Question & AnswerQ&A (Republic Act No. 11449)
The main purpose of Republic Act No. 11449 is to provide additional prohibitions and increase penalties for violations related to the use of access devices, enhancing the protection of rights in commercial transactions involving such devices and addressing crimes like fraud, hacking, and skimming as serious offenses, including economic sabotage.
An access device is defined as any card, plate, code, account number, electronic serial number, personal identification number, or other telecommunications service, equipment, or instrumental identifier, or means of account access that can be used to obtain money, goods, services, or initiate a transfer of funds (other than by paper instrument).
A counterfeit access device means any access device that is counterfeit, fictitious, altered, or forged, including any identifiable component or fraudulent copy or reproduction of a valid access device.
Prohibited acts include producing, using, trafficking counterfeit access devices, skimming or copying payment cards, possession or production of software or hardware used to perpetrate fraud, unauthorized access or hacking of bank accounts, online banking, and related systems.
The penalty is imprisonment for 12 to 20 years and a fine twice the aggregate amount of the affected accounts, but not less than Five hundred thousand pesos (P500,000).
Hacking refers to unauthorized access or interference in computer or information communication systems without the owner’s consent, including corrupting, altering, stealing, destroying information, or introducing computer viruses causing damage or loss.
Economic sabotage occurs when prohibited acts involve hacking a bank’s system, skimming affecting 50 or more payment cards, or affecting 50 or more online banking or card accounts. The penalty is life imprisonment and a fine from One million pesos (P1,000,000) to Five million pesos (P5,000,000).
All issuers of access devices must investigate reported fraud and provide real-time reports to the NBI and Anti-Cybercrime Group. Reports must include details of the fraud and perpetrator identification if possible, serving as the complaint enabling investigation and prosecution.
The cardholder is prima facie presumed to have used their credit card with intent to defraud if they abandon their place of employment, business, or residence stated in the application without informing the credit card company, with an overdue balance of at least 90 days exceeding P200,000.
For offenses committed after a prior conviction under the same section or attempts, penalties range from 12 to 20 years imprisonment and a fine of eight hundred thousand pesos (P800,000) or twice the value obtained, whichever is higher, aside from civil liabilities.