Credit Card Fraud and the Law:A Critical study of Malaysian perspective
Dr. Nehaluddin Ahmad
Faculty of Business and Law
Multimedia University, Malaysia
There is a significant need to understand the law that relates to credit cards, both civil and criminal, especially, in the context of ever increasing credit card frauds, and the way in which the civil law has contributed to it, and the insufficient way in which the criminal law has sought to combat it. It cannot be denied that credit card misuse is a global problem. It will also indicate some of the effects of such criminal misuse. The paper will explore the legal remedies and restitution under criminal legislation that exist against credit card fraud in Malaysia.
This is a Commentary published on 18 September 2009.
Citation: Ahmad, N., ‘Credit Card Fraud and the Law: A Critical Study of Malaysian perspective’, 2009(2) Journal of Information, Law & Technology (JILT), <http://go.warwick.ac.uk/jilt/2009_2/ahmad>
The most dramatic revolution in payment methods in the past few decades has, undoubtedly, been the plastic card. The credit card is a payment vehicle of convenience, which provides its holders with multifarious benefits. A credit card has been defined as a payment card, the holder of which is permitted under his contract with the issuer of the card to discharge less than the whole of any outstanding balance on his payment card account on or before the expiry of a specified period, subject to any contractual requirements with respect to minimum or fixed amount of payments1. The card permits the holder to obtain credit up to a stated maximum amount from the issuer upon the card’s presentation to a merchant. The card issuer sends the cardholder periodic statements (usually monthly) describing the purchases made. The cardholder may settle the indebtedness without interest by paying the entire amount on receipt of the statement or the cardholder may settle the indebtedness by installments, paying interest on the outstanding amount.
Retail and service based businesses that cannot accept credit card payments are at a disadvantage against their competitors. In the United States alone, 350 billion dollars a year are spent with credit cards. It is no wonder that businesses want to accept credit cards, even though it means paying a percentage of each credit card sale to the acquiring bank or processor.
In the twenty first century credit card fraud is a major and global problem. By nature of it being global, its adverse effects are being experienced by all jurisdictions, however, it also impacts locally at a national level, for which we require legislation that tailors the remedy to the local needs. The credit card fraud has posed several challenges to jurisdictions across the globe. First, proper laws to prevent the offence must be in place, primarily to punish those who commit this offence and to deter potential offenders. Secondly, to afford remedial assistance to those who have suffered as a result of this offence.
An investigation committee of the Russian Interior Affairs Ministry in late 2004 completed an investigation of credit card fraud. Russian police officers and Federal Security Bureau agents detected a syndicate that was stealing client databases from large banks to fabricate plastic credit cards of the world's leading payment systems – Visa, MasterCard, and American Express. The criminal organization was selling counterfeit cards to fraudsters in the United States, in Canada, Israel, Turkey and many other countries.2 Another country where credit card misuse is rampant is Indonesia.3Recently the House of Lords Science and Technology Committee carried out an investigation pertaining to Internet security between January 2005 and June 2005 and found that the number of recorded phishing incidents alone was 312. And further the Committee was informed that the amount of cash stolen in the first half of 2006 was US 45 million based on the findings of APACS.4
The manager of Master Card Europe, Paul Lucraft, gives a clear picture of recent losses suffered in the country due to fraud.5
Card-not-present fraud, including losses from telephone and Internet sales, rose by 24% in 2004 to £150.8 million ($285 million). …. smart cards do not prevent this type of fraud, so criminals are focusing more on this type of activity. Fraud due to counterfeit cards was up by 17% to £129.7 million ($246.5 million) in 2004, while fraud due to stolen or lost cards was up 2% to£114.4 million ($217.3 million), according to APACS. ID fraud due to fraudulent card applications or account takeover was up by 22% to £36.9 million ($70.1 million).
In 2004, the New Straits Times, Malaysia , the local newspaper reported that RM100 million was lost due to credit card fraud in the first six months of year.6An article published in 2003 which reads as follows:
Crime figures dating back to 1999 show card fraud reported to police peaked at nine million ringgit in 2000, when there were 173 incidents. The next year losses fell to 1.6 million ringgit as cases rose to 252, followed by falls in value and volume in 2002. Over the whole period, Singapore, France and Japan arrested 19 Malaysians on suspicion of card fraud, the latest a Malaysian airline flight attendant held in Tokyo in February for alleged possession of 3,000 card blanks…. 7
It cannot be denied that credit card misuse is a global problem. It also indicates some of the effects of such criminal misuse. The paper will explore the legal remedies and restitution under criminal legislation that exist against credit card fraud in the Malaysia.
