A Philippine Legal Article

I. Introduction

Unauthorized credit card transactions are among the most common consumer banking disputes in the Philippines. They may involve stolen cards, lost cards, phishing, account takeover, card-not-present purchases, compromised one-time passwords, unauthorized online subscriptions, skimming, fake merchants, fraudulent e-commerce charges, or transactions made after the cardholder already reported the card lost or compromised.

When a cardholder disputes a transaction, the bank may temporarily reverse the charge, investigate, deny the dispute, reinstate the charge, or refuse outright to reverse it. This refusal can create serious consequences: interest charges, finance charges, late fees, collection calls, credit bureau reporting, account suspension, and legal demands.

The legal question is not simply whether the cardholder says the charge was unauthorized. The issue is whether, under Philippine banking, consumer protection, credit card, electronic commerce, data privacy, contract, and evidence rules, the bank may validly hold the cardholder liable despite the claim of unauthorized use.

This article discusses the Philippine legal framework, cardholder rights and duties, bank responsibilities, dispute procedures, evidence, regulatory complaints, possible civil and criminal remedies, and practical steps when a bank refuses to reverse an unauthorized credit card transaction.

This is legal information, not legal advice for a specific case.

---

II. What Is an Unauthorized Credit Card Transaction?

An unauthorized credit card transaction is a charge made without the cardholder’s valid authority, consent, participation, or approval.

It may occur through:

1. Use of a lost or stolen physical card.
2. Skimming or cloning of card data.
3. Unauthorized online purchase using card details.
4. Account takeover of online banking or mobile banking.
5. Phishing, smishing, vishing, or social engineering.
6. Unauthorized use of an OTP or authentication code.
7. Fraudulent card-not-present transaction.
8. Merchant fraud.
9. Duplicate charging.
10. Overcharging.
11. Subscription or recurring charge not authorized by the cardholder.
12. Use of saved card credentials by another person.
13. Unauthorized charge after cancellation or blocking request.
14. Family member or employee misuse without authority.
15. Transaction processed despite prior cardholder report of compromise.

In practice, banks often distinguish between:

1. Fraudulent unauthorized transactions;
2. Disputed merchant transactions;
3. Billing errors;
4. Non-receipt of goods or services;
5. Subscription cancellation disputes;
6. Cardholder-authorized but regretted transactions;
7. Transactions caused by negligence or disclosure of credentials.

The legal treatment may differ depending on the category.

---

III. Common Bank Reasons for Refusing Reversal

Banks may refuse to reverse an unauthorized credit card transaction for several reasons, including:

1. The dispute was filed beyond the required period.
2. The transaction was authenticated by OTP, 3D Secure, PIN, CVV, biometrics, or app approval.
3. The bank claims the cardholder voluntarily disclosed credentials.
4. The transaction was done using the physical card and correct PIN.
5. The transaction matched the cardholder’s historical spending behavior.
6. The merchant submitted proof of transaction.
7. The bank found no evidence of compromise.
8. The cardholder failed to submit requested documents.
9. The charge was a recurring subscription previously authorized.
10. The bank classifies the matter as a merchant dispute, not fraud.
11. The transaction occurred before the cardholder reported the card lost or stolen.
12. The bank says the cardholder is liable under the card terms and conditions.
13. The cardholder allegedly delayed reporting.
14. The cardholder’s device, email, or SIM was compromised.
15. The bank says the transaction was “validly posted.”

A refusal is not automatically lawful just because the bank says so. The bank must still act in accordance with law, regulation, contract, fairness, good faith, consumer protection standards, and its own dispute procedures.

---

IV. Legal Relationship Between Bank and Credit Cardholder

A credit card relationship is governed by contract, banking regulations, consumer protection rules, card network rules, and applicable laws.

The usual documents include:

1. Credit card application form.
2. Credit card terms and conditions.
3. Statement of account.
4. Electronic banking terms.
5. Rewards and installment terms.
6. Fraud monitoring and dispute procedures.
7. Privacy notices.
8. Notices sent by SMS, email, mobile app, or mail.

The cardholder agrees to pay valid charges, fees, interest, and penalties. The bank agrees to extend credit, process transactions, send billing statements, investigate disputes, protect account security, and comply with financial consumer protection rules.

A bank cannot rely only on broad contractual language if its conduct violates law, public policy, regulatory standards, negligence principles, or consumer protection obligations.

---

V. Philippine Legal Framework

A bank refusal to reverse an unauthorized credit card charge may involve several areas of Philippine law:

1. Credit card regulations and Bangko Sentral ng Pilipinas rules.
2. Financial Products and Services Consumer Protection Act.
3. Consumer Act principles, where applicable.
4. Civil Code rules on contracts, obligations, damages, negligence, abuse of rights, and good faith.
5. Electronic Commerce Act, especially for electronic records and transactions.
6. Cybercrime Prevention Act, where hacking, phishing, identity theft, or computer fraud is involved.
7. Access Devices Regulation Act, where credit card fraud or unauthorized access devices are involved.
8. Data Privacy Act, where personal or cardholder data was mishandled.
9. Revised Penal Code, for estafa, falsification, theft, or related fraud.
10. Rules on Electronic Evidence.
11. Small claims rules or ordinary civil actions, depending on the monetary amount and remedy.
12. BSP complaint and mediation mechanisms.

