Saturday, March 10, 2012

Access Devices Regulation Act

Aside from the penalty provisions of the E-Commerce Act to punish cybercrimes, there exists RA 8484 otherwise known as the Access Devices Regulation Act. The declaration of policy of this law states that the government "recognizes the recent advances in technology and the widespread use of access devices in commercial transactions. Toward this end, the State shall protect the rights and define the liabilities of parties in such commercial transactions by regulating the issuance and use of access devices". An access device is most usually a credit card or like instrument. A majority portion of the law sets out details that credit card companies must set forth and disclose to its customers. The pertinent provisions of the law regarding cybercrime are found in sec. 9 which enumerate the

Prohibited acts:

"(a) producing, using, trafficking in one or more counterfeit access devices;
(b) trafficking in one or more unauthorized access devices or access devices fraudulently applied for;
(c) using, with intent to defraud, an unauthorized access device;
(d) using an access device fraudulently applied for;
(e) possessing one or more counterfeit access devices or access devices fraudulently applied for;
(f) producing, trafficking in, having control or custody of, or possessing device-making or altering equipment without being in the business or employment, which lawfully deals with the manufacture, issuance, or distribution of such equipment;
(g) inducing, enticing, permitting or in any manner allowing another, for consideration or otherwise to produce, use, traffic in counterfeit access devices, unauthorized access devices or access devices fraudulently applied for;
(h) multiple imprinting on more than one transaction record, sales slip or similar document, thereby making it appear that the device holder has entered into a transaction other than those which said device holder had lawfully contracted for, or submitting, without being an affiliated merchant, an order to collect from the issuer of the access device, such extra sales slip through an affiliated merchant who connives therewith, or, under false pretenses of being an affiliated merchant, present for collection such sales slips, and similar documents;
(i) disclosing any information imprinted on the access device, such as, but not limited to, the account number or name or address of the device holder, without the latter's authority or permission;
(j) obtaining money or anything of value through the use of an access device, with intent to defraud or with intent to gain and fleeing thereafter;
(k) having in one's possession, without authority from the owner of the access device or the access device company, an access device, or any material, such as slips, carbon paper, or any other medium, on which the access device is written, printed, embossed, or otherwise indicated;
(l) writing or causing to be written on sales slips, approval numbers from the issuer of the access device of the fact of approval, where in fact no such approval was given, or where, if given, what is written is deliberately different from the approval actually given;
(m) making any alteration, without the access device holder's authority, of any amount or other information written on the sales slip;
(n) effecting transaction, with one or more access devices issued to another person or persons, to receive payment or any other thing of value;
(o) without the authorization of the issuer of the access device, soliciting a person for the purpose of:

1) offering an access device; or
2) selling information regarding or an application to obtain an access device; or

(p) without the authorization of the credit card system member or its agent, causing or arranging for another person to present to the member or its agent, for payment, one or more evidence or records of transactions made by credit card."

According to the PNP Handbook, these prohibited acts can be generalized into two common forms of credit card fraud: Account Take Over and "Skimming". Account take over is usually done by a person getting your personal information and billing statements (like stealing from your real-life mailbox). This person then usually redirects the credit card delivery to his or her own residence and subsequently impersonates and uses your account.

Skimming is a far more insidious manner of fraud. When we use credit cards, the machine they use to swipe the card reads the magnetic strip and subsequently forwards the data to your bank or whatnot. Unscrupulous persons can actually rig these machines to not only read but also copy the data on the magnetic strip. Once the data is acquired, its an easy task to create a fake card with a copy of the strip. Experts can make cards of such quality that its almost impossible to detect the fraud on the face of the card.

Ernesto Mario S. Mascenon Jr.
Blog Entry

No comments: