PRESIDENT Rodrigo Duterte has signed into law a bill punishing bank hackers and card fraudsters with life imprisonment.
Republic Act (RA) 11449, which was signed by the President on August 28, amends the “Access Device Regulation Act of 1998.”
“The State recognizes the recent advances in technology and the widespread use of access devices in commercial transactions. Toward this end, the State shall protect the rights and define the liabilities of parties in such commercial transactions by regulating the issuance and use of access devices,” the new law read.
RA 11449 also acknowledged that “the advances in information technology on access devices have been exploited by criminals and criminal syndicates in perpetrating fraudulent activities that ultimately undermine the trust of the public in the banking industry.”
“Due to this deleterious effect on the economy, the State declares that the commission of a crime using access devices is a form of economic sabotage and a heinous crime and shall be punishable to the maximum level allowed by law,” it added.
The new law declares hacking and skimming, or the copying of information on a bank card to illegally obtain data or money, as criminal offenses.
The minimum sanction will be four to six years in prison plus a fine worth twice the value of the illegally-obtained amount from using someone else’s credit card.
The punishment goes up to 20 years in jail and a fine of at least P500,000 for those who own at least 10 skimming devices and accessed at least one bank account through fraud.
Those with skimming gadgets but were not proven to have tapped into a bank account will face 6 to 12 years jail time and a P300,000 penalty or twice the equivalent of the aggregate amount of all affected of exposed bank accounts.
Meanwhile, life imprisonment plus a fine of P1 million up to P5 million await those caught hacking into bank systems or skimming at least 50 or more online bank accounts, debit, credit, or automated teller machine cards.
The new law also requires all banks, card issuers and stores accepting card payments to carry out initial investigation on any reported fraud incidents.
They must provide “real-time reports” to the National Bureau of Investigation and the Anti-Cybercrime Group of the Philippine National Police, as well as identification of the perpetrator, if possible.
These establishments may also be compelled to cooperate in investigations and provide data as needed.
“Notwithstanding this requirement, banks, financing companies and other financial institutions, including their subsidiaries and affiliates, issuing access devices shall continue to be regulated and supervised by the Bangko Sentral ng Pilipinas while other companies issuing access devices shall continue to be regulated and supervised by the Securities of Exchange Commission,” the law said.
RA 11449, which was released only on Wednesday, will take effect 15 days after its publication in the Official Gazette or in a newspaper of general circulation. CATHERINE S. VALENTE