Miranda, Ana: The Development of Legislations to Curtail the Perpetuation of Electronic Fraud in the Financial Market

I. What is Fraud?

Fraud involves the use of dishonest or deceitful conduct in order to obtain some unjust advantage over someone else. It has been around for as long as people have been around – somebody trying to con somebody else, to offer them an unbelievable and unattainable deal, or to work the system unlawfully to their own advantage so that things come incredibly easily. While crimes of deception are well-established in history, technological, social, demographic and economic developments have brought about changes in the form fraud takes and how it is perpetrated. [1]

The circumstances in which fraud can exist are enormously diverse. Fraud has undeniably proliferated in different kind of industries, which include, but is not limited to, commercial fraud, fraud against governments, consumer fraud, securities fraud, intellectual property fraud, computer and telecommunications fraud, insurance fraud, credit card fraud, identity-related fraud and financial reporting fraud, among others.

The basic motivation for fraud is greed, a fairly robust and enduring human characteristic. Crime follows opportunity, and opportunities for fraud flow from economic growth. The more commerce there is, the more opportunities there are to commit fraud.

This paper will cover the perpetuation of electronic fraud in the financial market, both in local and global scale and will try to resolve whether sufficient laws and relevant rules and regulations have been enacted and implemented by the concerned bodies, legislative or otherwise, to the curtail the perpetuation of electronic fraud in the financial market.

II. Electronic Fraud: Types, Means and Modes of Commission in the Financial Market

While fraud has been around forever, the common thread running through most of the current wave of economic crimes is that they are greatly facilitated by recent developments in information technology. The benefits of computing and communications technologies are clearly apparent. People are able to communicate more effectively and at lower cost than in the past. It has also meant that geographical boundaries are able to be crossed more easily which has enhanced the process of globalization of economic and social life enormously. These same technologies that have provided so many benefits have, however, created enormous opportunities for offenders. These offenders are also able to perpetrate fraud on a much wider scale than in the past, duplicating countless fraudulent invoices, or establishing large numbers of accounts that only exist in cyberspace. Their victims may also be located anywhere in the world.

In its general sense, computer fraud is defined as, “any dishonest misrepresentation of fact intended to let another to do or refrain from doing something which causes loss by:

  • altering computer input in an unauthorized way. This requires little technical expertise and is not an uncommon form of theft by employees altering the data before entry or entering false data, or by entering unauthorized instructions or using unauthorized processes;
  • altering, destroying, suppressing, or stealing output, usually to conceal unauthorized transactions;
  • altering or deleting stored data; and
  • altering or misusing existing system tools or software packages, or altering or writing code for fraudulent purposes.” [2]

In its technical sense, a computer fraud is defined as, “any defalcation or embezzlement accomplished by tampering with computer programs, data files, operations, equipment, or media, and resulting in losses sustained by the organization whose computer system was manipulated. The distinguishing characteristic of computer fraud is that access occurs with the intent to defraud.” [3]

Fraud costs hundreds of millions of dollars a year in damages and affects hundreds of millions of people. Unfortunately, no one is completely safe from being defrauded. The most common electronic fraud committed in the financial market are discussed below:

a. Online Banking Fraud [4]

Convenience is the key reason of why millions of people are opting out of traditional banking for online banking. Banks also enjoy providing the option of online banking because they can save on operating costs. However, during the popularization of online banking, many suffered from fraudulent bank activity. Most market researchers attributed the increase in the number of bank frauds to online banking.

Most internet banking fraud occurs in a two-step process. First, the offender must get their hands on the customer’s account information, like their username and password. Second, the offender will use that information to move his victim’s money to another account or withdraw it to make fraudulent purchases. For the first step, offenders often employ one of the many popular fraud schemes to obtain personal information. These fraud schemes include, but are not limited to:

  • “Over the shoulder looking” scheme: involves the offender observing his potential victim making financial transactions and recording the personal information used in the transaction.
  • “Phishing” scheme: stems from the two words “password” and “fishing.” It entails sending email scams and mail supposedly from the consumer’s bank as a way to obtain the consumer’s personal information, social insurance number, and in this case their online banking username and password.
  • “Trojan Horse” scheme: unfolds when malicious software (malware) embeds to a consumer’s computer without the consumer being aware of it. Trojans often come in links or as attachments from unknown email senders. After installation the software detects when a person accesses online banking sites and records the username and password to transmit to the offender. People using public computers, in places like Internet cafes, are often susceptible to Trojans like malware or spyware. They also are higher at risk of falling victim of identity theft.

b. Credit Card Fraud [5]

Transactions completed with credit cards seem to become more and more popular with the introduction of online shopping and banking. Correspondingly, the number of credit card frauds has also increased with the introduction of newer technology. From embossers to encoders to decoders, credit card counterfeiters are now using the latest technology to read, change, and implant magnetic information on counterfeit credit cards.

