PRESIDENT Rodrigo R. Duterte has signed a law declaring the hacking of banking systems as a form of economic sabotage, and imposing stiffer penalties on those who hack bank accounts and conduct credit card, automated teller machine (ATM) card, and debit card fraud.
Mr. Duterte on Aug. 28 signed Republic Act (RA) No. 11449, which amends RA No. 8484 or the Access Devices Regulation Act of 1998. Copies of the law were released to reporters on Wednesday.
Section 1 of the law reads in part: “[T]he commission of a crime using access devices is a form of economic sabotage and a heinous crime and shall be punishable to the maximum level allowed by law.”
Access devices, as defined by the law, include any “card, plate, code, account number, electronic serial number, personal identification number or other telecommunications service, equipment or instrumental identifier or other means of account access that can be used to obtain money, good, services or any other thing of value or to initiate a transfer of funds (other than a transfer originated solely by paper instrument).”
Prohibited acts, as enumerated under the Section 9 of the law, include the skimming of ATM cards, hacking banking systems and counterfeiting of credit or debit card.
Under the new law, one found guilty of hacking a bank’s system, skimming of at least 50 ATM cards or online banking accounts, which constitutes “economic sabotage,” will face life imprisonment and P1-5 million fine.
The previous law imposed only P10,000 or twice the value obtained through the offense and six to 20 years of imprisonment for access device fraud.
The new law states that possession of at least 10 counterfeit access devices and/or unauthorized access devices which was used to access at least one account will warrant a fine of at least P500,000 and imprisonment of 12-20 years.
The law defines counterfeit access device as a card, plate, code or account number, among others, “that is counterfeit, fictitious, altered or forged, or an identifiable component of an access device or counterfeit access device or any fraudulent copy or reproduction.”
Those found in possession of 10 or more counterfeit access devices — even if they were not proven to have accessed any account — will face six to 12 years imprisonment and P300,000 fine or twice the equivalent of the aggregate amount of all affected bank accounts, whichever is higher.
Those using fraudulent credit cards will face four to six years imprisonment and a fine equivalent to twice the value obtained.
Those who used even just one counterfeit device or possessed device-making or altering equipment face 10-12 years jail time and P500,000 fine or twice the value obtained, whichever is higher.
The law further states that a penalty amounting to P800,000 or twice the value obtained, whichever is higher, and a jail term of 12 to 20 years will be meted against individuals who committed any offense under Section 9 of RA 8484, “which occurs after a conviction for another offense under the same section, or an attempt to commit the same.”
The new law, which takes effect 15 days after its publication in the Official Gazette or in a newspaper of general circulation, directs banks to submit real-time reports on access device fraud incidents to the National Bureau of Investigation and the Anti-Cybercrime Group of the Philippine National Police.
The law had originated from the House of Representatives as House Bill No. 6710 in February last year. The Senate approved the bill on final reading with 20 affirmative votes and no negative ones on June 3 this year.
The Bankers Association of the Philippines (BAP) said it supports the new law, which protects their clients and provides remedial measures to help attain speedy conviction against offenders.
“The unabated activities of these criminals will not only result to loss of money but likewise cause distrust to the financial institutions. In both instances, the damage is beyond pecuniary estimation as it will destabilize the economy,” the BAP said in a statement.
“The relatively lighter penalties and fines as well as the vagueness in elements of the crime in the old law have been adequately addressed by these amendments. These amendments illustrate Congress’s deep appreciation of fraud and cybersecurity threats that this important legislation will effectively address,” the BAP added. — Arjay L. Balinbin