Someone Opened a Bank Account or SIM in Your Name: What the Law Says You Can Do

Imagine getting a call from a debt recovery agent demanding repayment of a loan you never took. Or a police complaint arrives at your door for a SIM card registered in your name — a SIM you have never held in your hand. You check your CIBIL score and there it is: a loan default against your name on an account you did not even know existed.

This is not a freak coincidence. It is identity fraud — and it is happening to thousands of ordinary people across India every year. Someone got hold of your Aadhaar number, your PAN, your photograph, or just your phone number, and used it to open a bank account or get a SIM card issued. Now the consequences are landing at your door.

The good news: Indian law treats this as a serious criminal offence. The Information Technology Act, 2000 (IT Act) and the Indian Penal Code (IPC) both have specific provisions under which you can file a complaint, get the fraudster prosecuted, and even claim financial compensation. This guide walks you through exactly what the law says and what steps you can take today.

How Does This Even Happen?

To understand your legal options, it helps to first understand how fraudsters pull this off. The methods are more common than you might think.

Aadhaar or PAN photocopies. Whenever you submit a photocopy of your Aadhaar or PAN at a shop, clinic, hotel, or coaching centre, that document can be misused. Fraudsters collect these documents and use them as KYC proof to open bank accounts or get SIM cards.

Data breaches and phishing. Your personal details — date of birth, address, phone number, email — may have leaked through an app data breach or a phishing website. A fraudster who has enough of your details can impersonate you online and complete digital KYC processes.

SIM swap fraud. In SIM swap fraud, a criminal approaches a telecom company claiming to be you and requests a replacement SIM for your number. Once they have your number, they can intercept OTPs and access your bank accounts.

Agent or insider fraud. Some bank or telecom agents — the people who do door-to-door KYC — have been known to use customer documents fraudulently to open additional accounts or SIMs without the customer's knowledge.

In every case, the common thread is this: your unique identification details — your Aadhaar, PAN, phone number, electronic signature, or photograph — are being used without your knowledge or consent to pretend to be you. Indian law has a specific name for this: identity theft.

What Law Protects You — The IT Act

The Information Technology Act, 2000 has two key provisions that directly cover what happened to you.

Section 66C — Identity Theft

Whoever, fraudulently or dishonestly makes use of the electronic signature, password or any other unique identification feature of any other person, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to rupees one lakh.

In plain language: if someone uses your Aadhaar number, PAN, phone number, password, electronic signature, or any other identifier that is uniquely yours — and they do it fraudulently or dishonestly — they commit the offence of identity theft under Section 66C of the IT Act.

The phrase "any other unique identification feature" is intentionally broad. The law recognises that technology changes. Today it might be your Aadhaar. Tomorrow it might be your biometric template or your digital wallet identifier. The law covers all of it.

Section 66D — Cheating by Personation Using Computer Resource

Whoever, by means of any communication device or computer resource cheats by personating, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to one lakh rupees.

This provision is equally important. "Cheating by personation" means pretending to be you — filling out a form in your name, submitting your documents as if they were their own, or clicking through an online bank account opening process while impersonating you. If the fraudster used a mobile phone, a computer, or any digital platform to do this, Section 66D applies.

Section 66D builds on Section 416 of the IPC, which defines cheating by personation as pretending to be some other person or substituting one person for another. The explanation to Section 416 makes clear that the offence applies whether the person being impersonated is real or imaginary — so even if a fraudster creates a slightly altered version of your identity, it still counts.

Both Section 66C and Section 66D are criminal offences under the IT Act. A complaint can be filed with the police, who can investigate, arrest, and charge the offender. The maximum punishment under both is three years of imprisonment plus a fine of up to Rs 1 lakh.

One important caveat: both these offences are classified as bailable offences, which means the accused has a right to bail as soon as they are arrested. This has been criticised by legal experts as inadequate given the severity of identity theft. But the law as it stands today provides this protection to the accused, so manage your expectations on immediate custodial consequences.

IPC Offences That Also Apply

The IT Act does not stand alone. The Indian Penal Code has provisions that run alongside the IT Act and can be invoked simultaneously. Courts and police routinely combine IT Act charges with IPC charges in identity fraud cases.

Section 419 IPC — Cheating by Personation. Whoever cheats by pretending to be some other person is punishable with imprisonment up to three years or a fine or both. This IPC provision mirrors Section 66D of the IT Act and can be charged alongside it.

Section 420 IPC — Cheating and Dishonestly Inducing Delivery of Property. When a fraudster uses your identity to open a bank account and then uses that account to deceive a third party — for example, obtaining a loan — Section 420 IPC applies. It carries imprisonment up to seven years and a fine.

Section 468 IPC — Forgery for Purpose of Cheating. If the fraudster forged your documents — created fake Aadhaar copies or fake KYC forms in your name — Section 468 IPC applies. This carries imprisonment up to seven years and a fine.

Section 471 IPC — Using as Genuine a Forged Document. If someone submits a forged document (a fake Aadhaar copy) to a bank or telecom company as if it were genuine, Section 471 IPC is attracted.

The combination of IT Act and IPC charges means that the FIR against the fraudster can be more comprehensive and more serious in terms of potential sentencing — especially because IPC Section 420 carries a maximum sentence of seven years, which is longer than the three years under the IT Act provisions alone.

Who Else Is Responsible — Banks and Telecom Companies?

This is a question most victims never think to ask. But it is important: the bank that opened an account in your name without proper verification, or the telecom company that issued a SIM card without genuine KYC, may itself have violated regulatory obligations — and you can hold them accountable.

Banks in India are required by the Reserve Bank of India (RBI) to follow Know Your Customer (KYC) norms. These norms require verification of identity documents before opening any account. If a bank opened an account in your name using forged documents and without actually verifying that you were the real customer, it has failed its KYC obligation. You can file a complaint with the bank's internal grievance officer, and if that is not resolved within 30 days, you can approach the Banking Ombudsman under the RBI's Integrated Ombudsman Scheme.

Similarly, telecom companies are required by the Department of Telecommunications (DoT) to follow subscriber verification procedures before issuing SIM cards. A SIM issued on a fraudulent Aadhaar copy violates these rules. You can approach the telecom company's nodal officer and, if unresolved, file a complaint with TRAI or the DoT.

UIDAI (the Aadhaar authority) has a specific complaint mechanism if your Aadhaar has been misused. You can lock your Aadhaar biometrics on the UIDAI resident portal (resident.uidai.gov.in) to prevent further misuse, and file a complaint directly with UIDAI.

The broader legal principle here is that both banks and telecom companies are service providers. If their negligence in KYC enabled the fraud against you, they may be held liable for deficiency in service. Consumer rights in banking disputes — including complaints about bank negligence — are a recognised avenue for relief even in cases where the bank itself was not the fraudster but enabled the fraud through lax processes.

How Do You Know It Has Happened to You?

Many victims of identity fraud do not discover the problem until significant damage has already been done. Here are the warning signs to watch for:

• You receive calls from debt recovery agents about a loan or credit card you never applied for.
• Your CIBIL or credit score drops suddenly and shows accounts you do not recognise.
• You receive OTPs on your phone for transactions or account activations you did not initiate.
• A bank passbook or account statement arrives at your address for an account you never opened.
• Police or law enforcement contacts you about criminal activity linked to a SIM or bank account in your name.
• You are denied a loan because of unexplained existing liabilities on your credit report.
• You notice unfamiliar entries when you check your Aadhaar authentication history on the UIDAI portal.

If any of these things are happening to you, act quickly. Delay gives fraudsters more time to use your identity, and it can complicate your own legal defence if authorities come looking for you in connection with the fraud.

What Should I Actually Do Now?

1. Collect and preserve all evidence immediately. Take screenshots of every suspicious SMS, call log, credit report entry, or notification. Note dates and times. If you have received physical mail — a bank statement, a recovery notice — keep it safely. This evidence will be needed for every complaint you file. Learn how to preserve digital evidence before it disappears.
2. Check your credit report. Get your free credit report from CIBIL, Experian, CRIF, or Equifax (you are entitled to one free report per year from each bureau). Identify all accounts and loans you do not recognise. Note the bank names and account numbers involved.
3. Lock your Aadhaar biometrics. Go to resident.uidai.gov.in and lock your biometric authentication. This prevents anyone from using your fingerprints or iris scan to authenticate your Aadhaar at a bank or telecom company. You can unlock it temporarily when you genuinely need to use biometrics.
4. File a complaint on the National Cybercrime Portal. Go to cybercrime.gov.in or call the national helpline 1930. This creates an official record of the complaint and triggers investigation. Report under the "Financial Fraud" or "Identity Theft" category as applicable.
5. File an FIR at your local police station. The FIR should mention Section 66C and Section 66D of the IT Act, and Sections 419, 468, and 471 of the IPC. If the police refuse to register the FIR, you can approach the Superintendent of Police or file a complaint before a Magistrate under Section 200 of the Code of Criminal Procedure.
6. Write to the bank formally. Send a written complaint (by email and registered post) to the bank's grievance officer stating that an account was opened in your name without your knowledge or consent. Request immediate freezing of the fraudulent account and a written response. If no response within 30 days, escalate to the Banking Ombudsman via bankingombudsman.rbi.org.in.
7. Complain to the telecom company. If a SIM card was issued in your name, write to the telecom company's nodal officer. Request immediate disconnection of the fraudulent SIM and a written acknowledgment. If unresolved, file a complaint with TRAI at trai.gov.in.
8. Dispute the credit report entry. Write to the credit bureau directly, attaching your FIR copy and complaint letters, and request removal of the fraudulent account from your credit history. Banks are legally obligated to correct fraudulent entries once you provide an FIR.
9. Consider a claim for compensation. Under Section 43 of the IT Act, you can claim compensation before the Adjudicating Officer for damage caused by the fraudulent use of your computer-linked data. Claims up to Rs 5 crore are heard by the Adjudicating Officer; larger claims go to civil court.
10. Consult a lawyer early. Identity fraud cases involve multiple agencies — police, banks, UIDAI, telecom companies — and coordinating complaints across all of them while maintaining consistent documentation is not straightforward. A lawyer can help you draft complaints, follow up, and ensure that none of your own rights are compromised in the process.