Credit fraud can fall into one of five categories:

  • Counterfeit credit card – To make fake cards criminals use the newest technology to “skim” information contained on magnetic stripes of cards and to pass security features such as holograms.
  • Lost or Stolen Cards – Often, cards are stolen from the workplace, gym, and unattended vehicles.
  • No-Card Fraud – happens by giving one’s credit card information on the phone to shady telemarketers and deceptive Internet sites that are promoting the sales of their non-existent goods and services.
  • Non-Receipt Fraud – occurs when new or replaced cards mailed by your card company are stolen during the process of being mailed. However, this type of fraud is on the decline with the card-activation process that most companies use.
  • Identity Theft Fraud – occurs when criminals apply for a card using someone else’ identity and information.

c. Investment Fraud [6]

Investment fraud is any scheme or deception relating to investments that affect a person or company. Investment fraud includes:

  • On-line share market manipulation
  • illegal insider trading
  • Stock market fraud
  • prime bank investment schemes

An illustration of the risks that online service delivery can entail is electronic share trading. The use of computers and e-mail has greatly facilitated the manipulation of share markets during secondary trading of securities. This can occur through the use of rumor, hyperbole, or other forms of misinformation to boost the price of a stock prior to the manipulator’s quick and profitable exit (‘pump and dump’), or by talks down a stock so that he or she may buy in at a bargain price (‘slur and slurp’).

The term “insider trading” can refer to legal or illegal trades. Insider trading is legal when corporate insiders—officers, directors, and key employees—buy and sell shares of their company. Insider trading, however, becomes illegal when corporate insiders violate their company’s confidentiality and secretly share or sell private information to an outsider. The outsider will use the information not available to the public to buy or sell shares of the company to make a decent amount of profit. Illegal insider trading often gets pinpointed as the cause for the higher cost of capital for securities issuers, thus lowering overall economic growth.

Fraudulent manipulation of the stock market occurs mainly when telemarketers or spammers use persuasive techniques to paint pretty pictures of often-unprofitable investments over the phone or through unsolicited emails. Most of these fraudsters add legitimacy to their pitches by referring to investment counselors and using professionally designed brochures to pitch the investment.

Other types of stock market fraud include wash-trading, match-trading, and false prospectus. Wash trading happens when an investor simultaneously buys and sells shares of the same company through two different brokers. Wash trading is done to increase the activity of a stock in hopes of producing the impression that something big is coming. Match trading, is similar to wash trading, but usually a computer is used to pair-up shares of the same value to buy and sell to increase stock activity. At the end of each fiscal year, companies produce a prospectus for prospective buyers summarizing the company’s goals, assets, debts, and financial risks to help buyers decide whether or not they should invest in a company. Sometimes companies produce false prospectus misrepresenting risks or losses to influence potential shareholders to invest.

Prime bank investment scheme is another type of investment fraud. Prime is a generic term used to describe legitimate financial institutions that issue investments. These schemes often claim false affiliations with organizations like the International Chamber of Commerce (ICC) and International Monetary Fund (IMF) to deceive investors. Offenders using this scheme trick prospective investors to believe that they’re participating in an innovative investment program. Offenders might request investors to sign papers agreeing not to disclose their identities, or any of the transactions made through the programs.

d. Insurance Fraud [7]

Insurance fraud is a false claim made for financial gain. Consumers may misrepresent information to collect money that they would otherwise not be entitled to from their insurer. But, insurers can also defraud consumers by denying benefits rightly entitled to their consumers.

Many types of insurance fraud exist from scamming auto insurance to life insurance to property insurance. All types of insurance fraud can be divided into a “hard” or “soft” fraud.

Hard fraud includes someone staging a car accident, injury, arson, loss, break-in, or someone writing false bills to Medicare to illegally receive money from their insurance companies. This type of fraud often receives more media attention and it’s easier to detect. Hard fraud often involves criminal activity and the intention of squeezing millions of dollars out of insurance companies. But, the average person can also be found guilty of hard fraud.

Soft fraud is more difficult to detect. It happens when a person pads their insurance claim by telling “white lies”, such as, they’re feeling too ill to come to work, so they can receive worker’s compensation benefits that they wouldn’t have otherwise.

Worker’s compensation claims is the most frequent and expensive type of soft fraud. It costs insurance companies millions of dollars a year. As a result, insurance premiums are rising. Yet, approximately up to one-third of consumers don’t see anything wrong with employees receiving worker’s compensation benefits even if they are healthy enough to go back to work.

e. Electronic Funds Transfer Crime [8]

All companies and organizations move money electronically. Crime today takes place by manipulating the security systems established to protect electronic funds transfers. These systems are designed to ensure that information cannot be manipulated as it passes over computerized networks and that only authorized users have access to computers.

Most of the large scale electronic funds transfer frauds which have been committed in the past have involved the interception or alteration of electronic data messages transmitted from the computers of financial institutions.

In many cases offenders have worked within financial institutions or corporations themselves and been privy to the operation of the security systems in question.

f. Telemarketing Fraud [9]

Each year, fraudulent telemarketers make billions of dollars by scamming innocent people into buying poor quality products or items which they will only use once. They use convincing sales pitches, make false promises of free prizes, vacations and gifts and get richer by pocketing hundreds of dollars from naïve and trusting customers. Most of the time, these buyers are often the elderly who maybe more friendly and polite towards these cunning con artists. They may fall for their sly ways and their lies and may end up buying more products than what they need and what their budget allows.

