Published 7 June 2021, The Daily Tribune

Online banking has become an integral part of our daily lives. We are able to make purchases such food, clothes, gadgets and even pay our bills by accessing our bank accounts though our smartphones.  

The convenience of online banking saves us much time and protects us by obviating the need to physically queue up in front of automated teller machines and counters. But this comfort also presents vulnerability in the hands of hackers who take advantage of technology to gain access to our personal bank accounts.

While online banking is convenient, it presents a single vulnerable point that hackers can expose for their scrupulous ends. Pass codes can be hacked if the owner is not alert enough to put extra security features to protect his or her account.

Because of the emerging cases of unauthorized access on personal bank accounts or any accounts without any permission of the actual owner, Republic Act (RA) 8484, otherwise known as “Access Devices Regulation Act of 1998,” as amended by Republic Act 11449 in 2019, was passed to protect people against this unlawful access.

The law recognizes the recent advances in technology and the widespread use of access devices in commercial transactions, hence seeks to protect the rights and define the liabilities of parties in such commercial transactions by regulating the issuance and use of access devices.

By acknowledging that access devices have been exploited by criminals and criminal syndicates in perpetrating fraudulent activities that ultimately undermine the trust of the public in the banking industry, the law classifies the commission of a crime using access devices as a form of economic sabotage and a heinous crime and shall be punishable to the maximum level allowed by law.

Section 9 (s) of Republic Act 8484, as amended by RA 11449, makes it illegal to access, with or without authority, any application, online banking account, credit card account, ATM account, debit card account, in a fraudulent manner, regardless of whether or not it will result in monetary loss to the account holder.

Clearly, the act of accessing another’s online banking account through fraudulent means constitutes as access device fraud and is unlawful. Under Section 10 (d) of said law, the fraudulent act is punishable by imprisonment for not less than six years and not more than 10 years and a fine of P500,000.00 or twice the value obtained by the offender, whichever is higher, without prejudice to the civil liability of the offender.

In relation to hacking of a system as well as skimming of at least 50 debit or credit cards, and bank accounts, these are punishable by a term of life imprisonment and fines ranging from P1 million to P5 million. In addition, possession of at least 10 counterfeit devices and the successful illegal access of an account is punishable with imprisonment ranging from 12 to 20 years and a fine of at least P500,000.

We are all responsible for our own digital and financial well-being.

Never allow your card to leave your sight, double check digital devices before swiping or inserting your card, create strong passwords and PINS ideally different per account or card, and always report to your bank any suspicious activity observed. Skimmers and hackers are inventive, but by practicing vigilance and proper cyber hygiene to avoid information and password theft, we can stop them at their tracks and protect our accounts.

For comments and questions, please send an email to