Can You Get Compensation?

Yes — and this is something most victims do not know. The IT Act provides a civil remedy alongside the criminal one.

Section 43 of the IT Act lists acts that cause damage to a computer system or data without the owner's permission — including accessing computer systems without permission and manipulating account details. Section 43 says that anyone who commits these acts "shall be liable to pay damages by way of compensation to the person so affected."

When someone uses your Aadhaar or digital identity to open a bank account or SIM card through an online process, they are accessing computer systems — the bank's or telecom company's servers — using your credentials without your permission. This squarely falls within Section 43.

To claim compensation, you file a complaint before the Adjudicating Officer appointed under the IT Act. The Adjudicating Officer has the power to award compensation up to Rs 5 crore. Under Section 64 of the IT Act, if the compensation awarded is not paid by the guilty party, it is recoverable as an arrear of land revenue — meaning the state machinery can help enforce collection.

If you are not satisfied with the Adjudicating Officer's order, you can appeal to the Appellate Tribunal (now the TDSAT, or Telecom Disputes Settlement and Appellate Tribunal) within 45 days under Section 57 of the IT Act. The Appellate Tribunal aims to dispose of appeals within six months. From there, a further appeal lies to the High Court within 60 days under Section 62 of the IT Act.

This Is a Serious Crime — But the System Has Gaps

It would be unfair to tell you only the good news without being honest about the challenges.

Section 66C and Section 66D of the IT Act are bailable offences. This means that even if the police arrest the person who stole your identity, that person can walk out of the police station the same day on bail as a matter of right. Legal experts — including the authors of leading IT Act commentaries — have criticised this as inadequate for crimes of this severity. The law needs to be strengthened.

The IT Act also does not clearly specify which court has territorial jurisdiction for trying cybercrime offences. Courts fall back on CrPC Chapter XIII to figure this out, which can lead to delays and confusion about where to file.

Investigation of identity fraud cases requires cybercrime units with technical expertise. Not every police station has this capacity. The national cybercrime portal (cybercrime.gov.in) routes complaints to specialised units, which is why filing there — in addition to a local FIR — is important.

None of these limitations mean that you should not pursue legal action. They mean you should pursue it with realistic expectations and, ideally, with professional guidance. The law does give you tools. Using those tools effectively requires persistence.

At Pinaka Legal, we have worked with clients who discovered fraudulent accounts and SIM cards registered in their names. If you are facing this situation right now, reach out to us before you file anything — we can help you structure your complaints in a way that maximises their legal impact and protects your own position from the start.

Frequently Asked Questions

Someone opened a bank account in my name — is that a crime under Indian law?

Yes, it is a criminal offence. Under Section 66C of the Information Technology Act, 2000, fraudulently using another person's unique identification feature — such as their Aadhaar number, PAN, phone number, or electronic signature — is identity theft punishable with imprisonment up to three years and a fine up to Rs 1 lakh. Section 66D additionally covers cheating by personation using a computer resource or communication device. Both provisions directly apply when someone opens a bank account or SIM card in your name without your consent.

A SIM card was registered in my name without my permission. What should I do first?

Act on three fronts at the same time. First, call or email the telecom company and ask them to immediately disconnect the fraudulent SIM and preserve connection records. Second, file a complaint at cybercrime.gov.in or call helpline 1930, and also file a police FIR citing IT Act Section 66C, 66D and IPC Sections 419 and 468. Third, lock your Aadhaar biometrics at resident.uidai.gov.in to stop further misuse of your Aadhaar for SIM activations or bank KYC. Keep copies of every complaint you file.