In order to differentiate a fraud telemarketing call from a legitimate sales call, it is important to note that scammers always make their offer sound like it’s too good to be true. They will usually urge the prospective victims to act now and refuse to take no for an answer. They will also request the victims to provide their credit card number or bank account number and other personal information and later scam them by stealing hundreds of dollars. The following characterizes a telemarketing scam:

Immediate decision- Most of the time, telemarketing scammers would want the client to make a decision immediately. They may say something like, “The offer will expire soon” or “Do it right now or the offer won’t be good later” or “You are the only person who is eligible for this offer”.
Pressure – Most telemarketers will also take no for an answer and the client may find it very hard to get them off the phone. They will have a lot of answers for your every hesitation or objection.

Credit card number for verification- Scammers will also ask the clients to provide the credit card, bank account and other personal information.

g. Counterfeit Payment Fraud [10]

Today is your lucky day. According to that surprise letter in the mail, you just won a lottery overseas and the best part of all, a cashier’s check is included to verify the claim. Since the check covers taxes and other necessary fees, all you’re required to do is send in a processing fee of $50 to validate the check. Once the lottery service receives the payment, you get to access to your winnings.

But wait – there’s a catch! The prize winning lottery was a just a scam. What appeared to be a legitimate cashier’s check was actually a phony.  These are the key components of counterfeit check fraud. The lottery angle is simply a ploy to convince the victims to deposit the fake check and wire their money to the fraudulent company. The bank soon learns that the check was counterfeit and the processing fee can’t be retrieved because there is no way of tracing the perpetrator.

Some of these checks appear so legitimate that several bank tellers have reported being tricked. The con artists behind these scams use high-quality scanners and printers to create the fraudulent checks, often adding watermarks to give a sense of authenticity. These checks are typically printed with the names and addresses of reputable financial institutions, easily fooling unsuspecting victims. Even if the bank, account number and routing number are real, there is still a good possibility that the check is fake.

Counterfeit checks are being increasingly used in a number of fraudulent scams including those involving foreign lotteries, advanced-fee loans, online auctions and secret shopper kits.

Advanced-fee scams: In this scenario, a con artist or fraudulent organization targets individuals actively seeking loans. After sending in a hefty registration fee, the victim is sent a counterfeit check which purports as the actual loan. When attempting to cash the check, the victim learns that they’ve been scammed with no way to recover the registration fee.

In the Philippines, the Anti-Money Laundering Council (AMLC) has informed Bangko Sentral ng Pilipinas (BSP) of the updated variation of the advance fee fraud or Nigerian scam perpetrated through the internet. The modus operandi involves an individual who allegedly received some assets/funds from a deceased relative amounting to US$2 million and the funds are deposited in a financial institution. (The nationality of the individual, the amount of funds, the name and location of the financial institution may vary.) The release of the funds is conditioned upon the payment of taxes (approximately US$100,000) to the government where the financial institution is located. The individual will then email a local bank employee enticing him/her to extend a loan to the individual with a promise to give the bank employee a certain amount, usually around US$350,000.00. [11]

Online auctions: This type of fraud involves a perpetrator who responds to a posting on an auction site and offers to purchase the item with a check. In this instance, the scammer convinces the seller on why the check should be written for more than the actual purchase, convincing the seller to wire the remaining difference after depositing the money. After complying, the counterfeit check bounces and more than likely, the seller is left to pay the full amount to their bank.

Secret Shoppers: In this scam, a consumer is hired by a fraudulent company as a secret shopper. Typically, they are asked to test the efficiency of a particular money transfer service in which they are instructed to deposit a check into their bank account and withdraw the full amount in cash. From there the mystery shopper is instructed to use the money transfer service again to forward the funds to a specific location. The last part consists of evaluating the overall experience. Unfortunately, no one reads or cares about the evaluation, and the check – you guessed it – counterfeit.

h. Accounting Fraud [12]

Accounting scandals, or corporate accounting scandals, are political and business scandals which arise with the disclosure of misdeeds by trusted executives of large public corporations. Such misdeeds typically involve complex methods for misusing or misdirecting funds, overstating revenues, understating expenses, overstating the value of corporate assets or underreporting the existence of liabilities, sometimes with the cooperation of officials in other corporations or affiliates.

Unfortunately, scandals are often only the ‘tip of the iceberg’. They represent the visible catastrophic failures. Note that much abuse can be completely legal or quasi legal. For example, in the domain of privatization and takeovers, it is fairly easy for a top executive to reduce the price of his/her company’s stock – due to information asymmetry. The executive can accelerate accounting of expected expenses, delay accounting of expected revenue, engage in off balance sheet transactions to make the company’s profitability appear temporarily poorer, or simply promote and report severely conservative (eg. pessimistic) estimates of future earnings. Such seemingly adverse earnings news will be likely to (at least temporarily) reduce share price. (This is again due to information asymmetries since it is more common for top executives to do everything they can to window dress their company’s earnings forecasts). There are typically very few legal risks to being ‘too conservative’ in one’s accounting and earnings estimates.

