Computer Fraud: Major technological developments and the widespread use of the internet have brought about the emergence of new “sophisticated” forms of financial crime. This article examines, in the light of these new forms of criminality, the distinction between and the respective application of the provisions governing “simple” and “electronic” fraud. The classification of contemporary criminal conduct under the appropriate legal rule and, more broadly, the legal treatment of cybercrime requires not only an adequate command of criminal law but also an understanding of how the new technology operates.
Watch a video describing the most common cybercrimes:
Computer Fraud: “Whoever, with the intent to procure for himself or another an unlawful pecuniary benefit, causes damage to another’s property by influencing the data of a computer, either through the incorrect configuration of the program, or through interference during its application, or through the use of incorrect or incomplete data, or in any other manner, shall be punished with the penalties of the preceding article (380). Pecuniary damage exists even where the persons who suffered it are unidentified. For the purpose of assessing the amount of the damage, it is irrelevant whether the victims are one or more persons,” Article 386A of the Penal Code (PK).
Pursuant to this provision, the special form of computer fraud is established where the operator of the computer, with the intent to procure for himself or another an unlawful pecuniary benefit while causing damage to another’s property, generates a false outcome, communicates it to someone as genuine, and induces that person to perform an act, omission or sufferance which results in the transfer of property. In such a case, the perpetrator uses the computer as the necessary means to generate, through impermissible interferences, the intended false outcome which is then communicated as true. This communication constitutes the essential starting point of the deception, because it leads the deceived party to a decision to dispose of property. This deceptive misrepresentation of facts — namely the computer’s communication, in which the false fact is presented as true — affects the consciousness of the other party and is manifested externally through that party’s will to perform or omit a specific act, which causally accompanies the deception with the (non-)transfer of property. Therefore, the unlawful interferences with the computer have the exclusive purpose of shaping the will of the other party in such a way as to serve the pecuniary benefit pursued by the perpetrator, and the use of the computer is the necessary means for the realisation of that purpose.
The criminal conduct consists in influencing the computer’s data, with the indicative enumeration of the modes of commission set out in Article 386A. “Program” denotes a set of data through which instructions are given to the computer. The incorrect configuration of the program may be effected by drafting an entirely or partially new program, by altering an already existing program, or by holding back data. The alteration may be achieved by adding or eliminating instructions, while the holding back of data consists in any conduct as a result of which data necessary for the proper application of the program are not entered into the program’s process. In particular, according to the proponents of the normative criterion, the configuration of the program is “incorrect” when it is capable of causing damage to another’s property or of increasing it, in accordance with the principle of the heightening of risk, such that the operation of the program deviates from the socially accepted purpose for which it is intended.
Interference during the application of the program is any act which affects the data-processing procedure, whether through the keyboard or through the mechanical components of the computer (hardware) which influence the program.
Article 386A PK may be applied to various cases of online fraud, such as, for example, the possibility of intervening in a program through which transfers of monetary amounts are made from a user’s account to another account designated by those intervening in the program (a form of hacking). In any event, Article 386A PK on computer fraud covers interferences with the computer’s data referring to all stages of the process (input manipulation, program manipulation, as well as influence over the computer’s mechanical components — hardware).
“Incorrect” data are those of the computer which do not correspond to reality, while “incomplete” data are those which inaccurately express the reality to which they refer and which is of decisive importance for the processing of the data. Simple fraud — and not that of Article 386A PK — is established where the data are checked at some stage of their processing, prior to the disposition of property, by a natural person who is thereby deceived; whereas, in cases where the involvement of a natural person is exhausted in receiving the data without any check on his part (e.g. receipt of a computer-generated voucher), the establishment of computer fraud is not excluded. Furthermore, the influencing of the computer’s data “in any other manner” semantically permits the inclusion of cases involving even the unlawful use of correct data (such as the withdrawal of money from an ATM) by an unauthorised person. In such a case, the perpetrator influences the computer’s data where the result of the data-processing, by reason of his conduct, deviates from that which would have been achieved through the normal and lawful execution of the program.
