Introduction
India is undergoing a rapid digital transformation, with more and more people accessing the internet for various purposes, such as banking, shopping, socializing, and entertainment. However, this also exposes them to new risks and challenges, especially in the realm of online identity theft. This is a type of cybercrime where a hacker gets hold of personal information from unsuspecting users and misuses it for illegal activities, such as cloning credit cards, applying for loans, extorting money, or pretending to be the user online. Online identity theft is a widespread issue that affects millions of people in India. It involves obtaining personal information from users through different techniques, such as phishing, hacking, or malware. The hacker can then use the information for malicious purposes, such as accessing bank accounts, applying for loans, or impersonating someone else.
Statistics and Trends
This scenario is not far-fetched, as online identity theft is a widespread and growing problem in India. According to recent reports, India has a high prevalence of online identity theft cases. In 2022, India ranked first among researched countries worldwide by the number of identity theft cases with an estimated 27.2 million adults affected. This shows the need for more awareness and protection measures to prevent online identity theft in India.
According to the National Crime Records Bureau (NCRB) reports, there were 4,071 cases of identity theft (section 66C of IT Act) and 11,422 cases of cheating by personation using a computer resource (section 66D of IT Act) in India in 2021. The data also indicates a decline in identity theft and cheating cases compared to 2020, but a significant increase in fraud cases, highlighting the need for attention to address the high crime rate related to fraud in India. The NCRB data further showed a 24.4% increase in cybercrime in India in 2022, with fraud, extortion, and sexual exploitation being the top motives. Cyber fraud constituted the majority of cases (64.8%), followed by extortion (5.5%) and sexual exploitation (5.2%).
A study by an IIT Kanpur-incubated start-up revealed that financial frauds accounted for over 75% of cybercrimes in India from January 2020 to June 2023, with nearly 50% of the cases related to UPI and internet banking. The study also highlighted that social media-related crimes accounted for 12% of the online offences during the same period.
Legal Consequences of Online Identity Theft in India
Section 66C of the Information Technology Act, 2000, deals with the punishment for identity theft. The section states “whoever, fraudulently or dishonestly makes use of the electronic signature, password, or any other unique identification feature of any other person, shall be punished with imprisonment of either description for a term which may extend to three years. This section aims to protect individuals from unauthorized use of their electronic signatures, passwords, or other unique identification features. According to this provision, offenders can face imprisonment for up to three years and fines of up to Rs. 1,00,000 (Rupees one lac).
Section 66D of the Information Technology Act, 2000, deals with the punishment for cheating by personation using a computer resource. The section states that whoever, by means of any communication device or computer resource, cheats by personation, shall be punished with imprisonment of either description for a term which may extend to three years
In addition to these sections, the Indian Penal Code introduces Section 419, penalizing cheating by personation. Those engaging in actions such as assuming another person’s identity, knowingly substituting one person for another, or falsely representing themselves or others may face imprisonment for up to three years, fines, or both. This provision is slated to be replaced by Section 319 of the Bharatiya Nyaya Sanhita, 2023, defining the offense of cheating by personation.
In cases of identity theft, Sections 463 and 468 of the Indian Penal Code, addressing forgery and “forgery for the purpose of cheating,” may also be relevant. Section 468 prescribes imprisonment for up to seven years and a fine for forgery with the intent to cheat, while Section 463 defines forgery as creating a false document to cause harm, injury, support a claim, induce property exchange, enter into a contract, or commit fraud. Sections 463 and 468 of the Indian Penal Code have been substituted with Section 336 and Section 336(3), respectively, under the Bharatiya Nyaya Sanhita, 2023.
Section 420 of the IPC specifically addresses cheating, indicating that those inducing someone to deliver property, alter or destroy a valuable security, or anything convertible into a valuable security may face imprisonment for up to seven years and fines. The Bharatiya Nyaya Sanhita, 2023, replaces this provision with Section 316, addressing Criminal breach of trust under the same legal framework.
The key distinction between the IPC and the IT Act concerning identity theft lies in the IT Act’s requirement for the offense to involve the assistance of a computer resource, with no maximum cap on fines imposed by the IPC.
On August 12, 2023, the Digital Personal Data Protection Act, 2023, came into force, receiving the President’s assent on August 11, 2023. Expected to aid in reducing data-related cybercrimes, including identity theft, this Act applies to digital personal data collected in both digital and non-digital forms.
Rise of Deepfakes
The surge in deepfakes and artificial intelligence has worsened the problem of digital identity theft. It’s now easier than ever to manipulate people’s voices, faces, and identities. Malicious individuals have taken advantage of this, using deepfakes to scam innocent people. For instance, a man from Kerala was tricked out of Rs 40,000 through an AI-based deepfake.
Since deepfakes have only recently become a significant issue, there hasn’t been much legislation addressing the problem. However, this is likely to change soon. As deepfake technology continues to improve and become more realistic, it’s inevitable that regulations and strict measures will be necessary to prevent its abuse. This is crucial to safeguard people from potential harm.
Protect Yourself from Online Identity Theft?
- Unique Passwords:
Creating strong and unique passwords is paramount in safeguarding your online identity. Avoid using easily guessable information, such as birthdays or common words. Instead, combine uppercase and lowercase letters, numbers, and symbols. Use different passwords for each account to minimize the impact of a potential breach.
- Secure Storage of Credentials:
Employ secure methods to store and manage your passwords. Consider using reputable password managers that encrypt and protect your login information. This way, you only need to remember one master password, and the manager can generate and store complex passwords for your various accounts.
- Caution with Personal Information Sharing:
Be cautious about sharing personal information online, especially on social media platforms. Cybercriminals often exploit publicly available information to piece together details for identity theft. Limit the amount of personal information you share and adjust privacy settings on social media platforms accordingly.
- Document Shredding:
Dispose of sensitive documents, such as bank statements, bills, and credit card offers, by shredding them before discarding. This prevents identity thieves from obtaining your personal information through dumpster diving or other means of physical retrieval.
- Setting up Notifications for Suspicious Activities:
Many online platforms and financial institutions offer notification features for suspicious activities. Enable these alerts to receive instant notifications for login attempts from unfamiliar locations, changes in account information, or transactions that seem unusual. This permits to respond swiftly to potential security threats.
Conclusion
The threat of online identity theft in India demands urgent attention. The government and law enforcement agencies must take proactive measures to curb this menace. The recent enactment of the Digital Personal Data Protection Act, 2023, is a positive step, but continuous efforts are required to ensure effective cybercrime prevention strategies. Individuals, too, play a crucial role in protecting themselves through awareness and proactive cybersecurity practices. As India continues its digital journey, securing online identities becomes paramount for a safer and more resilient digital future.
Done By: Adithya Menon, 5th year B.A, LL.B(Hons.)
Veltech School of Law, Chennai
For Origin Law Labs