A reduced share price makes a company an easier takeover target. When the company gets bought out (or taken private) – at a dramatically lower price – the takeover artist gains a windfall from the former top executive’s actions to surreptitiously reduce share price. This can represent tens of billions of dollars (questionably) transferred from previous shareholders to the takeover artist. The former top executive is then rewarded with a golden handshake for presiding over the firesale that can sometimes be in the hundreds of millions of dollars for one or two years of work. (This is nevertheless an excellent bargain for the takeover artist, who will tend to benefit from developing a reputation of being very generous to parting top executives).

Similar issues occur when a publicly held asset or non-profit organization undergoes privatization. Top executives often reap tremendous monetary benefits when a government owned or non-profit entity is sold to private hands. Just as in the example above, they can facilitate this process by making the entity appear to be in financial crisis – this reduces the sale price (to the profit of the purchaser), and makes non-profits and governments more likely to sell. Ironically, it can also contribute to a public perception that private entities are more efficiently run reinforcing the political will to sell off public assets. Again, due to asymmetric information, policy makers and the general public see a government owned firm that was a financial ‘disaster’ – miraculously turned around by the private sector (and typically resold) within a few years.

Among the most controversial financial accounting scandals of all time include Enron, WorldCom, AIG, Bernard L. Madoff Investment Securities LLC, among others.

III. A Critical Look at the Existing Laws and Relevant Rules and Regulations to Curtail the Perpetuation of Electronic Fraud in the Financial Market: Sufficient or Not?

The magnitude of online banking fraud losses in UK amounted to £39.0 million during the six months January to June 2009 – a 55% rise on the 2008 figure. The increase is largely due to criminals employing more sophisticated methods to target online banking customers through malware scams – which target vulnerabilities in customers’ PCs – rather than the banks’ own systems which have proved more difficult for the fraudsters to attack. There were also more than 26,000 phishing incidents during January to June 2009 – a 26% increase on the amount seen in the same period last year. [13]

Statistics show the price of credit card fraud is high – forcing cardholders and credit card issuers as much as $500 million a year.

On the other hand, the Federal Bureau of Investigation (FBI) estimates that one million PCs in America are being compromised in the conduct of fraud. Although, analysts note that the use of Trojan schemes has jumped in the recent years, phishing remains the most popular scheme. According to study, 1.8 million Americans responded to phising emails with their personal information.

With the rising incidents of electronic fraud, both in the local and global perspective, it becomes imperative to assess whether or not the existing laws and statutes enacted by the legislative bodies, as well as the relevant rules and regulations implemented by the regulatory bodies are adequate to address the proliferation of fraud, specifically in the financial markets.

Shown and discussed below are analyses and results of research by the author of how laws and relevant rules and regulations have emerged as the technology applied in business developed thru the years.

Philippine Setting

At first, the only law which was related to electronic devices and transactions in the Philippines was Republic Act (RA) No. 8424 –Otherwise Known as Access Devises Regulation Act. But there came the I Love You virus in Year 2000.

ILOVEYOU or LOVELETTER is a computer worm that successfully attacked tens of millions of Windows computers in 2000 when it was sent as an attachment to an email message with the text “ILOVEYOU” in the subject line. The worm arrived in email inboxes on and after May 5, 2000 with the simple subject of “ILOVEYOU” and an attachment “LOVE-LETTER-FOR-YOU.TXT.vbs”. The final ‘vbs’ extension was hidden by default, leading unsuspecting users to think it was a mere text file. Upon opening the attachment, the worm sent a copy of itself to everyone in the Windows Address Book and with the user’s sender address. It also made a number of malicious changes to the user’s system. The worm began in the Philippines on 5 May 2000 and spread across the world in one day, moving inexorably on to Hong Kong and then to Europe and the US, causing an estimated $5.5 billion in damage. By 13 May 2000, 50 million infections had been reported. Most of the damage cited was the labour of getting rid of the worm. The Pentagon, CIA, and the British Parliament had to shut down their mail systems to get rid of it, as did most large corporations. On May 5, 2000, two young Filipino computer programming students named Reomel Ramones and Onel de Guzman, became the target of a criminal investigation by the Philippines’ National Bureau of Investigation (NBI) agents. Mr. Ramones was subsequently arrested and placed on inquest investigation before the Department of Justice (DOJ). Mr. De Guzman was likewise arrested in Manila. At that point, the NBI was at a loss as to what felony or crime to charge the two with in court. There were some agents who theorized that they may be charged with violation of Republic Act No. 8484 or the Access Device Regulation Act, a law designed mainly to penalize credit card fraud. The reason supposedly being that both used, if not stole, pre-paid Internet cards which enabled them to use several ISPs. Another school of thought within the NBI opined that Ramones and de Guzman could be charged with malicious mischief, a felony involving damage to property under the Philippines’ Revised Penal Code, which was enacted in 1932. However, the problem with malicious mischief is that one of its elements, aside from damage to property, was intent to damage. Since there were no laws in the Philippines against writing malware at the time, both Ramones and de Guzman were released, with all charges dropped by state prosecutors. To address this legislative deficiency the Philippine Congress enacted Republic Act No. 8792, otherwise known as the E-Commerce Law, in July 2000, just three months after the worm outbreak. [14]