Can I claim compensation from the bank that opened an account in my name?

Yes, potentially. Banks are required by RBI to follow KYC norms before opening any account. If the bank failed to properly verify your identity and allowed a fraudulent account to be opened in your name, it may have committed a deficiency in service. You can file a complaint with the bank's grievance officer and then escalate to the Banking Ombudsman. Separately, under Section 43 of the IT Act, you can also seek compensation from those who accessed computer systems in your name — which may include the fraudster and potentially parties whose negligence enabled the fraud.

The police say they cannot register an FIR for identity theft. What can I do?

If the police at a local station refuse to register your FIR, you have two options. First, you can approach the Superintendent of Police with a written complaint — the SP can direct the station to register the FIR. Second, under Section 200 of the Code of Criminal Procedure, you can file a complaint directly before a Judicial Magistrate. The Magistrate can then take cognizance and direct the police to investigate. Always send your complaint to the police by registered post so you have proof of receipt, and simultaneously file online at cybercrime.gov.in.

My CIBIL score is damaged because of a loan taken in my name by fraud. How do I fix it?

First file an FIR and get a copy. Then write to the bank that issued the fraudulent loan, attaching the FIR copy, and formally dispute the account as fraudulent. Banks are required to mark disputed accounts during investigation. Simultaneously write to the credit bureau (CIBIL, Experian, etc.) with your FIR copy and the bank's acknowledgment, requesting the entry be disputed or removed. Credit bureaus have a mechanism for this. Once the fraud is confirmed, the entry should be corrected. If the bank or bureau refuses to act, you can file a consumer complaint or approach the Banking Ombudsman.

Can someone who opened a bank account in my name using my Aadhaar actually get arrested?

Yes, the police can arrest the offender under Section 66C and/or Section 66D of the IT Act, which are cognizable offences. However, both offences are currently bailable under the IT Act — meaning the arrested person can get bail as a matter of right soon after arrest. The IPC offences that can be charged alongside — like Section 420 (cheating) — are more serious and may restrict bail. The practical outcome depends on how many charges are filed and the strength of evidence.

What is the helpline number for cyber fraud and identity theft complaints in India?

The National Cybercrime Helpline number is 1930. You can also file complaints online at cybercrime.gov.in. These complaints go to specialised cybercrime investigation units. Filing here does not replace filing an FIR at your local police station — you should do both. The 1930 helpline is especially useful for freezing fraudulent accounts quickly before more money is moved through them.

Is it a crime even if the fraudster used my Aadhaar but did not cause me any financial loss yet?

Yes. The offences under Section 66C (identity theft) and Section 66D (cheating by personation) of the IT Act do not require that you have suffered a financial loss. The crime is the fraudulent or dishonest use of your identification features and the act of personating you. The moment someone uses your Aadhaar or other ID without your consent to open an account or SIM card, the offence is complete. You do not have to wait for financial damage to materialise before filing a complaint.

Someone opened a bank account or SIM in my name — can I be held responsible for what they do with it?

You cannot be held legally responsible for crimes committed by a fraudster using your identity, provided you report the fraud promptly and have not yourself given consent or enabled the fraud. The key is timing — report the fraud as early as possible so there is a documented trail showing you were a victim and not a participant. If police or a bank contacts you about activity on the fraudulent account, do not panic: immediately show them your FIR copy and the complaints you have filed.

My Aadhaar was submitted as KYC at many places. How do I stop ongoing misuse?

There are two immediate steps. First, lock your Aadhaar biometrics at resident.uidai.gov.in — this prevents anyone from using your fingerprints or iris at an Aadhaar-enabled authentication terminal, which is what banks and SIM dealers use. Second, generate a Virtual ID (VID) on the UIDAI portal. A VID is a temporary 16-digit number that you can share instead of your actual Aadhaar number — it can be used for most KYC purposes and can be refreshed periodically. You can also check your Aadhaar authentication history on the portal to see where and when your Aadhaar has been used.

How long does it take for a cybercrime identity theft case to be resolved?

There is no fixed timeline. Investigation depends on the cybercrime unit's workload and the technical complexity of tracing the fraudster. The credit score correction process can take several weeks once you provide the FIR and dispute the entry. The Adjudicating Officer under the IT Act must endeavour to dispose of compensation claims expeditiously. If you appeal to the Appellate Tribunal, the IT Act says appeals should be resolved within six months where possible. In practice, criminal trials take longer. The best way to speed things up is to have all documentation organised and pursue all channels simultaneously rather than one after another.

Written by the Pinaka Legal Editorial Team. For queries, call +91 8595704798 or email info@pinakalegal.com.