Law No.21,234: Modifies the Criminal Offence of Fraudulent Use of Payment Cards and Electronic Transactions 

June, 2020 - Álvaro Carreño, Pablo Albertz, Fernanda Montes

On May 29th, 2020, Law No. 21,234 was enacted (the"New Law"), amending and replacing completely Law No. 20,009, which establishes the “Regime of limitation of liability for users, of unauthorized use of means of payment”, expanding its scope of application, establishing a new liability regime for and a new catalogue of conducts which constitute the criminal offence of “fraudulent use of payment cards and electronic transactions”.

Modifies Law No. 20,009 and Law No. 19,913

The New Law modifies the previous criminal offence and its sanctions, including it in the catalogue of Money Laundering predicate offences and sets forth new security measures for crime prevention.

 

I. Criminal offences

  • It complements the previous catalogue of conducts, by increasing the means by which the offence of fraudulent use of payment cards and electronic transactions may be committed, adding to the already contemplated credit and debit cards, the provision of funds, all accounts which permit money transactions through electronic devices (including the passwords and other security and authentication credentials) and, in general, all means of payment other than cash money, checks and demand notes; the latter, aiming to prevent users from electronic frauds (phishing, pharming and skimming, among others).

  • It complements the previous catalogue of conducts which constitute the mentioned criminal offence, by adding two new premises:

    • Impersonating the account holder’s identity before the issuer, operator or within the commerce, in order to obtain the authorization required to issue any money transactions.

    • The conduct of maliciously obtaining for oneself or a third party, the restitution of funds according to this law, rather by simulating a fraud, intentionally causing it, or presenting it before the issuer as occurred by different causes or within different circumstances than in reality.

  • Sanctions: it increases its minimum, by changing it from imprisonment in any degree, to imprisonment from medium to maximum degree, ranging from 541 days to 5 years of imprisonment, and a fine of three times the defrauded amount.

 

II. Compliance

i) Security measures to prevent the commission of offenses

The New Law requires issuers to adopt security measures to prevent the commission of the offenses established in the New Law and to safeguard the safe provision of the service regarding the standard envisioned for suppliers in Law No. 19,496 on the protection of consumer rights.

The security measures must consider at least the following elements:

  • To have monitoring systems aimed at detecting operations that do not correspond to the usual behavior of users.

  • Implement internal procedures to manage the alerts generated by such monitoring systems.

  • Identify patterns of potential fraud, in accordance with industry practices and recommendations, which must be incorporated into the operations monitoring system.

  • Establish limits and controls in the different service channels that allow mitigating losses due to fraud. Such limits and controls must be based on objective, general and non-discriminatory risk considerations in relation to the nature of the payment means and the type of operations they allow to be performed.

 

New money laundering predicate offense and compliance measures

The Law amends Article 27 of Act No. 19,913, which created the Financial Analysis Unit (UAF), incorporating as a predicate offense for money laundering the fraudulent use of payment cards and electronic transactions, arising from the conduct set out in Article 7.

The above implies that the reporting entities before the UAF (e.g., banks and financial institutions) should incorporate this new predicate offense into their compliance programs, which would include, at least, management of the risks arising from this offense.

In addition, legal entities –regardless of whether they are reporting entities or not- should include in their compliance program or crime prevention model under Law No. 20,393 this new predicate offense, since one of the criteria for criminal liability of legal entities is the commission of money laundering, which was broadened by the fraudulent use of payment cards and electronic transactions.

 



Link to article

MEMBER COMMENTS

WSG Member: Please login to add your comment.

dots