At present, the Philippines has adopted and/or implemented the following laws pertinent to electronic transactions which shall be analyzed and related to the afore-discussed electronic fraud in Part II hereof:

  1. Republic Act (RA) No. 8424 – An Act Regulating the Issuance and Use of Access Devices, Prohibiting Fraudulent Acts Committed Relative Thereto, Providing Penalties and for other Purposes, Otherwise Known as Access Devises Regulation Act;
  2. RA No. 8792 – An Act Providing for the Recognition and Use of Electronic Commercial and Non-Commercial Transactions and Documents, Penalties for Unlawful Use Thereof and for other Purposes, Otherwise Known as The Philippine E-Commerce Law; and pertinent Implementing Rules and Regulations;
  3. A.M. No. 01-7-01-SC Re: Rules on Electronic Evidence
  4. BSP Circular No. 200, Series of 2000 – Electronic Banking Services in the Philippines
  5. BSP Circular No. 542, Series of 2006 – Consumer Protection for Electronic Banking
  6. RA No. 8799 – The Securities Regulation Code

RA No. 8424 –Access Devises Regulation Act

This statute was enacted in 1998 taking cognizance of the recent advances in technology and the widespread use of access devices in commercial transactions and to protect the rights and define the liabilities of parties in such commercial transactions by regulating the issuance and use of access devices. [15]

RA No. 8424 defined an access device “any card, plate, code, account number, electronic serial number, personal identification number, or other telecommunications service, equipment, or instrumental identifier, or other means of account access that can be used to obtain money, good, services, or any other thing of value or to initiate a transfer of funds (other than a transfer originated solely by paper instrument).

The law likewise provides when an access device shall be considered as counterfeit, unauthorized and fraudulently applied for. It focuses on the prescribed procedures in the credit card application and solicitation, the disclosure requirements prior to renewal, as well as prohibited acts and corresponding penalties therefor.

Section 9 of RA No. 8424 provides for that the following acts shall constitute access device fraud and are declared to be unlawful:

(a) producing, using, trafficking in one or more counterfeit access devices;

(b) trafficking in one or more unauthorized access devices or access devices fraudulently applied for;

(c) using, with intent to defraud, an unauthorized access device;

) using an access device fraudulently applied for;

(e) possessing one or more counterfeit access devices or access devices fraudulently applied for;

) producing, trafficking in, having control or custody of, or possessing device-making or altering equipment without being in the business or employment, which lawfully deals with the manufacture, issuance, or distribution of such equipment;

(g) inducing, enticing, permitting or in any manner allowing another, for consideration or otherwise to produce, use, traffic in counterfeit access devices, unauthorized access devices or access devices fraudulently applied for;

(h) multiple imprinting on more than one transaction record, sales slip or similar document, thereby making it appear that the device holder has entered into a transaction other than those which said device holder had lawfully contracted for, or submitting, without being an affiliated merchant, an order to collect from the issuer of the access device, such extra sales slip through an affiliated merchant who connives therewith, or, under false pretenses of being an affiliated merchant, present for collection such sales slips, and similar documents;

(i) disclosing any information imprinted on the access device, such as, but not limited to, the account number or name or address of the device holder, without the latter’s authority or permission;

(j) obtaining money or anything of value through the use of an access device, with intent to defraud or with intent to gain and fleeing thereafter;

(k) having in one’s possession, without authority from the owner of the access device or the access device company, an access device, or any material, such as slips, carbon paper, or any other medium, on which the access device is written, printed, embossed, or otherwise indicated;

(l) writing or causing to be written on sales slips, approval numbers from the issuer of the access device of the fact of approval, where in fact no such approval was given, or where, if given, what is written is deliberately different from the approval actually given;

(m) making any alteration, without the access device holder’s authority, of any amount or other information written on the sales slip;

(n) effecting transaction, with one or more access devices issued to another person or persons, to receive payment or any other thing of value;

(o) without the authorization of the issuer of the access device, soliciting a person for the purpose of offering an access device; or selling information regarding or an application to obtain an access device; or

(p) without the authorization of the credit card system member or its agent, causing or arranging for another person to present to the member or its agent, for payment, one or more evidence or records of transactions made by credit card.

In addition to the afore-listed offenses, RA No. 8424 also covers conspiracy to commit access device fraud, frustrated and attempted access device fraud and accessory to access device fraud.

As shown above, while RA No. 8424 may have covered several offenses involving access device fraud, however, it may be emphasized that it did not cover nor touch on fraudulent access through the use of electronic means. With the sophistication of the cybercrime and other electronic fraud that are being committed nowadays, there needs to be a law to regulate and punish such crimes.

RA No. 8792 – The Philippine E-Commerce Law

The Philippine E-Commerce Law was enacted primarily to “facilitate domestic and international dealings, transactions, arrangements, agreements, contracts and exchanges and storage of information through the utilization of electronic, optical and similar medium, mode, instrumentality and technology to recognize the authenticity and reliability of electronic documents related to such activities and to promote the universal use of electronic transaction in the government and general public.” [16] This law applies to any kind of data message and electronic document used in the context of commercial and non-commercial activities to include domestic and international dealings, transactions, arrangements, agreements, contracts and exchanges and storage of information.

