QuestionsQuestions (Republic Act No. 11449)
It recognizes advances in technology and widespread use of access devices, and states that crimes using access devices undermine trust in the banking industry and the economy. It declares that such commission is a form of economic sabotage and a heinous crime punishable to the maximum level allowed by law.
As any card, plate, code, account number, electronic serial number, PIN, or other telecommunications service/equipment/instrumental identifier or means of account access that can be used to obtain money, goods, services, or other thing of value, or initiate a transfer of funds (other than a transfer originated solely by paper instrument).
It defines hacking as unauthorized access into or interference with a computer system/server or information and communications system, or access to corrupt/alter/steal/destroy using a computer or similar device without the owner’s knowledge and consent, including introduction of computer viruses, resulting in corruption/destruction/alteration/theft/loss of electronic data messages or documents.
A type of fraud involving illegal copying of information from the magnetic stripe of a payment card to gain access to customer accounts.
Acts such as producing, using, trafficking in counterfeit access devices; skimming/copying/counterfeiting credit, payment, or debit cards with intent to access and operate the account; production or possession of software/hardware components used to perpetrate the foregoing; accessing application/online banking/ATM/debit/credit accounts in a fraudulent manner regardless of monetary loss; and hacking as defined in the Act.
No. The law states that the fraudulent access/operation is unlawful whether or not cash is withdrawn or monetary injury is caused by the perpetrator.
It makes intent and unauthorized fraudulent access the core elements; actual monetary damage or loss is not required for liability under that prohibited act.
It increases the imprisonment ranges and sets specific fines tied to circumstances (e.g., number of counterfeit/unauthorized access devices, whether an account was accessed or credit gained, value obtained, and repetition). It also introduces life imprisonment and a large fine when the offense constitutes “economic sabotage.”
Imprisonment of not less than twelve (12) years and not more than twenty (20) years, plus a fine twice the equivalent of the aggregate amount of all affected or exposed bank accounts, but not less than PHP 500,000.
Imprisonment of not less than six (6) years and not more than twelve (12) years, plus a fine of PHP 300,000 or twice the equivalent of the aggregate amount of affected/exposed bank accounts, whichever is higher.
Imprisonment of not less than four (4) years and not more than six (6) years, with a fine of twice the value of the fraudulent obtained credit, without prejudice to civil liability.
Life imprisonment and a fine not less than PHP 1,000,000 but not more than PHP 5,000,000. Economic sabotage is deemed committed when: (1) the prohibited act involves hacking of a bank’s system; (2) skimming affected fifty (50) or more payment cards; or (3) the prohibited act affected fifty (50) or more online banking accounts, credit cards, payment cards, and debit cards.
A cardholder who abandons or surreptitiously leaves the stated place of employment/business/residence without informing the credit card company, when the outstanding unpaid balance is past due at least 90 days and more than PHP 200,000, is prima facie presumed to have used the credit card with intent to defraud.
All companies engaged in issuing access devices (including banks, financing companies, other financial institutions), and partner merchants must conduct initial investigation on reported access device fraud and furnish real-time reports on results to the NBI and the Anti-Cybercrime Group of the PNP. The report must narrate the fraud and identify the perpetrator if feasible, and constitute the complaint necessary for further investigation and prosecution.
The remaining provisions continue to be in force.
Fifteen (15) days after its publication in the Official Gazette or in a newspaper of general circulation.