“Whoever, fraudulently or dishonestly makes use of the electronic signature, password or any other unique identification feature of any other person, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to one lakh rupees.”
What Does Section 66C of the IT Act Mean?
Section 66C of the Information Technology Act, 2000, focuses on digital identity theft. It penalizes any person who fraudulently or dishonestly uses another person’s electronic signature, password, or any other identification feature such as biometric data or digital tokens. The section recognizes that in the digital era, identity can be stolen without physical contact. Misuse of login credentials, hacking of social media accounts, or unauthorized use of Aadhaar data fall within this provision.
The offence under Section 66C is technology-specific and applies only when a computer resource or electronic communication device is used. The intent behind this section is to protect individuals from misuse of their digital identity, ensure cyber accountability, and build trust in online interactions.
How Does Section 66C Differ from the Indian Penal Code?
The Indian Penal Code (IPC), drafted in 1860, predates modern technology. It covers impersonation, cheating, and forgery primarily in the physical world. However, after the IT Act came into force, the IPC was amended to extend its application to electronic records. Provisions like Sections 419, 420, 463, 464, 465, 468, 469, and 471 are often invoked in cybercrime cases. This is when fraudulent intent is evident.
Both laws address deceit and impersonation. Section 66C deals specifically with electronic identity theft, whereas the IPC provisions apply to both physical and digital acts of cheating and forgery.
What Is the Nature of the Offence Under Section 66C and IPC?
Section 66C directly criminalizes digital impersonation. If a person uses another individual’s email ID, bank login, or digital certificate without authorization, it constitutes identity theft. The offence focuses on the act of misuse, not necessarily the outcome. Even if no financial loss occurs, unauthorized access is punishable.
In contrast, the IPC provisions such as Section 419 (cheating by personation) and Section 420 (cheating and dishonestly inducing delivery of property) focus on deception for gain or harm. Similarly, Sections 463 to 471 deal with forgery, creating or using false documents or electronic records to deceive others. These offences require proof of intent to defraud or cause injury.
Thus, while Section 66C covers digital misuse of identity features, IPC sections extend to a wider range of deceptive acts, both physical and online.
What Is the Scope and Applicability of Each Law?
Section 66C applies only to cyber offences committed through computers, smartphones, servers, or other electronic systems. It does not cover traditional forms of impersonation. It is confined to online platforms, digital signatures, or electronic credentials.
The IPC, on the other hand, is broader. It applies to both online and offline crimes. Before the IT Act, offences like forgery or cheating were limited to paper-based transactions. After the 2000 amendment, IPC provisions were expanded to include electronic records under the term “document.” Therefore, identity theft committed through non-digital methods still falls under the IPC.
Section 66C thus acts as a special law addressing the technological dimension of identity theft. Whereas the IPC remains the general law covering the conceptual basis of deceit.
What Are the Punishments Under Each Law?
Under Section 66C of the IT Act, offenders face imprisonment for up to three years, a fine up to ₹1 lakh, or both. The punishment depends on the severity of misuse, nature of data involved, and intent behind the act.
Under the IPC:
- Section 419 (cheating by personation) provides imprisonment up to three years, or fine, or both.
- Section 420 (cheating and dishonestly inducing delivery of property) provides imprisonment up to seven years and fine.
- Sections 465 to 468 (forgery) provide imprisonment up to seven years, especially when documents are used for fraudulent purposes.
These punishments under the IPC can be stricter when the act causes large-scale fraud or financial loss.
Therefore, while Section 66C focuses on digital misuse, IPC provisions impose harsher penalties when deception leads to tangible damage.
Can Both IT Act and IPC Apply Simultaneously?
Yes. Courts have clarified that both the IT Act and IPC can apply together if different aspects of the same act satisfy ingredients of both laws. For example, in cyber fraud cases, an accused may face charges under Section 66C for digital impersonation and under Section 420 for cheating.
The Bombay High Court (2024) held that IPC sections can be invoked simultaneously when IT Act provisions do not fully cover all ingredients of the offence. The IT Act is a special statute for cyber offences, but it does not exclude IPC provisions unless there is direct conflict.
This means that if an act of digital impersonation results in financial cheating, both laws can be applied together to ensure comprehensive prosecution.
What Are the Overlaps Between IT Act and IPC Provisions?
The main overlap occurs where digital identity theft results in forgery or financial fraud. For instance, creating a fake email ID or using another person’s password to access bank accounts may amount to identity theft under Section 66C and cheating under Section 420 IPC.
However, the IT Act provides specific tools for electronic evidence handling and cyber investigation, such as provisions under Sections 69 and 79, which empower authorities to intercept or retain electronic data. IPC provisions lack such technological mechanisms.
Therefore, the IT Act strengthens the investigative framework, while IPC ensures a wider interpretation of criminal liability. Both laws function together to prevent offenders from exploiting digital loopholes.
How Do Courts Interpret Identity Theft Under These Laws?
Indian courts treat identity theft as a serious breach of privacy and trust. In multiple judgments, courts have emphasized that misuse of digital identity can damage reputation and cause financial harm even without direct theft.
Courts have also recognized the evolution of digital forgery, from creating fake IDs and digital certificates to manipulating biometric data. In such cases, Section 66C ensures a technology-driven response, while IPC provisions continue to apply for elements like intent to cheat, forgery, or misrepresentation.
For example, if a fraudster uses another person’s Aadhaar-linked email for financial transactions, Section 66C punishes the misuse of credentials, while Section 420 covers the cheating aspect.
Why Is Section 66C Important in the Digital Age?
With the rise of online banking, e-commerce, and digital documentation, identity theft has become one of the most common cyber offences in India. Section 66C plays a crucial role in protecting citizens’ digital identities, such as Aadhaar, PAN, email, or biometric data.
It recognizes that digital identity is equivalent to physical identity and must be legally protected. The section reinforces the principle that privacy is a fundamental right under Article 21 of the Constitution.
The IT Act also supports international cooperation by aligning with global cybersecurity standards and data protection norms.
What Are the Practical Implications of Section 66C vs IPC?
From a practical perspective, Section 66C ensures swift cyber investigation through electronic evidence and expert analysis. IPC provisions provide broad prosecutorial coverage for related crimes. Police and prosecutors often use both laws together to ensure that offenders cannot escape liability.
However, legal experts have noted that Section 66C’s punishment is relatively mild compared to the financial scale of modern cyber frauds. Some recommend increasing penalties or adding sub-sections to address large-scale or repeated offences.
At the same time, IPC provisions continue to play a vital role because they allow punishment for offline impersonation and fraudulent acts not covered by the IT Act.
For any specific query call at +91 – 8569843472
Conclusion
Section 66C of the IT Act and the IPC provisions collectively safeguard identity, property, and trust in both physical and digital spaces. Section 66C focuses on digital impersonation, while IPC provisions deal with cheating, forgery, and deception more broadly.
The IT Act serves as a specialized tool for the digital environment, ensuring accountability for misuse of electronic identity. The IPC, as a general criminal law, complements it by addressing the moral and economic harm arising from fraud.
Together, these provisions form a dual protection system, one addressing the evolving threats of the digital world, and the other maintaining the foundational principles of criminal justice.
In essence, Section 66C protects identity; IPC protects integrity. Both are essential pillars in India’s legal response to cybercrime and digital impersonation.
