The U.S. Justice Department’s Criminal Division has proposed streamlining the requirements for going after cyberthieves who sell payment card numbers issued by U.S. financial institutions, the department said in a blog post.
The amended laws “would permit the United States to prosecute anyone possessing or trafficking in credit card numbers with intent to defraud if the credit cards were issued by a United States financial institution, regardless of where the possession or trafficking takes place,” the post said.
Current law only allows prosecution if Justice can prove that an “article” used in selling card numbers moved though the U.S. or that the seller keeps illicit profits in a U.S. bank. But foreign cyberthieves keep their profits out of the U.S., and with digital data it’s not clear what kind of article could be involved. Simplifying the requirements would make prosecution practical more often.
“This kind of jurisdiction over conduct that occurs abroad is fully consistent with international norms and other criminal laws aimed at protecting Americans from economic harm,” the post said. “Moreover, in an era of global cybercrime where criminals steal Americans’ financial information so that they can traffic it abroad, it is necessary to prevent criminals from victimizing our citizens with impunity.”
The Obama administration is backing the Cybercrime Anti-Resale Deterrent and Extraterritoriality Revision Act of 2015, a bill introduced on Tuesday (March 24) by Rhode Island Democratic Rep. Jim Langevin that would amend the U.S. Code “to provide greater extraterritorial criminal jurisdiction over certain credit card and other access device fraud offenses,” according to Bank Info Security.
But not everyone is sold on the idea. Criminal defense attorney A. Jeff Ifrah told Bank Info Security that a better approach would be for the U.S. to work through diplomatic channels to get other countries to toughen up their own cybercrime laws.
That can still mean a drawn-out process for getting cybercrime suspects into U.S. courts. For example, alleged Russian cyberthief Vladimir Drinkman was indicted in U.S. federal court in 2009 and arrested in The Netherlands in June 2012, but wasn’t extradited to the U.S. until last month.