2025 (7) TMI 1330 - HC - Indian Laws

Authorities Neglected FIR Filing in Aadhaar-PAN Identity Theft; Bank Failed Aadhaar Authentication Compliance

Vilas Prabhakar Lad Versus Unique Identification Authority of India (UIDAI) Mumbai Versus Chief Commissioner, Gujarat State, UTI Infrastructure & Technology Service Ltd., Union of India, Chief Commissioner of Income Tax, Income Department, Mumbai, Manager, Union Bank of India, Commissioner of State Tax, Government of Gujarat.

The HC held that the Income Tax Department and other statutory authorities failed to discharge their duties by not filing an FIR or initiating criminal ... Initiation of criminal proceedings for identity theft/misuse of Aadhar - Failure to take necessary measures to ensure confidentiality of identity information - HELD THAT:- The illegal act of fraud was brought to the notice of Respondent No. 5, Income Tax Department by the Petitioner in January 2021, but we have not been shown any material by Respondent No. 5 of any complaint having been lodged with the police authorities. It was incumbent upon the Income Tax Department to have lodged a complaint with the police authorities since PAN number of the Petitioner was misused for availing GST registration number, opening bank account, etc. Even today, with the matter having been argued for more than 2-3 days, no one appeared on behalf of Respondent No. 5 to apprise the Court on this issue. This only shows callousness with which such a serious matter is being handled by the Revenue officials. There are no doubt in mind that none of the Respondents, who are statutory and regulatory authorities, have discharged their duties under the Acts by which they are governed. There has been a total failure on the part of these Respondents in not taking any action since the last five years of the discovery of fraud committed on them. The least that they could have done was to file an FIR with the police authorities for conducting investigation to prevent such events in the near future. The fraud played on all these Respondent authorities have been taken very lightly. We do not approve the inaction on the part of the Respondents in not filing an FIR or setting the criminal proceedings in motion. This is an issue which the highest authorities of each of the Respondents should introspect, investigate and fix accountability for such blatant inaction. There are doubts as to what would be achieved if criminal proceedings are set in motion after a period of five years of discovery of the fraud if, at all, the Respondents take the matter seriously now at least. In the instant case, admittedly and undisputedly Respondent No. 6 has failed to carry out the directions contained in paragraph 16 of Chapter VI of the Master Directions – KYC Direction 2016, since Respondent No. 6 has not conducted any Aadhaar authentication. Had Respondent No. 6 conducted Aadhaar authentication in accordance with the 2016 Regulations and Master Directions of the RBI, then the photograph of the Petitioner would have got displayed on the screen of Respondent No. 6 and they could have verified the said photograph with the actual person in front of them for opening the bank account - The contention of Respondent No. 6 that they also relied on rent agreement, GST registration, etc. for opening the bank account and therefore they have taken due diligence and care cannot be accepted since Aadhaar number was also given and it was obligatory on the part of Respondent No. 6 for authenticating the same as required by the Master Directions and Aadhaar (Authentication) Regulation, 2016. Therefore, Respondent No. 6 has not discharged its duty in accordance with the Master Directions and 2016 Regulations for authentication. In the instant case, the fraud could have been detected at an early stage had all the Respondents been diligent enough to authenticate the Aadhaar number. However, inaction on the part of the Respondents after having failed in their duty has aggravated the situation even more - Respondent No. 1 should take steps to make the public aware of the authorities/entities who can insist on Aadhaar number and these authorities/entities who are permitted to use Aadhaar number for authentication should be equipped with necessary technology for authentication and such authentication should be done in accordance with the Aadhaar (Authentication) Regulations of 2021, including the authentication by matching the photograph of the person appearing on the system and comparing the same with the physical presence of the person whose Aadhaar number is being used. Petitioner is directed to approach the Income Tax Authorities to ascertain whether a different PAN can be issued in place of what is being misused and the Income Tax Department and Respondent No. 5 would guide the Petitioner on this issue and if it is not possible to issue, to de-activate the old number