Review of the full text of the afore-said law disclosed that it merely covers the legal recognition of electronic data messages and electronic documents, its admissibility and evidentiary weight; communication of the same; electronic commerce on carriage of goods as well as electronic transactions in the government. It doesn’t touch on any electronic fraud, but merely provides for penalties with respect to hacking and cracking and introduction of viruses, to wit:

SEC. 33. Penalties. – The following Acts shall be penalized by fine and/or imprisonment, as follows:

(a) Hacking or cracking which refers to unauthorized access into or interference in a computer system/server or information and communication system; or any access in order to corrupt, alter, steal, or destroy using a computer or other similar information and communication devices, without the knowledge and consent of the owner of the computer or information and communications system, including the introduction of computer viruses and the like, resulting in the corruption, destruction, alteration, theft or loss of electronic data messages or electronic document shall be punished by a minimum fine of one hundred thousand pesos (P100,000.00) and a maximum commensurate to the damage incurred and a mandatory imprisonment of six (6) months to three (3) years;
x x x x x x x x x x x x x x

Rules on Electronic Evidence

In consonance with the promulgation of the Philippine E-commerce Law of 2000, the Rules on Electronic Evidence was approved by the Supreme Court in 2001, which shall apply whenever an electronic data message is offered or used in evidence. 

Corollary to the observation noted in E-commerce Law, this Rule merely focuses on the admissibility and evidentiary weight of electronic evidence.

BSP Circulars

a) BSP Circular No. 200, Series of 2000 – Electronic Banking Services in the Philippines

This BSP Circular defines electronic banking as “systems that enable bank customers to avail themselves of the bank’s products and services through a personal computer (using direct modem dial-in, internet access, or both) or a mobile/non-mobile phone.” The Circular provides for the guidelines on the provision of electronic banking services which includes the following:

  1. Prior approval from the BSP after proving that they have in place a risk management process that is adequate to assess, control and monitor any risks arising from the proposed electronic banking activities;
  2. A description or diagram of the configuration of the bank’s electronic banking system and its capabilities; and
  3. A security policies and procedures manual containing (i) a description of the bank’s security organization; (ii) definition of responsibilities for designing, implementing, and monitoring information security measures; and (iii) established procedures for evaluating policy compliance, enforcing disciplinary measures and reporting security violations. [17]

b) BSP Circular No. 542, Series of 2006 – Consumer Protection for Electronic Banking

This Circular governs the implementation of e-banking activities of the bank for purposes of compliance with the requirements to safeguard customer information; prevention of money laundering and terrorist financing; reduction of fraud and theft of sensitive customer information; and promotion of legal enforceability of banks’ electronic agreements and transactions. It covers the following concerns:

  1. E-banking oversight function which devolves upon the Bank’s Board of Directors and senior management;
  2. E-banking risk management and internal control which includes information security program, information security measures, authentication, account origination and customer verification, and monitoring and reporting of e-banking transactions;
  3. Consumer awareness program;
  4. Disclosure and business availability which requires the banks to provide their customers with a level of comfort regarding information disclosures or transparencies, protection of customer data and business availability that they can expect when using traditional banking services and to apply to e-banking financial transactions and disclosures the record retention provisions required in paper-based transactions; and
  5. Complaint resolution. [18]

It may be noted that the afore-cited BSP Circulars focused on the risks and risk management techniques associated with an electronic delivery channel to protect customers and the general public. As stated in the latter circular, “that not all of the consumer protection issues that have arisen in connection with new technologies are specifically addressed in this circular. Additional issuances may be issued in the future to address other aspects of consumer protection as the financial service environment through electronic banking evolves.”

RA No. 8799 – The Securities Regulation Code

As discussed in Part II hereof, several electronic fraudulent schemes are being employed in the stock market which include, but are not limited to:

  • online share market manipulation
  • illegal insider trading
  • Stock market fraud
  • prime bank investment schemes

RA No. 8799 regulates the stock market and provides for Prohibitions on Fraud, Manipulation and Insider Trading as contained in Sections 24 to 27 thereof:

Section 24. Manipulation of Security Prices. It shall be unlawful for any person acting for himself or through a dealer or broker, directly or indirectly:

a) To create a false or misleading appearance of active trading in any listed security traded in an Exchange or any other trading market;

b) To effect, alone or with others, a series of transactions in securities that raises or depresses their price to induce the purchase of a security, whether of the same or a different class of the same issuer or of a controlling, controlled, or commonly controlled company by others or that creates active trading to induce such a purchase or sale through manipulative devices such as marking the close, painting the tape, squeezing the float, hype and dump, boiler room operations and such other similar devices;

c) To circulate or disseminate information that the price of any security listed in an Exchange will or is likely to rise or fall because of manipulative market operations of any one or more persons conducted for the purpose of raising or depressing the price of the security for the purpose of inducing the purchase or sale of such security.

d) To make false or misleading statement with respect to any material fact, which he knew or had reasonable ground to believe was so false or misleading, for the purpose of inducing the purchase or sale of any security listed or traded in an Exchange.

e) To effect, either alone or others, any series of transactions for the purchase and/or sale of any security traded in an Exchange for the purpose of pegging, fixing or stabilizing the price of such security, unless otherwise allowed by this Code or by rules of the Commission.

