Question & AnswerQ&A (Republic Act No. 11449)
Republic Act No. 11449 provides additional prohibitions and increases penalties for violations of Republic Act No. 8484, known as the Access Devices Regulation Act of 1998, aiming to protect rights and regulate the issuance and use of access devices in commercial transactions.
An access device is any card, plate, code, account number, electronic serial number, personal identification number, or other telecommunications service, equipment, or means of account access used to obtain money, goods, services, or to initiate fund transfers other than those originated solely by paper instruments.
Unlawful acts include producing or using counterfeit access devices, skimming, copying or counterfeiting payment cards, producing or possessing software or hardware used to perpetrate these crimes, unauthorized access to banking applications or accounts, and hacking, among others.
The offender faces imprisonment from 12 to 20 years and a fine twice the amount of affected bank accounts, but not less than PHP 500,000.
Economic sabotage is committed when prohibited acts involve hacking a bank's system, skimming 50 or more payment cards, or affecting 50 or more online banking accounts, credit cards, payment cards, or debit cards, attracting life imprisonment and fines ranging from PHP 1,000,000 to PHP 5,000,000.
The penalty is imprisonment of 12 to 20 years and a fine of PHP 800,000 or twice the value obtained by the offender, whichever is higher, plus civil liability.
Card skimming is a type of fraud involving illegal copying of information from the magnetic stripe of a payment card to gain unauthorized access to customer accounts.
They must conduct initial investigations on reported access device fraud and furnish real-time reports to the NBI and PNP Anti-Cybercrime Group, including perpetrator identification if feasible, which serves as the complaint for further prosecution.
Hacking refers to unauthorized access or interference with computer or information systems to corrupt, steal, destroy, or alter electronic data, including virus introduction, punishable under the law.
If the cardholder abandons or surreptitiously leaves their place of residence or business without informing the credit card company, and at the same time, the unpaid balance is past due for at least 90 days and exceeds PHP 200,000, they are presumed to have intent to defraud.