What Does Section 66C of the IT Act State?
Section 66C of the Information Technology Act, 2000, criminalizes the fraudulent or dishonest use of another person’s electronic signature, password, or any other unique identification feature. It directly addresses the growing problem of identity theft in the digital age.
The law states: “Whoever fraudulently or dishonestly makes use of the electronic signature, password or any other unique identification feature of any other person shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to one lakh rupees.”
This provision protects the integrity of digital identity and ensures accountability for individuals who misuse electronic credentials. It serves as a bridge between traditional criminal concepts of forgery and modern cyber offences, ensuring that misuse of personal identification in cyberspace is treated as a serious crime.
What Is the Punishment Under Section 66C?
The punishment under Section 66C includes imprisonment of up to three years and a fine of up to ₹1,00,000. The court may impose both depending on the seriousness of the offence. The section falls within the broader framework of Chapter XI of the IT Act, which deals with offences related to computer systems and cyber fraud.
The punishment mirrors traditional identity theft laws but adapts them to digital environments. Courts use judicial discretion to assess the degree of dishonesty, the impact on the victim, and whether financial or reputational harm occurred.
What Acts Amount to Identity Theft?
Identity theft under Section 66C covers fraudulent use of digital identifiers such as passwords, login credentials, electronic signatures, or biometric data. Misusing another person’s Digital Signature Certificate (DSC), password, or One-Time Password (OTP) to access accounts, sign documents, or authorize transactions constitutes identity theft.
It also includes impersonation through social media, hacking into e-mail accounts, or using another person’s Aadhaar credentials to complete e-KYC verification. Courts have interpreted “any other unique identification feature” broadly to include any digital marker that establishes personal identity online.
For example, if a person files income tax returns or company documents using another’s DSC, it becomes a clear violation of Section 66C because it involves dishonest use of electronic identity.
How Does Section 66C Deal With Digital Signature Misuse?
Section 66C treats digital signature misuse as a serious cyber offence. A digital signature is a legally recognized electronic authentication mechanism under the IT Act. Misusing someone’s DSC to sign documents, execute contracts, or authorize payments constitutes identity theft.
If a person uses another’s digital signature without consent to submit official filings or financial documents, it shows fraudulent intent. Such misuse can attract punishment under Section 66C, along with other related provisions like Section 71, which penalizes misrepresentation to obtain a DSC, and Section 73, which deals with publishing false digital signature certificates.
Courts treat such acts as grave breaches because digital signatures are the foundation of trust in e-governance, online commerce, and corporate filings. Misuse erodes confidence in electronic systems and damages reputations.
Which Other Provisions Commonly Accompany Section 66C?
Section 66C often operates alongside Section 66D, which punishes cheating by personation using computer resources. Section 66D applies when the accused uses stolen credentials or e-signatures to deceive others or gain benefits. Both sections carry similar punishments, imprisonment up to three years and a fine up to ₹1 lakh.
Provisions from the Indian Penal Code or Bharatiya Nyaya Sanhita may also apply. Sections 463, 465, and 471 of the IPC deal with forgery and the use of forged documents. When digital records or signatures are falsified, these provisions work in combination with Section 66C.
Thus, identity theft in cyberspace may lead to multiple overlapping charges depending on the extent of forgery, deception, and financial loss.
What Are Typical Scenarios of Section 66C Violations?
Identity theft cases under Section 66C often involve everyday digital misconduct. Common examples include unauthorized filing of income tax returns using another’s DSC, logging into an employer’s system using a colleague’s password, or accessing confidential corporate e-mails with stolen credentials.
In another scenario, a person might impersonate another individual on social media or e-commerce platforms to deceive victims or gain financial benefits. Even using someone else’s OTP-protected system to approve a transaction can trigger Section 66C liability if done dishonestly.
The section also applies in cases of Aadhaar misuse, where offenders use another person’s Aadhaar number or biometric data to complete fraudulent verifications or access subsidies.
What Are the Legal Requirements to Prove Guilt?
The key element under Section 66C is the mental state, or mens rea. The prosecution must prove that the act was done fraudulently or dishonestly. Simply possessing another’s credentials is not enough unless there is evidence of dishonest use for wrongful gain or loss.
Courts often rely on electronic records such as IP logs, access timestamps, metadata, and device history to establish who used the digital credentials. In cases involving DSC misuse, authorities analyze the records maintained by Certifying Authorities (CAs) to confirm who accepted and used the certificate.
Thus, digital forensics plays a vital role in proving guilt under Section 66C. Evidence like login histories, audit trails, and communication records helps courts determine the intent and identity of the perpetrator.
How Have Courts Interpreted Section 66C?
Judicial decisions across India have upheld the strict enforcement of Section 66C to maintain public confidence in electronic governance. In several landmark judgments, courts observed that identity theft in the digital domain causes harm comparable to traditional forgery.
Courts have clarified that the offence is complete once another person’s identity is used dishonestly, regardless of whether financial gain is achieved. The Delhi High Court and Bombay High Court have also emphasized that electronic identity misuse threatens both individual privacy and the credibility of digital authentication systems.
Recent decisions in 2024 and 2025 show courts adopting a proactive stance in applying Section 66C to emerging digital scams, including phishing, OTP theft, and fraudulent online transactions.
What Is the Relation Between Section 66C and Section 66D?
Sections 66C and 66D are closely connected. While Section 66C focuses on the act of identity theft, using another’s credentials dishonestly. Section 66D targets the next stage. Cheating by personation using those stolen credentials.
For instance, if a person uses someone’s login credentials to pose as them and deceive others into transferring money, both Section 66C (for identity misuse) and Section 66D (for cheating) apply.
Courts often convict under both sections when the same act involves identity misuse and deception. Together, they form the backbone of India’s cyber-fraud legal framework.
What Are the Compliance and Preventive Measures?
Organizations and individuals must adopt strong security measures to prevent liability under Section 66C. Companies should maintain proper custody and revocation procedures for digital signature certificates. If a DSC or password is compromised, immediate reporting and revocation with the certifying authority are crucial to limit liability.
Users should avoid sharing credentials or storing them insecurely. Implementing multi-factor authentication, strong passwords, and regular monitoring of digital access records can minimize risks. Cyber hygiene, such as not sharing OTPs or passwords, remains the simplest and most effective preventive step.
The IT Act also places responsibility on certifying authorities and intermediaries to safeguard digital authentication processes. Negligence in credential management can attract penalties under related provisions like Section 73.
For any specific query call at +91 – 8569843472
Conclusion
Section 66C of the IT Act reinforces trust in India’s expanding digital infrastructure. As the country moves toward e-governance, e-commerce, and online financial systems, safeguarding identity becomes fundamental. The section ensures that individuals and entities using digital credentials do so responsibly.
It also aligns with global data protection and privacy standards. By criminalizing digital impersonation, the provision helps secure personal data and electronic records, preventing misuse that could lead to fraud or defamation.
The provision complements laws under the Information Technology (Certifying Authorities) Rules, ensuring every user of digital signatures remains accountable for their use.