Section 26. Fraudulent Transactions. – It shall be unlawful for any person, directly or indirectly, in connection with the purchase or sale of any securities to:

a) Employ any device, scheme, or artifice to defraud;

b) Obtain money or property by means of any untrue statement of a material fact of any omission to state a material fact necessary in order to make the statements made, in the light of the circumstances under which they were made, not misleading; or

c) Engage in any act, transaction, practice or course of business which operates or would operate as a fraud or deceit upon any person.

Section 27. Insider’s Duty to Disclose When Trading. -It shall be unlawful for an insider to sell or buy a security of the issuer, while in possession of material information with respect to the issuer or the security that is not generally available to the public, unless: (a) The insider proves that the information was not gained from such relationship; or (b) If the other party selling to or buying from the insider (or his agent) is identified, the insider proves: (i) that he disclosed the information to the other party, or (ii) that he had reason to believe that the other party otherwise is also in possession of the information. 

Careful study of The Securities Regulation Code revealed that the current law adequately defines the fraudulent acts that may be committed in relation to stock trading. However, new circulars may be issued from time to time in view of the emerging schemes brought about by the evolving technology.

Given the afore-discussed laws, is the Philippines now ready for another Love Virus? Are these statutes sufficient to protect the interests of all stakeholders with respect to fraudulent transactions?

Global Setting

The list of electronic fraud seems endless. Indeed, as technology becomes more sophisticated and accessible, so too do methods of corrupting them.

Several international and supranational organizations have recognized the inherently trans-border nature of electronic fraud, the ensuing limitations of unilateral approaches and the need for international harmonization of technical, legal and other solutions. The entities involved in this field are the Organization for Economic Cooperation and Development (OECD), the Council of Europe, the European Union, the P8 and the Interpol. In addition, the UN, WIPO and GATS have also played an important role. These international and supranational organizations have significantly contributed to the harmonization of criminal law as well as of underlying civil and administrative law in all of the abovementioned areas of computer-related criminal law reform.

The first comprehensive inquiry into the penal law problems of computer related crimes on international level was initiated by the OECD. In 1983, a group of experts recommended that the OECD take the invitation in trying to achieve the harmonization of European computer crime legislation. Thus, the OECD carried out from 1983 to 1985, a study of the possibility of an international harmonization of criminal laws to address computer related crimes. The study resulted in a 1986 report, Computer Related Crime: Analysis of Legal Policy which surveyed existing laws and proposals for reform and recommended a minimum list of abuses that countries should consider penalizing by criminal law.

In 1995, the U.N published the United Nations Manual on the Prevention and Control of Computer Related Crime which studied the phenomenon of computer-related crimes, substantive criminal law protecting privacy, procedural law, and the needs and avenues for international cooperation. Some years later, the Council of Europe’s Committee of Experts on Crime in Cyber- Space prepared a Draft Convention on Cybercrime. The final version was submitted to the European Committee on Crime Problems in June 2001. Parties to the Convention agreed to adopt such legislative and other measures as may be necessary to establish’ certain activities of cybercrimes under their ‘domestic law’ which include (1) Offenses against the confidentiality, integrity and availability of computer data and systems; (2) Computer-related offenses; (3) Child pornography; (4) Offenses related to infringements of copyright and related rights; (5) provisions governing the imposition of aiding and abetting and corporate liability. [19]

With the emergence of new technologies which significantly impacts the world’s commerce by creating a borderless economy, the legislators around the world see the importance of enacting laws that would define the rights, impose liabilities and/or define or punish crimes pertinent to e-commerce. Based on the Internet and E-Commerce Law Portal (www.ibls.com/ibls-internet-law.aspx), there are about two thousand nine-hundred seventy-five (2,975) laws enacted around the globe with respect to internet and e-commerce alone. A lot of countries have already enacted their own cybercrime laws, which include the offenses involving electronic fraud.

With the number of laws enacted it would seem that there are already enough laws to address the various issues and concerns brought about by the new and novel technologies. But, the big question is, are they really sufficient?

IV. Conclusions and Recommendations

In the global perspective, the national efforts and those of the international organizations have reinforced each other, achieving a nearly global attention to the problem of electronic fraud. National efforts to fight electronic fraud tend to be of different levels in sophistication and priority, but such efforts are present in some major countries as shown by the presence of relevant laws, rules and regulations. Many of them are developing specialized police capabilities through equipment training and laws. International and supranational organizations have significantly contributed to the harmonization of criminal laws as well as of underlying civil law in all of the areas of computer related criminal law reform.

In the local perspective, there has yet to be enacted a cybercrime law. In other words, the current enacted laws are not sufficient to address the threats and risks brought/posed about by the cyber fraud, especially those committed and perpetuated in the financial market. Undoubtedly, the Philippines is one of those countries regularly being subjected to cyber-infiltration. Unless the pending cybercrime bills are consolidated and enacted, the country will not be prepared to withstand cyber attacks and other cybercrimes.