Besides suffering losses, fraudulent transaction also generate disputes, once victims realise that the figures shown in their statements are incorrect. For instance, a dispute could arise if someone has stolen or used the particulars of the card owner without his permission or consent. The other kind of dispute would arise when cardholders realise that they have been billed for items or services that they have not received or that they have been billed twice for the same item or service. On such occasions, it may be comprehensible that all parties concerned (processors, banks, VISA/MasterCard, the merchants) may want to shift the liability to someone. The law enforcement bodies may want to investigate if the nature of the fraud is extensive otherwise logic shows that it is not cost effective. The police can only carry out the investigation if the cardholder has made a police report.
However, cardholders may not realise the error or the inaccuracy immediately. This again may impede or deter a police investigation for the offender may have disappeared. However, in the United States, there is a Federal law that has systematic procedures for identifying and resolving credit card disputes that may arise between the cardholder and the card issuer as to the outstanding amount.8 Under this Act the consumer can challenge a creditor’s statement on an account in his name.9 But Malaysia does not have such an Act.
The credit card fraud is an economic problem which poses challenges to governments globally. These offences are quickly overtaking the speed of conventional crimes because of the Internet where electronic payments are becoming the common method of buying and selling goods and services. As a general rule, a government has a legal duty to define the accepted behaviours of a society. It does this through legislation and its numerous agencies. The reason behind this duty is presumably to balance or to regulate the rights of those affected by such behaviours. This same concept is also extended to fraudulent credit card transactions.
Thus, it is the legal duty of each government to define what a fraudulent credit card transaction is and what are the ‘ prohibited behaviours’ when it comes to credit card transactions. These behaviours would be those which are construed as legally wrong. For instance, the laws in United States10, United Kingdom11 and in Malaysia12, clearly state that if one obtains or uses a credit card fraudulently or dishonestly, such an act is legally wrong, thus it would amount to a ‘prohibited behaviour.’
The City of London Police has stated that those affected by cheque and credit card fraud can be divided into two categories; first they are those affected directly and possess an account with financial institutions. Secondly, they are those who are affected indirectly and pay more for goods and the services due to the fraud.13 Governments would have to then intervene so that the rights of those affected can be properly regulated. One form of government intervention would be for Parliaments to have laws that expressly criminalise both categories of criminal behaviours and to make laws which provide remedial assistance to those suffered due to these criminal behaviours.
Common practice is for the cardholder to call up the merchant and dispute the charges and wait and hope that the merchant accepts the dispute. The cardholder would in any case be expected to make a report and an investigation would have to follow, but if the amount that is being disputed is trivial, it may be debatable if an investigation would be effective.
In the three countries, the respective government intervention would be through legislation14 and polices of bodies that assist the governments. In the United States, for instance, the FTC protects consumers against unscrupulous billings. A simple measure that it has is the setting up a 900 Number Call which has procedures in settling billing disputes.15 The Dedicated Cheque and Plastic Crime Unit of the United Kingdom were set up in 2004 as a two year pilot project to primarily focus on counterfeit credit card fraud. This Unit consists of police officers from the City of London Police, Metropolitan Police officers; the Unit also receives support from the banking industry as well.16Within that two year period, the Unit recovered about 3,400 counterfeit cards and 39,600 compromised card numbers. During the same period, the Unit arrested 306 suspects and 90 of them were subsequently charged.17The Bank Negara of Malaysia passed a mandate in 2005 that all credit card transactions by Malaysian Banks must be
encrypted and EMV compliant. The name derives from the initials of Europay, MasterCard and Visa (EMV).
Its move was initiated by the Malaysian Government because of the high rate of credit card fraud in Malaysia.18Governments may also work with other governments with a particular region to regulate fraudulent behaviours. The Confederation of Asian and Pacific Accountants, has a membership of 33 accountancy organisations in 23 jurisdictions. It commissioned the Australian Institute of Criminology and Australia’s national center for the analysis and dissemination of criminological data and information to undertake a study.
Now let us examine the legal materials from Malaysia that address the misuse and also provide remedies or criminal restitution to those who have suffered by the fraud. In Malaysia there is no specific section that governs the commission of credit card fraud; therefore the primary Act governs the commission of this offence is penal code. Since Malaysia, Singapore, Sri Lanka, Pakistan and Bangladesh were once British colonies, they all adopted the Indian Penal Code. The Indian Penal Code was based on English law without English peculiarities and became the basic criminal law of Malaysia and Singapore.
After attaining its independence, Malaysia adopted the Indian Penal Code as the basis for its main criminal law from 31st March 1965. It currently has over 500 sections. This Act has been amended at least eight times since its implementation19 and encompasses a myriad of offences.20
The author identified several sections under the Penal Code which could be used to charge credit card offenders under different circumstances. The sections include s120A, s378, s411, s415, s420, s463 and s474.21The Current Law Journal revealed that there were numerous articles written on the provisions of the Penal Code. 22 However, some of these provisions have been amended and the study highlights the amendments made to some of the provisions.23 The Penal Code (Amendment) Act 1989 made some minor changes to the wording of s411 and s420. The amendments are as follows:
Amendment to section 411
Section 411 of the Code is amended by substituting for the word "three" the word "five", and inserting after the word "both" the words "; and if the stolen property is a motor vehicle or any component part of a motor vehicle as defined in section 379A, shall be punished with imprisonment for a term of not less than six months and not more than five years and shall also be liable to fine".
