Identity theft - Sec.66C

Section 66C of the IT Act makes identity theft a punishable offence. Learn how the law defines fraudulent use of passwords and digital signatures, and what steps you can take to protect your brand and personal data.

May 21, 2012

Defining Identity Theft Under Section 66C

In the digital age, your identity is more than just your name; it is your password, your digital signature, and your unique biometric features. Section 66C of the Information Technology Act was introduced to combat the rising tide of digital impersonation. It states that anyone who fraudulently or dishonestly makes use of the electronic signature, password, or any other unique identification feature of another person shall be punished.

Identity theft is often the "master key" that allows criminals to commit larger frauds, such as financial theft or corporate espionage. For victims, the damage is not just monetary but also reputational, as their credentials are used to carry out illicit activities under their name.

What Constitutes an Identity Feature?

The law uses a broad definition to ensure it covers evolving technology. Under Section 66C, protected features include:

  • Passwords and PINs: Any alphanumeric code used to access accounts or services.
  • Digital Signatures: Electronic certificates used to authenticate digital documents.
  • Biometric Data: Fingerprints, iris scans, or voice prints used for identification.
  • Device IDs: Unique identifiers linked to a specific user's hardware.

Using any of these without authorization to gain an advantage or cause loss is a direct violation. If your brand's identity is being misused online, brand monitoring services can help identify the theft before it escalates into a full-scale crisis.

The Legal Consequences of Identity Theft

Section 66C carries significant legal weight. A conviction can lead to imprisonment for up to three years and a mandatory fine of up to one lakh rupees. Because identity theft often crosses state or national borders, the investigation process is complex and requires specialized technical knowledge.

For individuals and corporations, the priority is often containment. Once a password or signature is stolen, it must be revoked and the affected systems must be audited. We recommend conducting regular penetration testing to ensure that your credential storage and authentication mechanisms are not vulnerable to exploit.

Practical Steps for Prevention

While the law provides a framework for punishment, prevention remains the most effective strategy. You should implement a multi-layered defence to protect your digital identity:

  • Multi-Factor Authentication (MFA): Never rely on a password alone. Use MFA to ensure that even if a password is stolen, the account remains secure.
  • Secure Credential Management: Use enterprise-grade password managers and avoid sharing credentials through insecure channels like email or chat.
  • Monitor for Breaches: Track if your corporate emails or personal details appear in known data leaks.
  • Legal Action: If you identify identity theft, preserve all digital logs and contact reputation management experts to mitigate the fallout.

Protecting your identity in India requires an understanding of both technology and the nuances of the cyber law in India.

Has Your Identity Been Compromised?

Identity theft can happen in seconds but take years to untangle. If you suspect your passwords, signatures, or personal identifiers have been stolen, you need immediate professional intervention. Reach out to our cyber law team for help with filing a complaint and securing your digital presence.

Found this helpful?

Share this page with others