In this age of digitalisation, technology is primarily directed at confidential data and immense amounts of information. However, every day, new technological parameters are introduced, and people are bombarded with them. The information can be regarding banking, accounting, or personal biometrics. Due to the rapid rise of technological advancement, a higher chance of identity theft and cybercrime can also be seen in today’s evolving society.
Identity theft is a form of fraud that is done by using the personal information of someone else whose information is not authorised to be used by someone other than him under the law. It is the criminal use of any individual’s name, security number, personal identification number, or composition of any such predominant information that is unique to the victim to gain a disproportionate advantage, preferably financial.
Every 22 seconds, millions of individuals fall victim to cybercrime. According to the National Council on Identity Theft Protection, reports of identity theft have grown exponentially in the last few years, leaping from 3.43 million in 2019 to 5.74 million in 2021. According to the Identity Theft Resource Center, there were more than 400 million victims of identity theft in 2022 alone.
In Nepal, cybercriminals often use identity theft to commit fraud, such as creating bogus bank accounts or applying for lucrative loans in someone else’s name and using them for their own needs. Identity theft can have appalling consequences for victims, including damage to their credit score, financial losses, and even legal issues.
Cybercriminals use a multitude of tactics to gain personal information, such as phishing scams, hacking, malware, etc., through an increasing use of computer technology. They may also abstract physical documents or personal devices that accommodate sensitive or personal information.
Legal provisions related to identity theft
The current Constitution of Nepal (2015) is the leading light for all the laws applicable within the territory of Nepal. It embodies various checks to provide a framework for lawful implementation.
Part III of the Constitution guarantees fundamental rights, including the right to privacy stated in Article 28. So, data privacy also comes under Article 28, where one’s digital information is personal and can be misused by the wrongdoers to cause loss to one’s property, document, data, personality, character, or anything in which the victim is interested.
In the case of Baburam Aryal vs The Government of Nepal(NKP 2074, DN 9740), the Honorable Supreme Court established that the right to privacy is a human right. The Supreme Court ruled that under the right to privacy, matters relating to a person’s residence, property, body, documentation, data, communications, and character are inviolable, except under law.
An organisation or department that collects information and has undertaken responsibility for such information must not use such information at its discretion. Instead, such an organisation or department must protect such a ‘data bank’ of information at any cost. The case also laid down that such an organisation or department must not allow unauthorised access into such a data bank, even as an exception in the absence of a limpid legal basis.
Section 48 of The Electronic Transactions Act, 2008, states that if someone with authorised access to books, records, correspondence, or other materials under this law reveals their confidentiality to an unauthorised person, they can be fined up to Rs 10,000, imprisoned for up to two years, or both, depending on the severity of the breach.
According to Section 298 of the National Penal Code (Act) 2017, it is prohibited to breach privacy through electronic means. If someone obtains, without authorisation, any notice, information, or correspondence from electronic sources, breaches its privacy or transfers it to another person without permission, they could face imprisonment for up to two years, a fine of up to twenty thousand rupees, or both penalties.
Similarly, the Privacy Act 2075 (2018) provides privacy related to person, residence, property, data, correspondence, character, electronic means, and personal information, along with the punishment for obtaining information unethically and breaching privacy rights.
Measures to stay away from victimisation
With the increasing concern surrounding identity theft and cybercrime, it is crucial to take proactive steps to protect oneself from falling prey to digital dangers.
The first and foremost is to use a strong and long password. The password should not be relatable, where a 12-character password with a difference in spelling or a mix-up of alphabets, digits, and symbols is more climacteric than using a shorter password.
Hence, one must avoid using the same password for every login ID because if someone gets the particular password, then they can open any file or email address to fetch the financial information of the victim.
Secondly, multi-factor authentication, sometimes also referred to as two-step verification, is a security process in which users provide two different facts to verify themselves. It may take an extra 20 seconds to log in to an account, but it could protect an account from being stolen.
The methods eminently rely on a user imparting a password as the first factor and any other information peculiar to them only. In addition, it adds one more layer of security to the authentication process by making it difficult for attackers to attain access to a person’s devices or online accounts because, even if the victim’s password is hacked, a password alone is not sufficient to pass the authentication check.
Third, think before you click. An individual must not click on any random links or attachments in emails, texts, or advertising just to see what is there, as it may lead to the cybercriminal’s webpage.
Fourth, adopting a safer mindset means limiting the information published regularly on a habitual basis based on one’s single details, location, and photographs on social media platforms. The cybercriminals will be able to use the information published online, where they can steal one’s data and identity. Thus, by taking significant steps, an individual can be safe, and they can also create safer landscapes in their surroundings.
Lastly, privacy and security settings: individual users should check their privacy and security settings on all apps and online accounts to ensure they align with their comfort level. When downloading the latest apps, one should opt to connect to a secure WiFi network to check whether it is secured or unsecured.
Meanwhile, things like checking a bank account, shopping online, or paying bills must be done on a secure network. When downloading the latest applications, check what type of permission you are granting. For instance, a photo app may not require access to your entire contact list.
In conclusion, identity theft and cybercrime are now an ever-evolving threat to human society, just as the physical world cannot be crime-free, nor can any virtual spaces. Cybercrimes are not only restricted to the commission of hacking and damaging websites; nevertheless, any information can be used to commit further crimes, and the principal perpetrator camouflages themselves under the guise of the victim. Therefore, by enacting stringent laws and regulations, improving existing legislation, and raising awareness and investment, Nepal can take notable actions towards identity theft and cybercrime in today’s society.