Amendment to section 420
Section 420 of the Code is amended by substituting for the word ‘seven’ the word ‘ten’. The Penal Code (Amendment) 1993 made another change to s420.
Amendment to section 420
Section 420 of the Code is amended-
- by inserting immediately after the word ‘ deceived’ the words, whether or not the deception practised was the sole or main inducement,"; and
- by substituting for the words ‘may extend to ten years and shall also be liable to fine’ the words ‘shall not be less than one year and not more than ten years and with whipping, and shall also be liable to fine.’
The Act per se is a law relating to criminal procedure.The Act has gone through several amendments. The amendment made in 2006 is not yet in force. However, none of these amendments have affected s426 of the Code.24This section allows the victim to seek compensation if defendant has been convicted and sentenced.25
It has been established that the United Kingdom has one particular Act against fraud to prohibit all fraudulent offences and the United States has at least one particular section to prohibit credit card frauds. However, the Malaysian Government has not taken such measures as yet. For it has not provided any specific legislation to particularly cover credit card fraud. There have been a number of such cases that have come before the local courts and currently the local courts are using the general criminal laws to stop credit card fraudsters.26 The primary source of criminal law both in Malaysia and in Singapore is the Penal Codes of the respective countries and these codified laws are supplemented by common law principles. The main literature governing this offence is still rooted under the traditional law which is the Malaysian Penal Code. It is very similar to the Indian Penal Code which was enacted in India in 1860.27 This Code was originally enacted to replace the manifold systems of criminal law which were in existence in British India during that period. The Malaysian Penal Code, like the Indian Penal Code prohibits most criminal activities in Malaysia.
The section reads as follows:
Whoever, intending to take dishonestly any movable property out of the possession of any person without that person's consent, moves that property in order to such taking, is said to commit theft.
This section covers virtually all theft and clearly covers a situation when a perpetrator steals a credit card. Under this section, if a perpetrator dishonestly takes a credit card, which is considered as immovable property, from the possession of the cardholder without his consent, such taking amounts to theft. The section considers it as theft even if the perpetrator takes the credit card without the view of making a gain from the cardholder. However, very often the perpetrator makes a gain for himself and sometimes that gain may become a great loss to the card holder.28
The author states that the fact that the credit card itself is of minimum value does not absolve the perpetrator of his criminal liability, if convicted he could be punished for a maximum term of seven years imprisonment and the offender could be additionally fined or whipped.29
The section deals with the offence of cheating and reads as follows:
Whoever by deceiving any person, whether or not such deception was the sole or main inducement,-
- fraudulently or dishonestly induces the person so deceived to deliver any property to any person, or to consent that any person shall retain any property; or
- intentionally induces the person so deceived to do or omit to do anything which he would not do or omit to do if he were not so deceived and which act or omission causes or is likely to cause damage or harm to any person in body, mind, reputation, or property,
is said to ‘cheat’.
Explanation 1 - A dishonest concealment of facts is a deception within the meaning of this section.
Explanation 2 - Mere breach of contract is not of itself proof of an original fraudulent intent.
Explanation 3 - Whoever makes any representation through any person acting as an agent, or otherwise, for him, shall be deemed to have made the representation himself.
The previous section is only applicable if the fraudster had stolen the card, but s415 goes a step further and prohibits the deceptive usage of this stolen card. When a person steals a credit card and intends to use this credit card to purchase either an item or obtain a service, in such a circumstance s378 will not punish him for the deceptive usage. The appropriate section that attaches criminal liability to the individual if he does use the stolen credit card is s415. This section makes it an offence if the fraudster obtains a property from any person by misrepresenting himself. Thus this section could be applicable for instance when the fraudster dishonestly or fraudulently induces the salesperson to believe that he is the genuine holder of the credit card.
There have been several amendments made to this Act and the Penal Code (Amendment) Act 1993 made fifteen amendments to the Code. One of the amendments related to s415. This section was amended in two ways. Firstly, by including s415 (a) and (b) and secondly, by including a third explanation of the term ‘cheat.’ Explanation 3 expands the definition of the term because under this explanation, statements made by an agent bind his principal.
Thus, today in Malaysia, if ‘A’ dishonestly or fraudulently uses another person’s credit card to buy something for himself or for a third party or induces the other ‘B’ to do or to omit anything which ‘B’ would otherwise not have done or omitted to do, had B not been deceived, in such a circumstance ‘A’ is said to have committed an offence of cheating under s415 and cannot evade liability if he claims that he had not made any positive misrepresentations because under this section a dishonest concealment of facts is considered as a deception. ‘A’ could be punished under s417 if found guilty.