- See also article Child Pornography
- See also article Defamation via Facebook
- See also article Online Fraud
- See also article Hacking
- See also Methods of Online Attacks
- See also article Malicious Software
- See also article Online Attacks
- See also article Online Piracy
- See also article Software Piracy
- See also article Trafficking of Pharmaceuticals
- See also article 10 Security Practices
FREQUENTLY ASKED QUESTIONS ON COMPUTER FRAUD
1. What penalty does Article 386A of the Penal Code provide?
Computer fraud is punishable with the same penalties as those provided for simple fraud (Article 386 PK), namely imprisonment and a monetary penalty in its basic form. Where the benefit or the damage exceeds EUR 120,000, or where the perpetrator commits the offence on a professional basis, the act is upgraded to a felony, carrying imprisonment of up to ten years. The exact sentence depends on the amount of the damage, the personality of the defendant, the existence of a prior criminal record, and any concurrent mitigating circumstances (Article 84 PK). In many cases, suspension of sentence (Article 99 PK) or commutation of the sentence into a monetary penalty (Article 80 PK), buy-out, or community service is feasible, particularly where the damage has been remedied prior to trial.
2. What should I do if I am arrested in flagrante delicto or summoned as a defendant?
From the very first moment of a summons to a preliminary investigation or of an arrest, the presence of a lawyer must be requested and the right to silence exercised until the case file has been studied. The defence focuses on technical issues: whether the influencing of the computer’s data is in fact attributable to the defendant; whether the IP connection, the digital fingerprints and the log files prove the identity of the perpetrator beyond any doubt; whether the evidence was lawfully collected. Intent is frequently challenged, since the offence requires the purpose of obtaining an unlawful pecuniary benefit. Compensation paid to the victim and the invocation of mitigating circumstances (prior law-abiding life, sincere remorse, good conduct after the act) may significantly reduce the threatened sentence.
3. What is the difference between simple fraud and computer fraud?
In simple fraud under Article 386 PK, a natural person is deceived and voluntarily makes a disposition of property. In the offence under Article 386A PK, the perpetrator directly influences the computer’s data (program, input data, hardware) without the intervention of any human judgment that checks the data. The distinction has practical importance: if it is shown that, at some stage of the processing, an employee checked the data and was himself deceived, simple fraud — and not computer fraud — is established. This legal classification may affect the statute of limitations, the jurisdiction of the court and the extent of the sentence, and is therefore often a focal point of defence strategy.
4. Am I at risk of pre-trial detention, and how long does criminal proceedings last?
Pre-trial detention is an exceptional measure and is imposed only where strict conditions are met (risk of flight, recidivism or tampering with evidence), while restrictive measures are usually ordered instead. At misdemeanor level, between the filing of the criminal complaint and the hearing before the Three-Member Misdemeanor Court, one to two years usually pass; at felony level, the case proceeds through ordinary investigation and the council of misdemeanor judges, with an overall timeframe that may reach three to five years. In cases with an international element (servers abroad, requests for judicial assistance, examination of digital media by laboratories), the duration is extended. Properly preparing a memorandum at the preliminary-investigation stage may lead to dismissal and avert referral to trial.
5. What are the chances of acquittal or dismissal?
Computer fraud cases rest almost exclusively on digital evidence, which is vulnerable to challenge. The IP connection often does not prove the identification of a specific natural user (shared network, VPN, compromised third-party computer); the log files may have been collected without securing the chain of evidence; or the requisite intent may be lacking. The principle of in dubio pro reo is triggered where reasonable doubts remain. Beyond outright acquittal, there are routes towards the conversion of a felony charge into a misdemeanor charge, the running of the statute of limitations, settlement through compensation of the damage, and the imposition of the minimum statutory penalty with suspension.
6. What is the role of the lawyer in a case under Article 386A PK?
The Law Firm ZIAMPARAS D. & ASSOCIATES undertakes the defence from the very first stage of the preliminary investigation or arrest, since initial statements determine the course of the case. The lawyer studies the case file, evaluates the digital evidence in cooperation with technical experts where required, drafts memoranda, exercises legal remedies against arrest warrants or referral orders, and represents the defendant at every level of jurisdiction. At the same time, the lawyer negotiates with the victim regarding compensation for the damage, formulates the strategy for invoking mitigating circumstances, and ensures that any procedural irregularity in the preliminary investigation is exploited to the benefit of the defence.