Identity Theft or Identity Fraud
NEERAJ AARORA, AICWA, LLB, PGD (Cyber Law), ACFE (USA)
A major growing problem world over due to IT revolution is identity theft which has been referred to as the crime of the new millennium. Identity theft is the stealing and use of someone personal information used primarily for financial or monetary gain. Unlike your fingerprints, which are unique to you and cannot be taken by someone else for their use, your personal data like your bank account or credit card number, passwords, login Ids and other valuable identifying data can of course be used, if they fall into the hands of fraudster which can be used to make money at your expense & liability. On the internet, fraudulent transactions are the most prevalent crime committed by fraudster with the stolen identity like take over of the credit card account, use of stolen identity to create a new credit account, execution of fraudulent online share transactions etc. Sometimes, however, it may not be made for financial gain but as an act of vindictiveness or revenge or obscenity. A classic example of this may be this. Suppose you have an account with Rediff and also posted your profile with your photos and very personal details. Now one day you are informed by your friend that while surfing ORKUT he found your profile with your name & personal details with a lot of pornographic content with obscene language. Thus, the thief has committed the theft of your profile with photos & personal details and by using the stolen profile created an obscene profile posing as you.
In the internet age, the data are maintained online. Government and private institutions store sensitive information in their data bases which is very valuable to them. This data is very vulnerable too. The data is not only valuable to those who should have it but also to the criminals who always look to get a chance to steal the data, so that it can be used for committing fraud themselves or can be sold to others for committing the fraud. This is identity theft.
Although there is no universally accepted definition, however, some definitions of Identity theft is given below:-
Identity theft and identity fraud are terms used to refer to all types of crime in which someone wrongfully obtains and uses another person’s personal data in some way that involves fraud or deception, typically for economic gain .
Identity Theft is a crime in which an impostor obtains key pieces of personal identifying information (PII) such as Social Security numbers and driver’s license numbers and uses them for their own personal gain. This is called ID Theft. It can start with lost or stolen wallets, pilfered mail, a data breach, computer virus, phishing, a scam, or paper documents thrown out by you or a business (dumpster diving). This crime varies widely, and can include check fraud, credit card fraud, financial identity theft, criminal identity theft, governmental identity theft, and identity fraud.
Stages of Identity Theft
There are three stages of identity theft. Any identity theft case may include one or all of these stages:
Acquisition of the identity: It involves the acquisition of the identity through theft, hacking, redirecting or intercepting mail or by purchasing identifying information on the internet.
Use of the identity: After the acquisition of the identity, the fraudster may use the identity to commit another crime resulting in financial gain to him like misuse of the credit card information to make online purchase, opening new accounts, sell the identities to others who commit fraud. Sometime the stolen information may be used to harass the victim, like posting of pornography or obscene material by fraudster posing himself as the victim.
Discovery of the theft: Many cases of misuse of credit cards are discovered quickly, however in some cases the victim of an identity theft may not even know how or when their identity was stolen and theft may take 6 months to several years to come to the notice of the victim. Study reveals that the longer it takes to discover the theft, the greater the loss incurred by the victim.
What Are The Common Ways To Commit Identity Theft Crime
The various ways prevalent to commit the identity theft crime which makes use of internet or the virtual world and other which does not, known as traditional methods. Some of the ways to commit the identity theft crime which is not exhaustive are as follows:
Theft: There may be a theft of your wallet or bag containing bank credit cards, passport other identifying documents containing your vital personal information.
Hacking, unauthorized access to systems, and database theft : The fraudsters frequently compromise systems, diverting information directly or indirectly with the help of gadgets on the network. Hackers gain access to a huge base of confidential data, decrypt it and misuse the same elsewhere for financial gain or commit fraud.
Phishing: Phishing is the most prevalent method to steal the personal identifying information. The fraudster sends a fraudulent email with a link to a fake website that is exact replica of the original bank sites which are so designed to fool the users so that they reveal their personal information.
Vishing: It is the act of calling a victim on the phone by the fraudster posing as the bank representative in an attempt to scam victim users into disclosing personal information.
Pharming: It is a technique used by fraudster to by setting up a phony web server and intercepting user names and PIN numbers.
Nigerian 419 Scam: This is the most prevalent method still conning many persons around the globe wherein the fraudster sends the email to target persons in guise of some rich family member of a dead African Millionaire who is in distress due to political turbulence in his country. The fraudster seeks your help to get the large some of money in your account with a commission of huge money to you for your services of offering your account to receive the money. This scam is called as â€œNigerian 419 fraudâ€ (for the relevant section of the Nigerian Criminal Code). There is another category of Nigerian fraud of similar nature where the victim receives unsolicited email declaring that he has won the lottery after his email being selected from thousand of other emails. These scams qualify as identity crimes because they involve collecting personal and bank information from unsuspecting Internet users who are gullible enough to respond to these solicitations.
Theft by past & present employees: Perpetrators can also obtain personal information by bribing employees who have access to personal records, data bases or confidential information.
Skimming: Skimming can occur when a criminal attaches a small skimmer gadget to an ATM which records the magnetic stripe details of the ATM card and the camera films the personal identification number filed by the user.
Shoulder Surfing: The fraudster can also obtain your personal data without breaking into your homes. In public places, some people loiter around ATM & Telephone Booths who watch your enter your secret PIN Number or simply looking over your shoulder on a public telephone or just by eavesdropping if you are giving your credit card information over the phone.
Dumpster Diving: It is a method perpetrators use by going through a victims garbage, dustbins or trash bins.Â They obtain copies of cheques, credit card statements, bank statements, receipts, and carbons and search for anything bearing your name, address, telephone number, and credit card number.
Identity Theft In India
Identity theft has become an epidemic in US, while in India the cases of identity theft are relatively low given the less number of online transactions and use of internet. While in India there is no reliable statistics available on the extent of identity theft, however it would be safe to assume a rapid escalation in identity theft cases with increase in the number of online banking and ecommerce transactions like online share transactions and owing to the fact that the customers are not technically adept with virtual world.
Online fraudulent share & commodity transactions
Now a day the shares are sold and purchased online. There has been spurt in the cases in which the complainant report that there online share/commodity account has been compromised and fraudulent transactions has been executed by unknown fraudster which resulted in huge loss to him. In the online transaction, the client is allotted an online account with client id & password through which he executes the sale & purchase transactions through the server based in the broker office. The fraudster who are generally software experts or the executives (core dealers) at the broker office try to acquire the client id & password from the broker office itself, hit & trial methods or social engineering. After acquiring the client Id & password, the fraudster makes unauthorized access to the client account and also accesses their own account in which the profits are to be transferred from the victim client account. The fraudster executes the transactions into the client accounts at unrealistic prices and match these transactions into their own account simultaneously. In this way, he shifts the profit to his own account and losses to the account of the unsuspecting clients.
Bank Phishing scams
Phishing is the Internet’s biggest identity theft scam and is widely prevalent in India. In some recent cases of phishing (offence which involves identity theft) reported in India, the MO was same i.e. a fake target Bank Web site was created and the bank customers received an e-mail message asking them to renew certain services claiming that failure to do so would result in the suspension or deletion of their accounts. The e-mail provided a link to a phishing site, in an illegal attempt to collect personal and account information
Nigerian 419 Scam or Advance Fee Fraud:
There has been number of cases reported where the perpetrators of the fraud send mail to the victim e-mail id, requesting the help of the victim for retrieving blocked funds and offer a healthy percentage of these funds as commission. The victim believing the fraudster in lure of receiving huge funds pass on his credit card information, bank account details to fraudster.
Defamation or posting of porn or obscene material on social networking sites
There has been also spurt of cases in which the victim have reported that their profile and personal information has been stolen and a fake & vulgar profile in his or her name containing pornography & obscene material along with the victims contact details like phone numbers & address has been posted on the social networking site like ORKUT.
The Legal Angle
Though in India Identity Theft has still not been made a standalone crime unlike USA which passed the Identity Theft and Assumption Deterrence Act of 1998 (ID Theft Act for short) which codified in USA for the first time the definition of identity theft which made identity theft a standalone crime. Though the present IT Act 2000 does not have any specific provision to deal with identity theft the Expert Committee on Amendments to the IT Act 2000 (whose report is presently under consideration by the government for adoption) has recommended amending the Indian Penal Code (IPC) by inserting in it two new sections:
Section 417A which punish cheating by using any unique identification feature of any other person with up to three years imprisonment and a fine; and Section 419A which punish cheating by impersonating using a network or computer resource with up to five years imprisonment and a fine.
Sections 417A and 419A comprehensively cover identity theft and their incorporation into the IPC would place India amongst few countries to have specific provisions to counter the menace of identity theft.
However, the offence of identity theft is committed by a series of act which attracts many penal provisions of present IPC & IT Act, 2000 which are as follows.
Section 419 IPC: When the fraudster by stolen identifying information impersonates the victim to commit fraud or cheating.
Section 420 IPC: When the fraudster deceive people into disclosing valuable personal data in the nature of identifiable information which is used later to swindle money from victim account.
Section 468 IPC: When the fraudster commits forgery of website which is in the nature of electronic record to lure the victims to pass their identifiable information in order to cheat them.
Section 471 IPC: When fraudster fraudulently or dishonestly uses as genuine, the aforesaid fake website in the nature of electronic record.
Section 66 IT Act: When the fraudster by the stolen identifying information say login id & password, deletes or alter the information or data in the account of the victim in the server which is a computer resource.
Section 67 IT Act: When the fraudster uses the stolen information like profile, personal details & contact details of the victim to create & post obscene profile in the name of the victim on the social networking site.
1. US Department of Justice
2. Identity Theft Resource Center : Identity Theft Resource Center® (ITRC) is a nonprofit, organization dedicated exclusively to the understanding and prevention of identity theft
3. Research paper published by National Institute of Justice: The Research, Development and Evaluation Agency of the US Deptt. of Justice.