Section 463 reads as follows:
Whoever makes any false document or part of a document with intent to cause damage or injury to the public or to any person, or to support any claim or title, or to cause any person to part with property, or to enter into any express or implied contract, or with intent to commit fraud or that fraud may be committed, commits forgery.
Section 474 reads as follows:
Whoever has in his possession any document, knowing the same to be forged, and intending that the same shall fraudulently or dishonestly be used as genuine, shall, if the document is one of the descriptions mentioned in section 466, be punished with imprisonment for a term which may extend to seven years, and shall also be liable to a fine; and if the document is one of the description mentioned in section 467, shall be punished with imprisonment for a term which may extend to twenty years, and shall also be liable to fine.
Both these sections have certain similarities. S463 prohibits the act of forgery and s474 prohibits the possession of a valuable security known to be forged but having the intent to use as a genuine document. Thus the element of forgery is present under both these sections. Additionally, the term ‘document’ is present in both these sections. It is therefore almost impossible to understand the meaning of the term ‘document’ without analysing other sections such as s29, s30, s466 and s467 as all these provisions throw some light on the term ‘document’ which is essential to all sections. However, in a recent case, Yap Choo Kit30 it was clearly stated that credit cards do fall within the definition of documents.
Section 463 makes it an offence if a person has created a credit card. A fraudster could have either stolen a credit card or could have ‘created’ or ‘manufactured’ a false credit card and used it to suit his purposes. The section prohibits the making of a false document with the intent to use this false document to cause damage or injury to any person or to support a claim or title (that he for instance is the genuine card holder) or to cause another person to part with his property or to enter into an express or implied contract with the fraudster because the victim believes that the document genuine. The only term under this section that needs clarification is the term ‘document.’ The application of this section was originally used when a fraudster created false documents to deceive another and s46431 explicitly highlights how a document could be falsified. Case law32 has shown that the term ‘document’ mentioned under these sections also include credit cards and blank plastic cards embossed with both existing or non-existing card members’ names and account numbers as documents.
A section which has often been used against credit card fraudsters is s474 of the Penal Code, which prohibits the possession of a forged credit card with the intent to use it as genuine. Fraudsters in Hoo Chee Keong v PP and in Chau Kam Hoon v PP were charged and convicted under this section for possessing forged credit cards with the intent of using them.
In the former case, it was clearly held by the High Court that for a conviction under s474, a credit card must fall within the definition of a document as stated under s29 of the Penal Code, and in this case it was clearly held that a credit card is not a ‘ valuable security’ within the meaning of s30 of the Penal Code, but as long as it falls within the ambit of s466 or s467, a conviction under s474 could suffice. In this case the judge held that the forged MasterCard which resembled a genuine credit card was a ‘ document’ within the meaning of s29 (and not a ‘valuable security’ within the meaning of s30) for it gave authority to a merchant who had an agreement with an acquiring bank to deliver any movable property or render any services to the
holder of the card. Thus it did constitute to one of the many types of document that were described under s467.33
The judge in that case was very serious in preventing the commission of credit card fraud for in his judgment it was noted that a failure on the part of the prosecution to describe the documents accurately in the charge and/or failure to precisely identify which of the several documents listed under s466 or 467 of the Penal Code applied to the situation at hand before a conviction under s474 was only an irregularity and he was of the opinion that s422 of the Criminal Procedure Code could rectify this problem. However, it must be noted that this was only comment made by the High Court judge and could be disputed by the counsel for the defendant or disagreed by his colleagues from the Court of Appeal or in the Federal Court.
In 1993 the High Court may have been more determined in ensuring that credit cards should be considered as valuable securities as a matter of law if a conviction under a similar charge were to be sustained. In Tio Tek Huat v Pendakwa Raya34, a charge under s467 which prohibited the forgery of valuable securities was failed because the forged credit cards which were in the possession of the appellant at the material time were not considered as valuable security because one of the credit cards had expired and the other had been cancelled and as a result it was held that no right or liability could properly have been accrued in respect of both these documents. However if the cards were not expired or cancelled the accused would have been convicted.
It is clear from Hoo Chee Keong v PP and Tio Tek Huat v Pendakwaraya that the credit cards may more easily be construed as ‘documents’ rather than ‘valuable security’ since they may only be considered as valuable securities if these cards have some economical value attached to them. Since there is no precise definition to the term ‘credit card’ it is the view of the author that courts are willing to consider them as documents35and as well as ‘valuable securities’ as shown in the case of Tee Thian See v Public Prosecutor36wherethe appeal of the accused was dismissed and he was punished under s467 for a charge under 472.
Section 472 reads as follows:
Making or possessing a counterfeit seal, plate, etc., with intent to commit a forgery punishable under section 467.
Whoever makes or counterfeits any seal, plate, or other instrument for making an impression, intending that the same shall be used for the purpose of committing any forgery which would be punishable under section 467, or with such intent has in his possession any such seal, plate, or other instrument, knowing the same to be counterfeit, shall be punished with imprisonment for a term which may extend to twenty years, and shall also be liable to fine.
The accused in PP v Yap Seay Hai, was charged under s472,37for he was charged and convicted of the offence of counterfeiting of plates for making an impression of five American Express cards. The following observation made by his Honorable Mr. Kang Hwee Gee by denying the appeal shows how serious the courts are in considering credit card offences as serious criminal offences.
The section deals with persons who deal with properties that have been received dishonestly and reads as follows:
Whoever dishonestly receives or retains any stolen property, knowing or having reason to believe the same to be stolen property, shall be punished with imprisonment for a term which may extend to five years, or with fine, or with both; and if the stolen property is a motor vehicle or any component part of a motor vehicle as defined in section 379A, shall be punished with imprisonment for a term of not less than six months and not more than five years, and shall also be liable to fine.
Prima facie, s411 could punish anyone who keeps or accepts a credit card if he knows or has a reason to believe that the credit card is stolen. However, according to the author 38this section is also essential especially because credit card fraud is often done on a large scale involving third parties. These third parties could be different persons compared to those who use these cards to obtain goods and services. Many of these intermediaries could be persons who just receive or keep properties which have been obtained as a result of stolen credit cards. The section makes it clear that those persons who have received or retained such properties are liable only if they knew that the goods or properties were stolen. Bona fideindividuals who have acted innocently come by the property will not be held responsible under this section and it is again the duty of the prosecution to prove that the receivers of the properties have dishonestly or had known or had reason to believe that the property they received was stolen.
This section may be closely linked to s378 which indicates that theft takes place when a credit card is stolen. Thus s411 makes all those who received the goods or properties which were ‘ purchased’ using this stolen card is liable provided that they know that the stolen credit card was used to purchase these items. Such mala fidereceivers or keepers could be punished up to five years.
The section deals with criminal conspiracy and reads as follows:
When two or more persons agree to do, or cause to be done-
- an illegal act, or
- an act, which is not illegal, by illegal means, such an agreement is designated a criminal conspiracy:
Provided that no agreement except an agreement to commit an offence shall amount to a criminal conspiracy unless some act besides the agreement is done by one or more parties to such agreement in pursuance hereof.
Explanation- It is immaterial whether the illegal act is the ultimate object of such agreement, or is merely incidental to that object.
All the sections mentioned above are applicable if the fraudulent transaction or when the offence has taken place. To trace the offender after the commission of the crime poses a challenge as he may have disappeared or even left the country. The other issue is that very often these perpetrators normally do not act alone. In fraudulent credit card transactions it is not uncommon that more than one person is involved in the commission of this crime. For instance one person who works with a bank has the possibility of having access to personal details of clients and if this person passes these details to another who actually uses these details to forge a credit card, they could both be charged under s120A39which is the general section prohibiting any offence of criminal conspiracy.
This section imposes the burden on the prosecution to prove beyond reasonable doubt that there was a criminal conspiracy between the parties. This section is very useful because it could be used against several individuals at the same time for conspiring together and could also be raised when no specific offence is committed but the parties have entered into a fraud together. As long as the prosecution can prove that there was a criminal conspiracy the elements are said to be satisfied. This is possible if it is proved that there has been a conspiracy between a purchaser and a sales assistant to defraud a credit card company. The author is of the opinion that this section is very useful because it is possible to apprehend the fraudsters even before the offence has taken place. As such, it could be seen as a precautionary measure unlike the other sections above which are operative only when the offence in question has actually taken place.
Section 420 may be usefulif a fraudster by using his credit card which may be genuine or otherwise cheats and dishonestly causes another to part with or give up property. The author was not able to find any instances where the Courts have used this section on fraudsters. For this section to be applicable, the prosecution has to prove that the perpetrator had cheated and there was the element of dishonesty on the part of the perpetrator. It is probable that this section could be invoked if a fraudster uses a stolen credit card to cheat another who gives up his property under a false and mistaken belief.
After analysing the various provisions under the Penal Code, it is apparent that the men reaof the offences varies. For instance, the mens rea for s378, s415, s463, s474 and s411 is either intention, dishonestly40, or fraudulently or all.41Both the terms ‘dishonesty’ and ‘fraudulently’ are given statutory definitions under s24 and s25 respectively. However, the term ‘ intention’ is not defined under the Penal Code. It is not very clear how much evidence must be adduced for the prosecution to prove that the credit card fraudsters had intended to carry out the offences. There is very little published materials in Malaysia pertaining to the usage of the Penal Code on credit card offenders. As for the words that constitute the actus reus of these offences, the Penal Code provides statutory meanings. For instance, the term ‘movable property’ defined under s22 will give clear indication to judges that credit cards are construed as moveable property, if some is charged under s378 or s415 or s411. However as a general rule, it is not incorrect to say that Malaysian Courts like the English and the American courts interpret statutory words based on the statutory definitions. However, all these courts have an abundance of common law rules to rely on if that statute in question is unable to provide an adequate interpretation.
