PAN Card Misuse: Government Cracks Down on Unauthorized Access

PAN Card: The majority of financial institutions maintain customer information, which encompasses Aadhaar and PAN card numbers. These companies maintain that they have not been exploited in an unauthorised manner; however, numerous instances have emerged in which these details have been exploited. In such a scenario, the government is highly vigilant and has the ability to take action against these companies.

The government issued these directives.

The unauthorised use of PAN details is the subject of a significant government initiative. The Union Home Ministry’s Indian Cyber Crime Coordination Centre (I4C) has issued directives to financial technology companies and other consumer technology firms regarding this matter. The government has declared that these organisations are prohibited from utilising the Permanent Account Number (PAN) information of Indian citizens in an unauthorised manner.

The government has initiated stringent measures to prevent the unauthorised operation of personal data by technology companies and has implemented the Digital Personal Data Protection Act, 2023 (DPDP).

What are the activities of companies?

The name of the service was “Pan enrichment,” according to a senior executive of a fintech company who disclosed it to the media. It will assist loan distribution companies in the development of customer profiles by utilising their PAN numbers to facilitate the cross-selling of credit and other financial products.

He also mentioned that customers occasionally utilise this data to verify the information they have provided in their applications. Nevertheless, this service has undergone modifications as a result of the government’s recent regulations.

Misuse of a Permanent Account Number (PAN)

Measures to address the misuse of PAN cards

Media reports have disclosed that numerous organisations have obtained customers’ personal information, including their full name, address, and phone number, by utilising their PAN numbers to access the backend system of the Income Tax Department. Additionally, the PAN number’s association with the consumer credit score renders it a critical piece of information. While this does not constitute a data breach, it evidences unauthorised access to the backend infrastructure of the Income Tax Department.

In this scenario, a variety of financial institutions, such as direct sales agents, lending platforms, loan sourcing channels, and credit aggregators, exploited this unauthorised access. Businesses are required to obtain appropriate consent and utilise authorised channels when processing citizens’ information in accordance with the DPDP Act of 2023. These companies will no longer have direct access to this information from the Income Tax Department.