and issue a new number, then what steps the Petitioner and Respondent No. 5 should adopt to prevent misuse of the PAN number - The attachment order passed by Respondent No. 7 for recovery of dues of transactions carried out by unknown person and which is annexed at Exhibit ‘ZZ’ of this petition is quashed and set aside. Petition disposed off. ISSUES: Whether statutory and regulatory authorities have a duty to initiate criminal proceedings upon discovery of identity theft and fraud involving misuse of Aadhaar, PAN, bank accounts, and GST registration.Whether the Unique Identification Authority of India (UIDAI) can cancel or suspend an Aadhaar number and issue a fresh Aadhaar number to the same individual under the Aadhaar Act, 2016.Whether the Income Tax Department can issue a new PAN number or deactivate an existing PAN number in cases of identity fraud and misuse.Whether banks are obligated to authenticate Aadhaar numbers using biometric verification and other prescribed methods before opening accounts, as per RBI Master Directions and Aadhaar Authentication Regulations.Whether failure by statutory authorities to promptly act on fraud complaints constitutes dereliction of duty and warrants imposition of costs.Whether criminal proceedings initiated against an individual impersonated in fraud should be stayed pending investigation and arrest of the actual culprits.Whether GST authorities must suspend or cancel GST registration obtained fraudulently using another person's identity and remove such entries from their portals. RULINGS / HOLDINGS: The Court held that all statutory and regulatory authorities failed to discharge their duties by not initiating criminal proceedings or lodging FIRs upon discovery of fraud, describing this as 'total failure' and 'dereliction of their duties.'The UIDAI cannot issue a second Aadhaar number to the same person since the Aadhaar number is a 'unique identity ascribed to each person' under the Aadhaar Act, 2016.The Income Tax Department was directed to clarify whether it can issue a different PAN number or deactivate the existing one, and to guide the petitioner accordingly, emphasizing the need for measures to prevent misuse of PAN linked with Aadhaar.The bank (Respondent No. 6) failed to comply with the RBI Master Directions and Aadhaar Authentication Regulations, 2016 by not conducting Aadhaar authentication including biometric verification, which would have displayed the petitioner's photograph and prevented the fraudulent account opening.The Court imposed costs of Rs. 10,000/- each on Respondent Nos. 1, 2, 5, 6, and 7 for their dereliction in duty and non-initiation of criminal proceedings despite knowledge of the fraud.The attachment order passed by the GST authorities was quashed and set aside, and the GST authorities were directed not to initiate proceedings against the petitioner for transactions conducted by the impersonator.Criminal proceedings before the Metropolitan Magistrate were stayed pending the completion of investigation and arrest of the actual fraudsters.The GST authorities were directed to delete the petitioner's Aadhaar and PAN numbers from their portal against the fraudulent trade name. RATIONALE: The Court applied the statutory framework of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, the Income-tax Act, the GST Act, and RBI Master Directions on Know Your Customer (KYC) procedures, including the Aadhaar Authentication (Regulation), 2016.The Court emphasized that biometric authentication and offline verification are mandatory under the Aadhaar Authentication Regulations and RBI Master Directions, and failure to comply undermines the integrity of identity verification processes.The Court noted the unique nature of Aadhaar as a 'unique identity' number, precluding issuance of duplicate numbers, but recognized the need for the Income Tax Department to consider issuance or deactivation of PAN numbers to prevent misuse.The Court criticized the 'inaction' and 'callousness' of statutory authorities and law enforcement agencies over a five-year period, highlighting the necessity of prompt FIR registration and criminal investigation to deter and address identity fraud.The Court referenced the importance of public awareness and technological safeguards (such as QR codes, OTP verification, biometric locks) already implemented or recommended under the Aadhaar Act and related regulations to prevent misuse.The Court relied on precedent and statutory mandates requiring regulatory authorities to act 'with lightning speed' upon discovery of fraud, and expressed disappointment at the failure to do so, underscoring a doctrinal expectation of accountability and proactive enforcement.The Court also referred to a similar decision by another High Court directing criminal action against fraudsters in identity theft cases, reinforcing the principle of enforcement responsibility.