The Malaysian Government may be trying its best to fight credit card offences, but has not (in the opinion of the author) reached a position where the courts are equipped with proper and specific legislative tools to address this serious and growing problem. This lack itself could be considered as a setback.
In a recent article Rahim and Mnap identified several types of information in Mlaysia. First, they identified the theft of credit card, secondly ATM Spoofing where offenders set up fake ATM machines, which look and work like genuine ATM machines; thirdly, the pin capturing practice, where offenders identify busy ATM’s to hide video cameras which aimed at duplicating the numbers that are keyed in by users; and fourthly, database theft where large databases of information that have been built up for companies which have been given authorisation, the offender may hack into this computer system to steal an industrialised database of this kind of information.42
Under such circumstances, the offenders may be liable for theft and offence of stealing which might fall under the crime prescribed in the Penal Code. In addition, it is believed that they would also be liable under the Computer Crimes Act 1997 (CCA) for hacking (basically it means accessing someone’s computer without permission).43 The Act prohibits the following actions:
- Section 3 prohibits accessing someone's computer without permission;
- Section 4 prohibits anyone from accessing someone else`s computer without permission with the intent to commit an offense;
- Section 5 prohibits anyone from accessing someone else`s computer without permission and making modifications;
- Section 6 prevents any kind of wrongful communicating to another; and
- Section 7 prohibits anyone who assists another to carry out the above mentioned acts and it also punishes those who attempt any of these prohibited acts.
From these sections, it is clear that the CCA 1997 was designed to prohibit hacking and not to address credit card offences. Perhaps a similar tailor made Act to fight credit card offences is urgetly needed.
Currently there are several provisions under the Penal Code that Malaysian judges use on credit card fraudsters unlike their counterparts in the United States.44 These provisions are worded in such a wide manner that they can cover numerous offences including credit card fraud. Though, the term ‘credit card’ is not found in any part of the said provisions, the courts are forced to apply general laws to curb specific problems. However, these laws are not tailored to address specific problems that come with the advancement of technology. Thus, it is the inadequacy of specific legislation or provisions that in the author’s opinion constitute the main problem faced by the Malaysian judiciary. Perhaps that is the reason behind frequent amendments of the Penal Code so that the Code can keep progressing with the changing nature of crime and demands of the society.45
Though the Penal Code has been amended several times46 and deficiency was realised as early as in 2004, no specific provisions have been introduced to fight credit card offences. Sections s378, s415,463, s474, s420 and s120A which are currently being used against credit card fraudsters, have not gone through any amendments under these numerous Amendment Acts and therefore, these provisions are unable to address specific credit card offences. Lastly the amendments introduced under the Penal Code (Amendment) Act 2003 and Penal Code (Amendment) Act 2006 are yet to be enforced.
Section 474 is very often used against those who have fake or forged credit cards. This section prohibits the possession of a document (including a credit card) which is forged and the offender possesses it with intent to use it as genuine. The prosecution under this section has to prove that someone has in his possession, (i) any document, (ii) knowing the same to be forged and, (iii) intending the same shall be fraudulently or dishonestly used as genuine. The author finds certain difficulties that come with the application of this section if it is used against credit card offenders. First to obtain a conviction under this section, a credit card has to be construed as a ‘document.’ Two sections (s466 and s467) explains what a document is.
Under s466 a document includes the following:
- a document purporting to be a record or proceeding of or before a court;
- a document purporting to be a record of a Register of Birth, Baptism, Marriage or Burial;
- a document purporting to be a record of a Register kept by a public servant as such; (d) a document purporting to be a certificate or document purporting to be made by a public servant in his official capacity;
- a document purporting to be an authority to institute or defend a suit or to take any proceeding therein or to confess judgment; and
- a document purporting to be a power of attorney.
And under s467 a document could mean the following:
- a document which purports to be a valuable security;
- a document which purports to be a will;
- a document which purports to give an authority to adopt a son; (d) a document which purports to give authority to any person to make or transfer any valuable security;
- a document which purports to give authority to any person to receive the principal, interest or dividend thereon;
- a document which purports to give authority to any person to receive or deliver any money, movable property or valuable security;
- any document purporting to be an acquaintance or receipt acknowledging the payment of money; and
- any document purporting to be an acquaintance or receipt for the delivery of any movable property or valuable security.
Cases such as Hoo Chee Keong v PP.47 and Tio Tek Huat v Pendakwaraya clearly shows that credit cards could mean documents and valuable securities. Such an interpretation would involve courts to read both s466 and s467. If the legislature were to expressly state what a credit card mean then it would deter courts to read both these sections, thus a clearer and a precise meaning could be given to the credit card. If the prosecution is not able to describe the documents accurately in the charge or is not able to identify with accuracy whether credit card should fall under s466 or s467 of the Penal Code, such difficulty is resolved by invoking s422 of the Criminal Procedure Code (Revised 1999) which ensures that proceedings are not declared null and void due to irregularities. This may not be necessary if credit cards were given a more precise definition.