There are three pending bills in the Senate of the Philippines at present, as enumerated below:

  1. Senate Bill No. (SBN) -3553: Cybercrime Prevention Act of 2009, “An Act Defining Cybercrime, Providing for the Prevention, Investigation and Imposition of Penalties Therefor and for Other Purposes,” which was filed on December 7, 2009 by Senators Jinggoy Ejercito Estrada, Loren Legarda, Miriam Defensor Santiago, Manuel Villar Jr., Manuel Roxas 2nd, Antonio Trillanes IV, Juan Ponce Enrile, Lito Lapid, Francis Escudero and Edgardo Angara;
  2. SBN-3213: Cybercrime Prevention Act of 2009, “An Act Defining Cybercrime, Providing for Prevention, Suppression and Imposition of Penalties Therefor and for Other Purposes,” filed on May 6, 2009 by Sen. Trillanes; and
  3. SBN-3177: Cybercrime Prevention Act of 2009, “An Act Defining Cybercrime, Providing for the Prevention, Suppression and Imposition of Penalties Therefor and for Other Purposes” filed on April 21, 2009 by Sen. Juan Ponce Enrile.

Therefore, the Congress is urged to expedite the passage of the Philippines Cybercrime Law which should include all possible offenses involving technology.

However, it is timely to emphasize that one of the major problem in passing or enacting, enforcing or implementing, and interpreting or constructing a cybercrime law is the lack of technical knowledge on the part of the legislators and other officials charged with these duties. And this is a fact observable in all jurisdictions. Legislators, in most cases, don’t have a real understanding of the technical issues and what is or what is not desirable- or even possible- to legislate. Police investigators are becoming more technically savvy, but in many small jurisdictions, no one in the department knows how to recover critical digital evidence. Judges, too, often have a lack of technical expertise that makes it difficult for them to do what courts do: interpret the laws. The fact that many computer crime laws use vague language exacerbates the problem. It is therefore recommended that there should be a continuing education and awareness programs aimed everyone, especially those involved in the fight against cybercrime.


Endnotes

[1] Graycar, Adam and Smith, Russel. Identifying and Responding to Electronic Fraud Risks. http://www.popcenter.org/problems/credit_card_fraud/PDFs/Graycar&Smith.pdf. Accessed 25 January 2010.

[2] Computer Crime. Wikipedia, the free encyclopedia. http://en.wikipedia.org/wiki/Computer_crime. Accessed 08 April 2010.

[3] A Guide to Computer Crime. http://legal.practitioner.com/computer-crime/computercrime_2_1.htm. Accessed 08 April 2010.

[4] Internet Banking Fraud: Why is On-line Banking so Popular? http://www.spamlaws.com/onlinebanking-fraud.html. Accessed 08 April 2010.

[5] Credit Card Fraud Statistics and Facts. http://www.spamlaws.com/credit-fraud-stats.html. Accessed 08 April 2010.

[6] What is Investment Fraud. http://www.spamlaws.com/investment-fraud.html. Accessed 08 April 2010.

[7] Overview of Insurance Fraud. http://www.spamlaws.com/overview-fraud.html. Accessed 08 April 2010.

[8] Graycar, Adam and Smith, Russel. Identifying and Responding to Electronic Fraud Risks. http://www.popcenter.org/problems/credit_card_fraud/PDFs/Graycar&Smith.pdf Accessed 25 January 2010.

[9] Characteristics of Telemarketing Fraud Schemes. http://www.spamlaws.com/telemarketingfraud.html. Accessed 25 January 2010.

[10] What is Counterfeit Payment Fraud. http://www.spamlaws.com/counterfeit-payments-fraud.html. Accessed 25 January 2010.

[11] Circular Letter No. CL-2007-049. Subject: Internet Scam/Advance Fee Fraud. http://www.bsp.gov.ph/ regulations/ regulations.asp. Accessed 10 April 2010.

[12] Accounting Scandals. Wikipedia, the free encyclopedia. http://en.wikipedia.org/wiki/accounting scandals. Accessed 26 January 2010.

[13] Financial Fraud Action UK announces latest fraud figures. http://www.banksafeonline.org.uk/documents/ 2009H1FraudPressRelease.pdf. Accessed 10 April 2010.

[14] I Love You. Wikipedia, the free encyclodia. http://en.wikipedia.org/wiki/ILOVEYOU. Accessed 11 April 2010.

[15] Section 2. Republic Act No. 8424 – An Act Regulating the Issuance and Use of Access Devices, Prohibiting Fraudulent Acts Committed Relative Thereto, Providing Penalties and for other Purposes, Otherwise Known as Access Devises Regulation Act

[16] Section 3. Republic Act No. 8792 An Act Providing for the Recognition and Use of Electronic Commercial and Non-Commercial Transactions and Documents, Penalties for Unlawful Use Thereof and for other Purposes, Otherwise Known as The Philippine E-Commerce Law

[17] BSP Circular No. 200, Series of 2000 – Electronic Banking Services in the Philippines

[18] BSP Circular No. 542, Series of 2006 – Consumer Protection for Electronic Banking

[19] CHAWKI, Mohamed. A Critical Look at the Regulation of Cybercrime : A Comparative Analysis with Suggestions for Legal Policy. http:www.droit-tic.com. Accessed 29 March 2010.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: