18 U.S.C. 1029 Fraud and Related Activity in Connection with Access Devices Introduction
Credit card fraud, identity theft, online gambling, and phishing are just some of the criminal activities that involve the use of access devices such as credit cards, computers or networks. These individual criminal activities are termed as cybercrime as they involve the use of credit cards, computer, internet, and other access devices. Cybercrime is also associated with piracy, or producing, using, or selling counterfeit or unauthorized access devices.
The US Code Title 18, 1029, Fraud and related activity in connection with access devices, is the federal criminal code that defines criminal offences and legal sanctions regarding the production, use and traffic of counterfeit or unauthorized access devices. Also known as the Access Device Fraud Act, it identifies the different actions by individuals who knowingly and with intention to defraud produces, uses or traffics access device which is either a counterfeit or without duly signed permission and all other fraud activities that are in part or whole related to misuse and fraudulent use of access devices. This includes majority of the forms of cyber crimes such as credit card fraud, identity theft, and others.
Access Device Fraud
According to Iannacci, many cyber criminals believe that credit card fraud, or access device fraud, is the first choice when talking about financial crime, i.e. filing fraudulent applications, taking over legitimate accounts. This is so because credit cards and other access devices is becoming more and more powerful as a result of the hastened growth in information technology. Numerous business transactions, particularly with web-based retailers such as eBay and Amazon, are now done through the use of credit cards. This makes it and other access devices interesting to the organized crime market.
Credit card fraud is a form of access device fraud wherein the fraudster is somewhat “tricking” a merchant to provide his merchandise or render service in such a way that a stolen card information is used. This means that fraudsters are making purchases using other people’s credit card information. In this way, the victim can be either the merchant or the owner of the account or possibly both. According to Iannacci, half of the credit card fraud today is conducted through the internet. Figure 1 shows the loss due to credit card fraud from 1996 to 2002. It shows the increasing trend of volume loss caused by fraudulent credit card transactions. Figure 1. Transaction volume loss to credit card fraud (in US$ Millions) as presented to FCA 240 at Seneca March 2003.
In order to start a fraudulent transaction, cyber criminals steal access information (i.e. account numbers, identification numbers, electronic serial number) and use this information to run access device fraud. This is termed identity theft which is also a major setback in financial security. In United States alone, more than 100,000 identities are stolen every year and the numbers are still rising. Figure 2 shows the resulting trend of abuses of stolen identities.
Figure 2. Resulting abuses of stolen identities as presented to FCA 240 at Seneca March 2003.
Credit card fraud and identity theft are the two most common and most popular attacks in the e-commerce industry. These two have caused the loss of millions of dollars to the hands of cyber criminals. Credit card fraud and identity theft are forms of Access Device Fraud which are unethical in the sense that it causes harm to the victims especially the breach of private information that possibly damages his life.
The Access Device Fraud Act
In response to the increasing cyber criminal attacks, the government has enacted several anti-cybercrime laws. One of these laws was the US Code Title 18, 1029: Fraud and Related Activity in Connection with Access Devices, which is commonly known as the Access Device Fraud Act (ADFA). This law is applicable to all forms of Access Device Fraud.
The ADFA identified several access device offenses which basically constitute the Access Device Fraud. These offenses are known and are intended to initiate a fraudulent transaction and therefore punishable by law. Some of it are the following: (Iannacci) production, use, or trade of counterfeit access device; (ii) possession of at least 15 unauthorized (i.e. stolen, lost, expired, canceled ) access devices; (iii) using, producing, trafficking, or owning any instrument that alters telecommunications services; (iv) unauthorized use of a credit card system member. All of these offenses are listed in subsection (a) of § 1029.
The penalties for any criminal found guilty of the offenses written above is either in the form of payment (fine) which was not stated in the reference or 10 to 15 years of imprisonment. If the criminal had an offense after the conviction, he shall be sentenced an equivalent fine or imprisonment of at most 20 years. In subsection (c)(C), anyone found guilty of the offenses written in subsection (a) of the ADFA is sanctioned with forfeiture of personal property that is related to the offense.
