New cybersecurity law against bank, ATMs and credit card hackers; they will now face life imprisonment

These are bad news for cybercrime. Digital forensics specialists report that cybercrimes against banking institutions, such as hacking an online account or cloning credit and debit cards could take those responsible to jail for the rest of their lives, all thanks to a new bill in Philippines.

Last August 28th President Rodrigo Duterte signed the Law of the Republic No. 11449, which introduces new and more severe penalties for violations of the Access Device Regulation Act of 1998; the project was revealed this September 25 morning.

As mentioned, the highest penalties are reserved for crimes related to so-called access device fraud, including theft and forgery of payment cards, possession or development of hardware and software to illicitly access banking information, illegitimate access to bank accounts or ATMs and any hacking activity against a bank or user, are mentioned by digital forensics experts.

On the other hand, the highest penalty is life imprisonment plus a really high fine, and is reserved for hacking activities against a full banking system, stealing 50 or more payment cards, and fraud of access devices against more than 50 bank accounts or payment devices, local media report.

In the presentation of the new law, the representative of the government of the Philippines stated, “From now on, these activities will be regarded as heinous crimes with intent of economic sabotage, so they will face more severe penalties.”  

Firms specializing in digital forensics detail some of the new sanctions related to cybercrimes against banks in the Philippines:

  • Fraudulent use of credit cards: Between 4 and 6 years in prison plus a fine double the value of the credit obtained fraudulently
  • Possession of a counterfeit access device: Between 2 and 20 years in prison, plus a fine equivalent to twice the amount operated by the affected accounts
  • Possession of 10 or more counterfeit access devices, without checking access to accounts or credits: Between 6 and 12 years in prison, plus a fine of at least 300k Philippine pesos ($5.7K USD) or double the total amount of committed accounts
  • Full hacking of a banking system, theft of at least 50 payment cards or illegal access to at least 50 online bank accounts or payment cards: Life sentence plus fine of up to 5 million Philippine pesos ($95.5k USD)

Digital forensics specialists at the International Institute of Cyber Security (IICS) believe that, although these measures are reactive, they are a good start to mitigating the activities of these hacker groups, which have increased their crimes recently, even going on to operate internationally. A couple of months ago a jackpotting campaign was reported at some ATMs in Nepal, perpetrated by Chinese hackers receiving orders from a group of hackers residing in Spain; Nepalese authorities managed to arrest some of the members of this operation while trying to withdraw money from an ATM for the fifth time.