation path explained to caller: video KYC or branch verification
Third-party policy configured by your bank's compliance team during onboarding

Direct answer

Yes. Corporate card blocking requires an additional administrator authentication layer — typically the company's designated card administrator — before the block is processed. The agent verifies both the cardholder's identity and the administrator-level authorisation, then blocks the card and notifies both the cardholder and the registered corporate finance contact simultaneously.

Corporate card programmes introduce an organisational layer that personal card blocking doesn't have: the card is a company asset, and the block decision may require authorisation from the card programme administrator, not just the individual cardholder. We configure the corporate card blocking flow during onboarding in collaboration with your corporate banking team: typically the cardholder completes personal authentication, the agent confirms the company card programme account, and a pre-registered administrator PIN or approval code is required before the block is executed.

For fleet card programmes — where cards are assigned to vehicles rather than individuals — the identification flow uses vehicle registration or fleet ID rather than personal details. The block and replacement request are routed to the fleet programme manager simultaneously with cardholder notification. Corporate and fleet card replacement timelines may differ from personal card timelines if your bank has a separate issuance process for corporate cards.

Corporate cards: cardholder authentication + administrator authorisation required
Administrator authorisation: pre-registered PIN or approval code during onboarding
Block confirmation sent to both cardholder and registered corporate finance contact
Fleet cards: vehicle registration or fleet ID used for identification
Fleet programme manager notified simultaneously with block confirmation
Corporate card replacement routed per bank's corporate issuance process

Direct answer

ATM skimming and card cloning are handled as 'card compromised' rather than 'card lost'. The AI blocks the physical card immediately, captures the suspected skimming location or merchant, asks about any unauthorised transactions since the suspected compromise date, creates a structured fraud case, and escalates to the card fraud team with the ATM location or merchant details captured from the caller.

Card skimming is distinct from card loss: the physical card is still in the customer's possession, but the card data has been compromised and cloned. The AI recognises this scenario when a caller says they have their card but noticed unauthorised transactions — and routes to the 'card compromised' flow rather than 'card lost'. The immediate action is the same (block the card), but the fraud case is flagged differently: as a potential skimming incident requiring ATM investigation or merchant fraud reporting.

For ATM skimming specifically, the agent captures the ATM location (bank name, branch or area) and approximate date of the suspicious transaction, which helps your fraud team identify the compromised terminal and potentially protect other customers who used the same ATM. This information is logged in the fraud case and forwarded to your fraud intelligence team as a potential card skimming incident report.

Skimming flow: physical card blocked even though still in customer's possession
ATM location and suspected compromise date captured for fraud intelligence
Unauthorised transactions logged per transaction for dispute filing
Fraud case flagged as 'card compromised' — distinct from 'card lost' in CRM
ATM incident report forwarded to fraud team for terminal investigation
Card number invalidated — cloned card becomes useless after block applied

Direct answer

Fraud with the card physically present typically indicates card-not-present fraud, digital cloning, or stolen card details. The AI treats this as a 'card compromise' and blocks the current card number — having the physical card is irrelevant once the number is compromised. The caller is advised to destroy the physical card, and a replacement with a new number is initiated.

Card-not-present (CNP) fraud — where the card number, expiry and CVV are stolen and used for online transactions without the physical card being taken — is the fastest-growing card fraud category. A customer who notices an unrecognised online transaction on their statement, or receives a transaction alert for a purchase they did not make, may still have their physical card. The AI explains that the card number itself has been compromised and must be replaced, even though the physical card is in hand.

The card-still-in-hand flow is identical to the standard block flow in terms of CMS actions: the current card number is blocked and a replacement is initiated. The difference is in the fraud case: it is flagged as CNP fraud, and the agent asks whether the card details may have been exposed through a phishing site, a data breach notification, or an unsecured online transaction — capturing the suspected channel of compromise for your fraud analytics team.

Physical card present does not mean the card number is safe — CNP fraud is common
Block applies to the card number, not the physical card — physical card must be destroyed
Replacement with new card number initiated immediately
Fraud case flagged as CNP: suspected channel of compromise captured from caller
Phishing or data breach as suspected cause logged for fraud intelligence
Caller advised: check statement for other unrecognised transactions going back 30 days

Direct answer

The AI escalates in five scenarios: all authentication factors failed after 3 attempts, the caller reports a violent theft or robbery (requiring emergency services referral), the card and registered phone are both lost (dual-loss event), the caller is abroad with no access to registered mobile OTP and fallbacks are exhausted, or disputed transaction amounts exceed your bank's configured AI triage threshold.

Escalation logic for card blocking calls is conservative by design: when in doubt, escalate. A human agent can take additional verification steps that the AI cannot — video KYC, asking the caller to describe a recent in-branch interaction, or routing to a branch for in-person verification. The AI never refuses to help a genuine customer because authentication failed; it always provides a human escalation path.

For violent theft reports — 'I was mugged' or 'someone grabbed my bag at knife point' — the agent's first response is to ask whether the caller is safe and whether they need emergency services, before proceeding to the card block. This is configured as a priority escalation flag: the card is blocked immediately using minimum-friction authentication, and the call is flagged for the fraud team as a robbery-related card loss, which may involve police FIR requirements in some banks' fraud protocols.

Authentication failure: escalates after 3 attempts with security hold on account
Violent theft: emergency services check first, minimum-friction block, fraud team alert
Dual-loss (card and phone both missing): immediate human security escalation
International caller without OTP access: fallbacks exhausted → human agent
High-value disputes: amounts above configured threshold routed to fraud investigations
Escalation path always explained to caller — they are never simply disconnected

Direct answer

The dashboard tracks: card block reports by hour and day (for fraud pattern and hotspot detection), average time from call start to block applied, authentication success rates, dispute initiation rates per block call, replacement request volumes, virtual card issuance rates and escalation reasons. All data is available for regulatory reporting and export.

Card blocking analytics serve two distinct purposes. Operationally, they show how well the AI is performing: block speed, authentication success rate, containment versus escalation rate, and whether the replacement flow is completing without errors. These metrics drive weekly tuning and configuration improvements.

For fraud intelligence, the call data reveals patterns invisible to human agents handling individual calls: geographic clustering of block reports at specific ATMs (indicating a skimmer), time-of-day patterns in card theft reports, or a spike in CNP fraud reports following a merchant data breach. Aggregated and anonymised block report data can be fed into your fraud analytics platform via webhook to enrich fraud detection models in real time.

Block report volume by hour, day and location — fraud hotspot detection
Average time from call start to block confirmed — primary performance metric
Authentication success and failure rates by factor type
Dispute initiation rate per block call — fraction of losses with fraud
Geographic clustering: ATM skimming hotspot identification from block reports
Webhook export to fraud analytics platform for real-time model enrichment

Direct answer

Yes. The AI is accessible via international dialling to the bank's published helpline. NRI customers are offered OTP-alternative verification factors — Aadhaar last 4, PAN last 4 or date of birth — if they cannot receive Indian mobile SMS abroad. For emergency cash and replacement card abroad, the agent initiates a referral to your bank's international emergency assistance programme or the relevant card network's global services.

NRI customers using Indian debit or credit cards while travelling often face a dual problem: their card is lost abroad and they may not have an active Indian SIM to receive OTPs. We configure a specific NRI authentication path during onboarding: the agent identifies when a caller is dialling from an international number, asks whether they can receive an OTP on their registered Indian mobile, and — if not — falls through to Aadhaar or PAN-based verification with heightened secondary factor requirements.

For Visa cardholders, the agent provides the Visa Global Customer Assistance Services number for the country they are in — available in 150+ countries. For Mastercard holders, the equivalent Mastercard Global Service number is provided. These network-level services can issue emergency replacement cards in many countries within 24–48 hours, independent of the issuing bank's own processes. The AI captures the caller's current country and city to provide the correct local contact information.

