INTRODUCTION
The last two decades have been monumental in the growth of technology and the internet. Billions of people now have access to the internet and they can comfortably conduct transactions over the internet. While the internet has ensured the ease of conducting transactions in a short period of time, it has also seen a rise in the number of offenses committed through the internet. One such offense is Identity Theft. The huge blocks of data being stored over the internet have enabled the perpetrators to break in and gain access to the data.
WHAT IS IDENTITY THEFT?
Identity Theft refers to an offense wherein a person fraudulently gets access to another person’s personal data either for financial gain or for committing fraud. The perpetrators can steal important information such as bank account number, social security number or credit card information. The term “Identity Theft” has not been defined under any Indian law.
TYPES OF IDENTITY THEFT
Financial Identity Theft – This type of identity theft takes place when the culprit uses the personal information of a user to gain access to their finances such as bank account number, credit card information or loans. An example of Financial Identity Theft would include transferring money from the victim’s account or taking a loan in the victim’s name.
Medical Identity Theft – This could take place when the perpetrator uses the medical information of another person to get medical care himself. If they are in possession of the insurance information of the victim, they can pose as the victim to get medical attention or access to prescription drugs etc. The victim would face trouble as the perpetrator’s medical history might get added to the victim’s medical records.
Criminal Identity Theft – When a criminal gets arrested by the police, they may fraudulently pose themselves as being someone else to protect themselves. This could lead the victim to be falsely arrested and criminal charges might be filed against the victim. It may also impact the personal and professional life of the victim. It may be very difficult for the victim to clear his criminal record as the true identity of the actual culprit is usually very hard to determine.
Child Identity Theft – This takes place when the culprit uses a minor’s identity for personal gain. The culprit could be anyone including a friend, family member or a stranger. The security numbers of children are much sought after as they don’t have much information associated with it. Children are also targeted as they are not able to detect the fraud for a long period.
WAYS THROUGH WHICH IDENTITY THEFT CAN HAPPEN
Phishing – The perpetrators might send deceptive mails to the victims to trick them into providing personal information. Usually, the perpetrator would claim to belong to a reputed organisation to win the trust of the victim.
Smishing– This is very similar to phishing. But over here, the perpetrator would send text messages to the victims. They would typically impersonate reputed organisations and companies to trick the victim into divulging personal information.
Vishing – Over here, the perpetrators use phone calls to target the victims. The term “Vishing” is a combination of the word “Voice” and “Phishing”. The perpetrators would make false promises of a prize to the victim. They create fake caller IDs and profiles to make themselves look legitimate.
Skimming – This usually takes place when the victim swipes his credit/debit card. The scammers may tamper with the card machine or may place recording devices in the ATMs to gain access to the personal information of the victim.
Pharming – The perpetrator places a malicious code in the personal computer of the victim which redirects them to a fraudulent website with the intention of obtaining personal data of the victim. It takes place without the consent of the victim.
LAWS GOVERNING IDENTITY THEFT IN INDIA
Indian Penal Code/Bharatiya Nyaya Sanhita
Though the term “identity theft” involves the stealing of the personal data of the victim by the culprit, it does not come under the ambit of Section 378 of the IPC or Section 303 of the BNS. This is simply due to the fact that theft under the IPC/ BNS refers to movable property, which is tangible and capable of being severed from the earth. Identity information is in the form of binary data signals of zeroes and ones, guided by electricity. While Electricity does come within the purview of theft, the Supreme Court in the case of Avtar Singh v. State of Punjab(1964) held that Electricity came under the purview of theft due to the presence of Section 39 of the Electricity Act 1910 and it did not come under the purview of theft for other purposes. Therefore, theft of identity information in the form of binary data signals would not come under the purview of theft.
However, other provisions of the IPC/ BNS deal with identity theft. For instance, Section 464 of IPC /Section 335 of BNS refers to the making of a false document or false electronic document. The punishment for forgery is two years of imprisonment under Section 465 of IPC. Further, forgery for the purpose of cheating is also an offence under Section 468 of the IPC. Forgery for the purpose of harming the reputation of another person is an offence under Section 469. The provisions of Section 465,468 and 469 of the IPC have been consolidated under Section 336 of the BNS. The use of a genuine document as a forged document is an offence under Section 471 of the IPC/Section 340 of BNS. When the culprit is in possession of a document which he knows to be forged and if he intends to use that document as genuine, he will be punished under Section 474 of the IPC/Section 339 of BNS. Section 420 of the IPC which relates to cheating could also be used if the identification information of the individual is capable of being converted into valuable security. The corresponding provision in the BNS is Section 318.
Information Technology Act 2000
The IT Act 2000 is the main legislation relating to offenses committed in the cyberspace in India. Section 43 of IT Act 2000 provides for compensation to the affected person if a person accesses or secures access to a computer system without the permission of the owner of such a computer system. Section 66 of the IT Act states that if any person fraudulently or dishonestly commits any act provided under Section 43, then he/she shall be punished with three years of imprisonment and fine which may extend upto to Rs 5 lakh. Section 66B of the IT Act 2000 provides for punishment for dishonestly receiving stolen computer resource or communication device. Imprisonment for the same shall extend upto a period of three years and fine could extend upto Rs 1 lakh. Section 66C is the only provision in the IT Act 2000 that expressly deals with the punishment for the identity theft. This provision was added in the 2008 Amendment to the act. It states that any person who fraudulently or dishonestly makes use of electronic signature or password or any other unique identification feature of the other person shall be punished with imprisonment which may extend upto a period of three years or fine which may extend upto Rs 1 lakh. Section 66D of the act provides punishment for cheating by personation by using a computer resource. The imprisonment may extend upto three years and fine may extend upto Rs 1 lakh. Section 66E of the act provides punishment for violation of privacy and Section 66F provides punishment for cyberterrorism.
CONCLUSION
Identity theft poses a huge challenge to the conduct of safe transactions over the internet. It could pose an even bigger problem in a country like India where awareness relating to online frauds is already very low. India had already reported the most number of identity theft cases in the world in 2022. Identity theft may also put a huge burden on the economy of the country. It is important to spread awareness regarding identity theft and promulgate stricter penalties to prevent them from taking place.
Contributed By : Kritavirya Choudhary (Intern)