Bank hackers and skimmers may now face life imprisonment under a new law signed by President Rodrigo Duterte.
Duterte signed Republic Act 11449, which amends the “Access Devices Regulation Act of 1998” (RA 8484), on Aug. 28 but a copy of the document was made public on Wednesday.
Under the law, the state “acknowledges that the advances in information technology on access devices have been exploited by criminals and criminal syndicates in perpetrating fraudulent activities that ultimately undermine the trust of the public in the banking industry.”
“Due to this deleterious effect on the economy, the State declares that the commission of a crime using access devices is a form of economic sabotage and a heinous crime and shall be punishable to the maximum level allowed by law,” the law read.
Access device refers to “any card, plate, code, account number, electronic serial number, personal identification number, or other telecommunications service, equipment, or instrumental identifier, or other means of account access that can be used to obtain money, good services, or any other thing of value, or to initiate a transfer of funds.”
Hacking is defined as the “unauthorized access into or interference in a computer system/server, or information and communication system, or any access in order to corrupt, alter, steal, or destroy using a computer or any other similar information and communication devices without the knowledge and consent of the owner of the computer or information and communication system.”
For the fraudulent use of a credit card, the minimum punishment is four to six years and a fine of twice the value of the fraudulently obtained credit.
Offenders in possession of 10 or more counterfeit access devices who gained credit face imprisonment for 12 to 20 years and a fine of twice the equivalent of the aggregate amount of all affected of exposed bank accounts but not less than PHP500,000.
Those who possess 10 or more counterfeit access devices but was not proven to have gained any credit, face only imprisonment of six to 12 years and a fine of PHP300,000 or twice the equivalent of the aggregate amount of all affected or exposed bank accounts, whichever is higher.
Meanwhile, violators face life imprisonment and a fine of PHP1 to PHP5 million if the offense constitutes economic sabotage.
Economic sabotage includes hacking a bank’s system; skimming affected 50 or more payment cards; and if the act affected 50 or more online banking accounts, credit cards, payment cards, and debit cards.
The law also requires banks, financing companies, and other financial institutions issuing access devices, and partner merchants to conduct initial investigation on any reported access device fraud and furnish real-time reports on the result to the National Bureau of Investigation (NBI) and the Anti-Cybercrime Group of the Philippine National Police.
“The report shall contain a narration about the fraud committed and an identification of the perpetrator, if feasible. The report shall further constitute the complaint necessary for the NBI or the Anti-Cybercrime Group of the PNP to pursue further investigation and prosecution of the fraud,” the law read.
It also states that banks, financing companies and other financial institutions, including their subsidiaries and affiliates, issuing access devices will be continue to be regulated and supervised by the Bangko Sentral ng Pilipinas while other companies issuing access devices will continue to be regulated and supervised by the Securities and Exchange Commission. (PNA)