Other Applicable Laws
The growth and development of information technology has extended the bounds of cybercrime. In regards to this, the United States has enacted several laws which apply to existing forms of cybercrime (i.e. computer fraud, breach of information, pornography, securities fraud, online gambling, cyberstalking). These laws prohibit such criminal activity which uses computers and other access devices.
The Computer Fraud and Abuse Act (USC 18, 1030) entitled ‘Fraud and related activity in connection with computers’ is the act that focuses on information security. Under this law, anyone who intentionally access a protected computer without any authorization is subject to investigation by the US Government and equivalent charges shall apply. Another law is the Can-Spam Act (U.S.C. 18, 1037) which deals with “Fraud and related activity in connection with electronic mail.” Under this law, anyone who uses a protected computer and sends unsolicited (or unwanted) electronic mail messages and with the intention to mislead or falsify a registrant or email user is subject to investigation.
Other laws include Extortion and Threats (USC 18,875) applicable to interstate communications, Wire Fraud (USC 18,1343) applicable to fraudulent wire, radio or television deeds, DMCA (USC 17,1201) applicable to copyright protection systems, Trade Secrets Act (USC 18, 1832) applicable to theft of trade secrets, and the Economic Espionage Act (USC 18, 1831) applicable to economic espionage.
Computer Laws by State: Mississippi
The Mississippi Computer Crime Law (Section 97-45-1, Section 97-45-2, Section 97-45-3, Section 97-45-4, Section 97-45-5, Section 97-45-6, and Section 97-45-7) is the anti-computer fraud, anti-hacking, anti-equipment damage law in Mississippi State. It was ratified on July 1, 1985. Section 97-45-3 talks about the computer fraud offenses and penalties. Under this section, anyone is guilty for an offense if he accesses a computer with the intention to defraud and is punishable by a fine of at most $10,000 or a 5-year imprisonment or both. Section 97-45-5 talks about the offenses and penalties against computer users. Under this section, anyone is guilty of an offense if the user has (Iannacci) unauthorized use of a computer system, network or service and (ii) unauthorized disclosure of passwords, numbers, codes, or other personal identification systems used in a protected computer system, network, or service. The penalties of an offense under this section is either a fine of at most $1,000 and might increase to $10,000 under circumstances or six months imprisonment and might as well increase to 5 years under prescribed circumstances or both the fine and imprisonment. Section 97-45-7 talks about the offense against computer equipment and the equivalent penalties. Offense includes unauthorized destruction, insertion or modification, as well as disclosure, use, copying, taking or accessing of intellectual property. The punishments include a fine ($1,000 or possibly increases under prescribed circumstances to $10,000) or imprisonment (6 months or possibly increases to 5 years under prescribed circumstances).
References ("1029. Fraud and related activity in connection with access devices"; Coggeshall, 2007; , "Criminal DefenseCREDIT CARD FRAUD"; Iannacci; , "Mississippi Computer Crimes Law"; , "SEC. 97-45-3. Computer fraud; penalties"; , "Section 236. Fraud and related activity in connection with access devices, etc.")
1029. Fraud and related activity in connection with access devices. Retrieved April 14, 2007, from http://www.cybercrime.gov/1029NEW.htm, http://www4.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00001029----000-.html, http://www.law.cornell.edu/uscode/uscode18/usc_sec_18_00001028----000-.html,
Coggeshall, S. (2007, April 13, 2007). ID Theft Knows No Boundaries. Retrieved April 14, 2007, from http://www.ecommercetimes.com/rsstory/56864.html
Criminal DefenseCREDIT CARD FRAUD. Retrieved April 14, 2007, from http://www.defend-me.com/credit-card-fraud.asp
Iannacci, J., and Ron Morris. ACCESS DEVICE FRAUD and RELATED FINANCIAL CRIMES. Retrieved April 14, 2007, from http://www.infosecuritynetbase.com/books/616/8130_pdf_toc.pdf
Mississippi Computer Crimes Law. Retrieved April 14, 2007, from http://www.textfiles.com/law/ms_lawsta.law
SEC. 97-45-3. Computer fraud; penalties. Retrieved April 14, 2007, from http://www.mscode.com/free/statutes/97/045/0003.htm
Section 236. Fraud and related activity in connection with access devices, etc. Retrieved April 14, 2007, from http://www.cmc.gov.my/the_law/Act%20588/a0588s0236.htm