Accessible via international dialling to the bank's published helpline
NRI OTP fallback: Aadhaar last 4 or PAN last 4 if Indian SMS unavailable
Visa Global Customer Assistance: emergency card replacement in 150+ countries
Mastercard Global Service: equivalent emergency assistance for Mastercard holders
Current country and city captured — agent provides local assistance contact
NRI authentication path configured during onboarding with your compliance team

Direct answer

The AI captures all information required to initiate a chargeback — transaction date, amount, merchant, reason code — creates a formal dispute case in your CRM, and issues the caller a reference number with RBI-mandated timelines. The chargeback is filed by your disputes team using the AI-captured case; the agent does not directly interface with Visa or Mastercard dispute networks.

Chargeback initiation requires structured data that your disputes team submits to the card network (Visa, Mastercard, RuPay). The AI collects that data systematically during the call: for each disputed transaction, it asks the date, approximate amount, merchant name or description, and the reason ('I didn't make this purchase' is a reason code 10.4 — card-not-present fraud; 'I made this purchase but was charged the wrong amount' is a different reason code). This structured capture means your disputes team receives a fully formed case, not a free-text summary.

RBI mandates that banks acknowledge dispute registration within a defined window and resolve it within 45–90 days depending on transaction type. The AI's case creation timestamps the dispute registration — the formal start of the RBI clock. The case reference number given to the customer is the tracking number they can use with your disputes team for follow-up.

Structured capture per transaction: date, amount, merchant, reason classification
Formal dispute case created in CRM before call ends
Case reference number issued to customer — starts RBI dispute acknowledgement clock
Data formatted for disputes team submission to Visa, Mastercard or RuPay
AI does not submit to card networks directly — disputes team handles submission
RBI 45–90 day resolution clock starts at AI case creation timestamp

Direct answer

After 3 failed attempts across all configured verification factors, the AI places a security hold on the account, logs the failed attempts with timestamps and caller ID, and escalates to a human security agent with a priority 'unverified loss report' flag. The account is flagged for manual review. The AI never simply disconnects a caller who may be at genuine financial risk.

A caller who fails all verification attempts is in one of two situations: they are a genuine customer under extreme stress who has temporarily forgotten their details, or they are an unauthorised person attempting social engineering. The AI's response must protect against the second without abandoning the first — which is why escalation to a human security agent is always the outcome, never disconnection.

The security hold is separate from a card block: it flags the account for elevated monitoring but does not immediately restrict transactions. The human security agent can then complete manual verification through your bank's identity verification protocols — video KYC, Aadhaar e-authentication, or a branch visit — and, once identity is confirmed, apply the card block retrospectively timed to the original call. This maintains the RBI liability protection timeline for the genuine customer.

Security hold placed on account after 3 failed attempts — not a card block
Failed attempt log: timestamps, caller ID and factors attempted
Immediate escalation to human security agent with priority flag
Human agent can complete video KYC, Aadhaar e-auth or branch verification
Card block applied retrospectively to original call timestamp once identity confirmed
AI never disconnects — always provides a human escalation path

Direct answer

The AI reads the confirmation response code from your card management system API and verbally confirms the successful block before ending the call. The caller receives an SMS within 30 seconds with the block timestamp and case reference number. The card is declined for all new transactions at the moment of block — the agent can confirm this by re-querying the card status in the CMS before hanging up.

Confirmation reliability is a first-order design requirement for card blocking. A caller who is told the card is blocked, but the block was not actually applied due to a system error, is in a far worse position than if they had been told the block failed and given an alternative path. Our integration with the CMS API uses synchronous confirmation: the block request returns a success or failure code in real time, and the agent acts on that code before confirming to the caller.

In the rare case of a CMS API failure — network timeout, system maintenance — the agent tells the caller immediately that the block could not be confirmed, advises them to contact the bank's emergency number or visit the nearest branch for an immediate block, and creates a high-priority incident ticket in your operations system. It does not tell the caller the block was successful if it was not.

Synchronous CMS API: success or failure response received before agent confirms
Verbal confirmation after reading API success code — not assumed success
SMS with block timestamp and case reference within 30 seconds
Card declined immediately for new transactions at block confirmation
CMS status re-queried before call ends to verify block is active
API failure path: caller advised of failure and given alternative block methods

Direct answer

AI card blocking is available 24/7, answers within 2 rings, and completes the block in under 2 minutes — without requiring physical travel, app login, or remembered net banking credentials. A branch is unavailable nights, weekends and holidays. Net banking requires knowing the login and password — which many customers don't have accessible when their wallet or phone is stolen.