The Malaysian government is aware of the legal developments that have taken place in other jurisdictions but they do not have any specific laws like USC 18 s1029 (a). This could mean either that the Government do not wish to have specific laws to curb the credit card fraud or avoiding the tedious effort of drafting tailor-made laws. In the past the Malaysian Government has referred to laws from other jurisdictions as Computer Crimes Act 1997 of Malaysia has greater similarities with the United Kingdom’s Computer Misuse Act 1990.48However, in the matter of credit cards the prosecution has to rely on the existing Penal Code which is very loosely worded thus enabling the prosecutor to capture all kinds of credit card offenders under this Act.
The Malaysian courts had to face problems when interpreting the provisions under the Penal Code. Currently, it is apparent that credit cards could be considered as ‘documents’< /font>or ‘valuable security.’Perhaps the Penal Code could at least amend s466 and/or s467 to provide clearer meaning to the term ‘credit card’. A study can also be undertaken to decide if would be easier to prosecute offenders if these cards are construed as ‘access devices’ a step that the United States has adopted for the last 22 years. The Malaysian Criminal Procedure Code s426 gives judges discretionary powers to grant compensation but not like United Kingdom,49which has precise laws that allow victims of criminal offences to seek restitution. The other jurisdictions, such as UK have codified provisions that are in place to prevent offenders50though laws would never be full proof against offenders.
1 Article 29(1) of the UK’s Credit Card (Merchant Acquisition) Order, 1990, SI 1990/2158. For a discussion of the definition of a ‘credit card’, see, Ogilvie, H.M. (1991), Canadian Banking Law, (Scarborough:Carswell), pp. 647-648.
2 ‘Special Services Exposes the Largest Credit Card Fraud in Russia`s History’; Available at: <http://english.pravda.ru/hotspots/crimes/22-12-2004/7530-cards-0> [ Visited on 20.4. 2009]
3Banking in Indonesia; Available at: <http://www.expat.or.id/info/creditcardfraudindonesia.html> [Visited on 23. 04.2009]
4 Sharma, N, Online Banking Fraud Fraud Witnesses 8,000% Rise In U.K; Available at:
<http://www.bizreport.com/2006/12/online_banking_fraud_witnesses_8000_rise_in_uk.html> [Visited 5.4. 2009]
5 UK Criminals Know the Chip Card`s in the Mail; Available at: <http://www.cardtechnology.com/article.html?id=20050509G7LUZ6L6> [Visited 5.4.2009]
6 Goh, R, Credit Card Fraud: RM100m Lost in Six Months; Available at: <http://www.accessmylibrary.com/comsite5/bin/pdinventory.pl?pdlanding=1&referid=2930&purchase_type=ITM&item_id=0286-12810288> [Visited 5.4. 2009]
8 USC 15 Fair Credit Billing Act.
9 USC 15 s1666(b).
10 USC 18 s1029 (a) 2.
11 S2(1) Fraud Act 2006.
12 S415 Penal Code 1965.
13 Cheque and Credit Card Fraud Investigation Policy, City of London Police; Available at: <http:www.cityoflondon.police.uk> [Visited 23.07. 2007]
14 In United States - USC 18 s1029 (a) 2, In the United Kingdom - S2(1) Fraud Act 2006 and in Malaysia - S415 Penal Code 1965.
15 FTC Facts for Consumers Fair Credit Billing; Available at: <http://www.ftc.gov/bcp/conline/pubs/tmarkg/nine.shtm> [Visited on 20.03. 2009]
17 APACS the UK Payments Association; Available at: <http://www.apacs.org.uk/payment_options/plastic_cards_5_5.html> [Visited 17 .3. 2009]
18 Bank Negara Annual Report, 2006.
19 Penal Code (Amendment) Act 1982, Penal Code (Amendment) Act 1985, Penal Code (Amendment) Act 1986, Penal Code (Amendment) Act 1989, Penal Code (Amendment) Act 1993, Penal Code (Amendment) Act 2001, Penal Code (Amendment) Act 2003, and Penal Code (Amendment) Act 2006.
20 George, M. (1990), ‘Criminal Breach of Trust under the The Malaysian Law: A Review’, 1 CLJ, I (part 1) and x (part II).
21 Joseph, A.L.R (1993), ‘Credit Card Fraud and the Law’, 2 CLJ xii (Apr)
22 Ibid; see also, George, M. (1990), ‘ Criminal Breach of Trust under Malaysian Law: A Review  1 CLJ i (part 1) and x (part II); Woolf, Lord. (2004), ‘A New Approach to Sentencing’, 2 CLJ xxxvii.
