Identity theft is the largest contributor to the rising levels of fraud in India. With information technology evolving, the types of crimes are also showing an evolving trend. The more we rely on digital documentation and identification, these issues will definitely crop up.
Identity theft or identity crime is an act where a person obtains personal particulars of an individual and fraudulently uses that information in an attempt to obtain monetary gains, loans, etc. A classic example of Identity Theft is by way of cloning of Debit and Credit Card. Therefore, when personal information that could access any finances of a person is stolen, the crime of identity theft or fraud is said to be committed.
There are various ways through which Identity Fraud could be committed. These are:
- Vishing: The most common and rising method through which identity fraud is Vishing. It is an act wherein thieves pretend to be employee, call centre representative duping them in revealing crucial information.
- Phishing: The second most common method of identity fraud these days is Phishing wherein thieves pretending to be representatives of certain organisations contact people through e-mail or texts luring them to furnish personal data.
- Hacking: It is the way by which thieves would break through the passwords and firewall of computers to gain access to personal data.
- Carding: The unauthorized use of the ATM debit and credits to withdraw money from bank accounts of the individual.
- E-mail/ SMS Spoofing: E-mails whose origin is different from where it actually originated whereas SMS Spoofing, information is stolen through the phone number and sending SMS’s through the internet and the receiver gets the SMS from the mobile number of the victim.
- Forgery: The act of producing documents passing them off as real with authentic signatures is known was forgery.
- Pharming: Pharming refers to the scamming practice in which the cybercriminal installs a malicious code on the personal computer or server, misdirecting users to a fraudulent website without their consent or knowledge.
- Credit Card Skimming: The victims of credit card skimming find fraudulent withdrawal of money and charges on their account. It is surprising to note that all this happens while the victim is in possession of the credit card.
The laws that govern the crimes of Identity Theft/Fraud are the Information Technology Act, 2000 and the Indian Penal Code, 1860.
The Information Technology Act, 2000
The aim of the Information Technology Act, 2000 was to provide legal recognition to the transactions carried out by the means of electronic data interchange and other means of electronic communication commonly referred to as electronic commerce which involve the use of alternatives to paper-based methods of communication and storage of information, to facilitate electronic filing of documents with the Government agencies.
Section 43 of the Act, lists down the penalty for damage to computer, computer system, etc. If any person without permission of the owner or any other person who is in charge of a computer, computer system or computer network, accesses or secures access to such computer, computer system or computer network, downloads, extracts or copies data, causes any contamination to the computer, damages the computer, causes disruption of any computer, denies access to any person authorised to access any computer, computer system or computer network by any means, steal, conceal, destroys or alters data or computer source code with an intention to cause damage shall be liable to pay damages to the person affected by way of compensation. Therefore, any probable offence that could occur with access to a computer system is covered under this section of the IT Act, 2000 with an intent to provide for compensation in the nature of damages.
Section 43 A of the Act, provides for compensation in terms of failure to protect data. It states that, –Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation to the person so affected.
Section 66 of the Act deals with Computer related offences and their punishment. It states that, If any person, dishonestly or fraudulently, does any act referred to in Section 43, he shall be punishable with imprisonment for a term which may extend to three years or with fine which may extend to five lakh rupees or with both.
Section 66Bstates that anyone who dishonestly receives or retains any stolen computer resource or communication device knowing or having reason to believe the same to be stolen computer resource or communication device, shall be punished with imprisonment of either description for a term which may extend to three years or with fine which may extend to rupees one lakh or with both.
Section 66 Cof the Act, explicitly lays down the punishment for Identity Theft. It states that whoever, fraudulently or dishonestly makes use of the electronic signature, password or any other unique identification feature of any other person, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to rupees one lakh.
Section 66 Dof the Act, states that, Whoever, by means of any communication device or computer resource cheats by personation, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to one lakh rupees.
The IT Act, 2000 has aimed to provide relief from any computer related offences or offences by means of procurement of electronic data. According to the National Crime Records Bureau the percentage of Cyber Crimes was up to 65% not including the fact that most such cases go unreported due to lack of awareness in terms of reliefs and remedies available in this regard.
The Indian Penal Code, 1860
The Indian Penal Code deals with a majority of offences and was also amended by way of the Information Technology Act to include offences related to computers and electronic data.
Section 464 deals with the offence of making a false document. The said document could have been signed, sealed or executed, makes or transmits any electronic record, or affixes any electronic signature with the intention of causing it to be believed to be so by the authority of he knows that it was not made, signed, sealed, executed or affixed.
It also includes people who without lawful authority, dishonestly or fraudulently alter parts of electronic documents. It also protects the rights of the deceased from misappropriation of electronic data. Further, it includes people who fraudulently cause a person to sign, seal, alter, execute or affix electronic signatures on a document the person does not know the contents of.
Section 465 deals with the punishment for forgery to be imprisonment for a term extendable up to two years or with fine or both.
Section 468Whoever commits forgery, intending that the document or electronic record forgedshall be used for the purpose of cheating, shall be punished with imprisonment of either description for a term which may extend to seven years, and shall also be liable to fine.
Section 469deals with forgery for the purpose of harming reputation and states the punishment for the same to be imprisonment of either description for a term which may extend to three years, and shall also be liable to fine.
Section 471 pertains to forged documents that are used as genuine with the knowledge of them being forged and the same shall be punishable in the same manner as if he had forged the document.
Section 474deals with having possession of a document described in Section 466 or 467, knowing it to be forged and intending to use it as genuine shall be punished with imprisonment of either description for a term which may extend to seven years and shall also be liable to fine.
The Information Technology Act and Indian Penal Code together provide for remedies for Identity Theft. Though Identity theft is explicitly mentioned only in Section 66 C of the IT Act, it can still be interpreted to happen under the various sections mentioned under both the Acts. The way of these crimes are evolving is rising each day, with new avenues in the electronic market, it is becoming difficult for the existing laws to catch up with the growth in information technology. It needs to take under its ambit crypto currency and many other such forms of electronic evolution.
How To Protect Yourself Against Fraud
- Do not click on Unauthorized Links.
- Do not Share personal information such as Customer ID, IPIN, Credit/Debit Card number, expiry date and CVV number among others with unauthorized personnel over e-mail, call or SMS.
- If, your mobile number has stopped working for longer than usual, immediately contact your mobile operator to enquire about the reason.
- Regularly check your credit and debit card statements and transaction history for any suspicious behaviour.
- Immediately share the fraud number by calling bank helpline number.
- Register your e-mail ID for instant alerts and stay informed about all activities in your bank account.
- Do not indulge with unexpected verification calls from the bank or service provider.
- It is always safer to directly communicate with your bank.
What to do in cases of Identity Theft
- As soon as you realize the possibility of an Identity Theft/Fraud, intimate your nearest police station and the department of cyber-crimes by calling the National Police Helpline Number 100.
- Register an FIR with all possible details of the fraud occurred.
- Take a copy of the same.
- Another recourse would be to file a complaint with the National Cyber Crime Portal (link mentioned below)
- In case of any assistance required in filing of the complaint, the Toll Free number is 155260.