Each alternative has a critical failure mode in the specific context of card loss. A branch visit requires knowing the branch is open, travelling there safely — potentially problematic if the card was stolen in a threatening situation — and waiting in a queue. For a card stolen at 11pm on a Sunday, the branch option may not be available for 10+ hours.

Net banking and mobile banking apps require credentials — username, password, and often a device PIN. Many customers don't memorise these, rely on saved credentials on their phone, or are locked out of their app after being in a different city. Voice is the most universally accessible channel: anyone with access to any phone, regardless of location or device, can call the helpline. The AI's 24/7 availability and sub-2-minute block speed make it structurally superior to both alternatives in the specific scenario of card loss or theft.

AI: 24/7 availability, 2-ring answer, block in under 2 minutes
Branch: unavailable nights, weekends and holidays — up to 10+ hour delay
Net banking: requires remembered credentials — often inaccessible after theft
Mobile app: requires device access — unavailable if phone is also stolen
Voice is universally accessible: any phone, any location, any hour
Sub-2-minute AI block vs 15–20 minutes to reach a branch and queue

Direct answer

End-to-end call time averages 2.5–3.5 minutes for a straightforward block: 60–90 seconds for authentication, 10–20 seconds for the CMS block API call, and 45–75 seconds for replacement initiation and confirmation. With a dispute triage (unauthorised transactions), the call extends to 4–6 minutes. Compare to 8–15 minutes for the same call handled by a human agent including hold time.

The time breakdown is: greeting and reason capture (15–20 seconds), authentication (60–90 seconds across two factors), card identification from account (10 seconds), block confirmation and verbal confirmation (30 seconds including API response), replacement preference and address confirmation (45 seconds), SMS confirmation triggered (10 seconds), and closing (10 seconds). Total for a clean call: approximately 3 minutes.

With dispute triage — capturing details of unauthorised transactions — add 60–90 seconds per transaction. A caller with three disputed transactions adds approximately 3–4 minutes. The AI handles this efficiently by asking for all transactions before creating cases for each, rather than creating a case after each transaction, which reduces redundant steps.

Authentication: 60–90 seconds (two factors)
Card block and CMS confirmation: 30–40 seconds including API response
Replacement initiation and address confirmation: 45 seconds
Clean call total: 2.5–3.5 minutes
With dispute triage (3 transactions): 4–6 minutes total
Human agent equivalent: 8–15 minutes including hold, authentication, processing

Direct answer

AI handles card blocking at ₹8–₹12 per call versus ₹50–₹80 for a fully-staffed human agent in India — and with 24/7 coverage included. For a bank handling 5,000 card block calls monthly, AI saves ₹2.1L–₹3.4L per month. Payback on the Kallix deployment is typically achieved within 3–4 months.

The cost calculation has two components: per-call cost and coverage cost. Per-call, AI is 5–8x cheaper than a human agent for a straightforward card blocking interaction. Coverage, however, is where the financial advantage compounds: a human contact centre that provides 24/7 card blocking requires a night shift team — typically 3–5 agents at ₹20,000–₹35,000 per month each — adding ₹60,000–₹1.75L per month just for overnight coverage. The AI's 24/7 capability is included at no additional cost.

For banks that currently provide card blocking only during business hours — and route after-hours callers to a voicemail or a limited IVR — the AI unlocks the revenue-protective value of immediate card blocking at all hours. A single prevented fraud incident of ₹50,000 (well within the range of a night's worth of card fraud on an unblocked stolen card) covers months of AI operating cost.

AI cost per card blocking call: ₹8–₹12 vs human ₹50–₹80 (India contact centre)
5,000 monthly card block calls: AI saves ₹2.1L–₹3.4L per month
24/7 coverage: no additional staffing cost for overnight or weekend availability
Human 24/7 night shift: ₹60,000–₹1.75L/month — included free in AI deployment
Payback: typically 3–4 months from go-live
One prevented ₹50,000 fraud incident covers months of AI operating cost

Pricing and ROI FAQ