23 Ganguli,C.L. July 2007 – Labour Protection, CLJ 178, A.L.R. Joseph, Credit Card Fraud,  2 CLJ xii (Apr).
24 Criminal Procedure Code Amendment and Penal Code (Amendment) Act 1983, Criminal Procedure Code (Amendment) Act 1989, Criminal Procedure Code (Amendment) Act 1993, Criminal Procedure Code (Amendment) Act 1995, Criminal Procedure Code (Amendment) Act 1997, Criminal Procedure Code (Amendment) Act 2001and Criminal Procedure Code (Amendment) Act 2006.
25 Wong Muh Rong,, Trusts & Estates, Equity, Property & Real Estate, Land, Criminal Law
Malaysia 2 CLJ xxxix.
26 Wong Kim Leng v PP,  2 MLJ 97 and Bakmawar Sdn. Bhd v Malayan Banking Bhd.  1 MLJ 67.
27 Myint, K K L (1974), The Penal Codes of Singapore and States of Malaya: Cases, Materials and Comments, Vol 1.
28 Rahim, A A and Manap, N A (2003),‘Theft of Information: Possible Solutions Under The Malaysian Law’, 3 MLJA.
29 Joseph, A L R (1993), Credit Card Fraud and the Law, 2 CLJ xii (Apr).
30 Yap Choo Kit, 9 CLJ 377
31 S464 Penal Code A person is said to make a false document-
Firstly - Who dishonestly or fraudulently makes, signs, seals, or executes a document or part of a document, or makes any mark denoting the execution of a document, with the intention of causing it to be believed that such document or part of a document was made, signed, sealed, or executed by, or by the authority of a person by whom or by whose authority he knows that it was not made, signed, sealed, or executed, or at a time at which he knows that it was not made, signed, sealed, or executed; or Secondly-Who without lawful authority, dishonestly or fraudulently, by cancellation or otherwise, alters a document in any material part thereof, after it has been made or executed either by himself or by any other person, whether such person be living or dead at the time of such alteration; or Thirdly- Who dishonestly or fraudulently causes any person to sign, seal, execute, or alter a document, knowing that such person by reason of unsoundness of mind or intoxication cannot, or that by reason of deception practised upon him he does not, know the contents of the document or the nature of the alteration.
32Hoo Chee Keong v PP,  1 CLJ 667 and Chau Kam Hoon v PP,  7 CLJ 365.
33 S467 Penal Code - Forgery of a valuable security or will. Whoever forges a document which purports to be a valuable security or a will, or an authority to adopt a son, or which purports to give authority to any person to make or transfer any valuable security, or to receive the principal, interest, or dividends thereon, or to receive or deliver any money, movable property, or valuable security, or any document purporting to be an acquaintance or receipt, acknowledging the payment of money, or an acquittance or receipt for the delivery of any movable property or valuable security, shall be punished with imprisonment for a term which may extend to twenty years, and shall also be liable to fine.
34 Tio Teak Huat v Pendakwa Raya, 1993 2 CLJ 570.
35 Supra 23.
36 Tee Thian See v Public Prosecutor,  5 CLJ 644.
37 PP v Yap Seay Hai, 1994 291,MLJU
38 Joseph, A L R (1993), Credit Card Fraud and the Law, 2 CLJ xii (Apr).
39 120A. Definition of criminal conspiracy .When two or more persons agree to do, or cause to be done-(a) an illegal act, or(b) an act, which is not illegal, by illegal means ,such an agreement is designated a criminal conspiracy: Provided that no agreement except an agreement to commit an offence shall amount to a criminal conspiracy unless some act besides the agreement is done by one or more parties to such agreement in pursuance hereof.
Explanation - It is immaterial whether the illegal act is the ultimate object of such agreement, or is merely incidental to that object.
40 S378, s411and 415(a) and 474 of the Penal Code 1965.
41 S415(a) of the Penal Code 1965.
42 Rahim, A R and Manap, N A (2000), Theft Of Information: Possible Solutions Under Malaysian Law, 3 The Malayan Law Journal. xc.
44 s378, s415, s463, s474 and s420 of the Penal Code 1965.
45 New Straits Times (Malaysia, Sept 2004) Finance Ministry Parliamentary-Secretary Datuk Seri Dr Hilmi Yahaya.
46 Penal Code (Amendment) Act 1982, Penal Code (Amendment) Act 1986, Penal Code (Amendment)1989, Penal Code (Amendment) Act 1993, Penal Code (Amendment) Act 2001,Penal Code (Amendment) Act 2003 and Penal Code (Amendment) Act 2006.
47 Hoo Chee Keong v PP 2000] 1 CLJ 667.
48 See Computer Misuse Act 1990 of United Kingdom and the Computer Crimes Act 1997 of Malaysia.
49 S148 (1) Sentencing Act 2000.
50 USC 18 S1029(2) (a) , Fraud Act 2006 and Penal Code 1965.