Have You Been Accused Of Financial Cybercrime?

Everything You Need To Know About Financial Cybercrime

Cybercrime encompasses any criminal activity which relies on Information and Communications Technology (‘ICT’) devices, including computers, mobile phones, and the internet. It can then be broken down further into crimes that are enabled and crimes that are dependent on ICT devices. Cyber-dependent crimes are those which only involve ICT devices that are used for committing the crime and are also the target of the crime (e.g. hacking or disruption of functionality). On the other hand, cyber-enabled crimes are those that are considered more traditional in nature and do not fully rely on technology but now often involve the use of technology to increase the scale or reach of perpetrators (e.g. cyber-enabled fraud). Here will discuss what is meant by financial cybercrime, the laws which apply, and what you can do if you are accused of financial cybercrime.

What is financial cybercrime?

Financial cybercrime, which falls into the category of cyber-enabled offences, typically involves the unauthorised access, sabotage or use of computer systems owned by another person or business, with the specific intent to gain financially or cause financial loss. Financial cybercrimes are carried out in a number of ways, including:

• using a virus or ransomware to steal or prevent access to data and then selling it or demanding a ransom to allow access or removal 
• using another person’s credit card number to purchase goods and services without their authorisation
• card-not-present (CNP) fraud involving unauthorised transactions without the cardholder being present
• hacking a computer or other online service to steal personal or valuable data for commercial gain
• creation of fake websites to entice victims to spend money on non-existent or counterfeit goods 
• mass marketing fraud and consumer scams including phishing and pharming – e.g. where a person receives a text or email containing a link which then requires them to enter personal details such as login names and passwords. 

In many cases, financial cybercrime will involve gaining access to data that holds value, including images and videos, intellectual property, valuable information, business databases, and personal information (e.g. banking and social security information). This can then be sold, used to gain unauthorised access, or held in return for the payment of funds.

Which laws cover financial cybercrime?

There are several laws that cover financial cybercrime, including the following: 

Fraud Act 2006

The Fraud Act includes the offences of fraud by false representation (Section 2), fraud by failure to disclose information when there is a legal duty to do so (Section 3), and fraud by abuse of position (Section 4). 

To bring a successful prosecution for any of these offences, it must be shown that the defendant’s conduct was dishonest, it was their intention to make a gain or cause a loss or the risk of a loss to another. There does not need to be an actual gain or loss, however; what matters is that there was an intent to gain or cause loss. The maximum sentence for these three offences is 10 years imprisonment.

Theft Act 1968 and 1978

The Theft Act covers the offences of dishonesty, recent possession (i.e. where a person is found in possession of property which has been stolen), fraud (only for fraud offences prior to 15th January 2007), proceeds of crime, and theft (this includes robbery, burglary, handling and going equipped).  

To bring a successful prosecution for any of these offences under this act, the theft must include dishonesty, relate to property that belonged to another at the time it was appropriated, and there was an intention to permanently deprive the victim.

Under the Theft Act, the maximum penalty in the Crown Court is seven years imprisonment and/or an unlimited fine. In the magistrates’ court, this is six months imprisonment and/or an unlimited fine.

Computer Misuse Act (1990)

The Computer Misuse Act (1990) includes 3 main offences:

• Unauthorised access to computer material – carries a maximum penalty of 2 years on indictment
• Unauthorised access with intent to commit or facilitate the commission of further offences – carries a maximum penalty of 5 years on indictment
• Unauthorised Acts with intent to impair, or with recklessness as to impairing the operation of a computer – carries a maximum penalty of 10 years on indictment

The offence of unauthorised access to computer material requires that the prosecution show the defendant:

• has caused a computer to perform a function with intent to secure access (and this was their intention)
• the program or data they intended to access was secure, and there was knowledge that the intended access was unauthorised

Proceeds of Crime Act 2002 (‘POCA’) 

POCA enables the confiscation or civil recovery of proceeds from crime and applies in cases of money laundering in the UK. Under POCA 2002, to initiate confiscation proceedings, the prosecution is required to provide a “Statement of Information” which outlines in detail:

• Whether the Defendant has a criminal lifestyle (a ‘criminal lifestyle’ means a person who is convicted of an offence listed under Schedule 2 of POCA 2002, the offence constitutes conduct that is deemed criminal activity, and the offence was committed over a period of six months and the benefit constituted £5,000 or more).
• Whether they have benefitted from their criminal conduct.
• What that benefit entailed.

Under POCA, the maximum sentence is 14 years imprisonment following conviction, a fine, or both.

Final words

As we have established, for each of these laws, which may apply in cases of financial cybercrime, several legal conditions must be met in order to prosecute. Given the range of possible financial cybercrimes, laws, and the elements which must be established to bring a conviction in each, it is important to engage the services of a Barrister specialising in business crime, fraud, and financial cybercrime. By doing so, you can ensure that any action taken against you is minimised or mitigated while protecting your personal and business reputation.