The best remedy depends on whether the dispute is primarily a bank liability issue, merchant issue, fraud issue, data breach issue, debt collection issue, or criminal fraud issue.

---

VI. The Role of the Bangko Sentral ng Pilipinas

Banks and credit card issuers in the Philippines are regulated by the Bangko Sentral ng Pilipinas. BSP regulations cover consumer protection, credit card operations, disclosures, fees, collection practices, complaint handling, and responsible financial services.

A cardholder may file a complaint with the bank first. If unresolved, the cardholder may escalate to the BSP’s consumer assistance mechanism.

BSP involvement does not automatically mean the transaction will be reversed. However, it can require the bank to explain its findings, produce its basis, follow proper complaint handling, and respond within regulatory expectations.

A strong BSP complaint should include:

1. The disputed transaction details.
2. Date and time of charge.
3. Merchant name.
4. Amount.
5. Date reported to the bank.
6. Bank reference number.
7. Copies of emails, letters, and chat logs.
8. Police or cybercrime report, if any.
9. Proof that the cardholder did not authorize the transaction.
10. Evidence of bank delay, refusal, inconsistent explanation, or unfair collection.
11. Request for reversal, waiver of interest and charges, and correction of credit records.

---

VII. Financial Consumer Protection Principles

Philippine financial consumer protection rules require financial institutions to treat consumers fairly, disclose material information, handle complaints properly, and maintain appropriate controls.

In unauthorized transaction disputes, relevant principles include:

1. Fair and reasonable treatment of consumers.
2. Protection of consumer assets and information.
3. Clear disclosure of rights and responsibilities.
4. Effective dispute resolution.
5. Responsible handling of complaints.
6. Accountability for fraud risk management.
7. Proper investigation before denying liability.
8. Fair collection practices while a dispute is pending.
9. Prompt correction of errors.
10. Protection against misleading or abusive conduct.

A bank’s refusal may be legally vulnerable if it is arbitrary, unsupported, delayed, inconsistent, based on boilerplate conclusions, or contrary to its own investigation records.

---

VIII. Cardholder Duties

Cardholders also have obligations. A dispute is stronger when the cardholder can show compliance with these duties.

Common duties include:

1. Keep the card secure.
2. Keep PIN, OTP, CVV, passwords, and authentication credentials confidential.
3. Review statements promptly.
4. Report lost, stolen, compromised, or unauthorized transactions immediately.
5. Cooperate with the bank’s investigation.
6. Submit dispute forms and supporting documents.
7. Avoid giving card details to suspicious websites or callers.
8. Use updated contact information so fraud alerts are received.
9. Notify the bank of changes in mobile number, email, or address.
10. Preserve evidence.
11. File reports with law enforcement where fraud or cybercrime occurred.

Failure to report promptly may affect liability, especially for transactions before the bank was notified. However, delay does not automatically make every bank refusal valid. The facts still matter.

---

IX. Bank Duties

Banks are expected to maintain reasonable security, fraud detection, authentication, monitoring, complaint handling, and consumer protection systems.

Relevant bank duties may include:

1. Provide secure card issuance and activation.
2. Monitor unusual transactions.
3. Implement authentication controls.
4. Send transaction alerts where applicable.
5. Provide accessible channels for reporting fraud.
6. Block compromised cards promptly.
7. Investigate disputes fairly.
8. Provide a clear explanation for denial.
9. Preserve relevant logs and transaction records.
10. Coordinate with merchants, acquirers, and card networks.
11. Correct erroneous charges.
12. Avoid unfair collection while the dispute is unresolved.
13. Protect consumer data.
14. Avoid shifting all fraud risk to consumers through unfair terms.
15. Comply with regulatory timelines and complaint procedures.

The standard is not perfection. Fraud can happen despite security systems. But a bank may be liable if it failed to exercise the required diligence, ignored red flags, mishandled the complaint, or imposed liability without sufficient basis.

---

X. Unauthorized Transaction vs. Merchant Dispute

A major practical issue is classification.

A. Unauthorized Transaction

This means the cardholder did not authorize the charge at all. Examples:

1. Card was stolen and used.
2. Card details were compromised.
3. Account was hacked.
4. Cardholder never dealt with the merchant.
5. Cardholder was asleep, abroad, or unable to transact at the time.
6. Transaction was made after card had been reported lost.

B. Merchant Dispute

This means the cardholder may have authorized payment, but disputes the merchant’s performance. Examples:

1. Goods were not delivered.
2. Goods were defective.
3. Refund was promised but not processed.
4. Merchant overcharged.
5. Duplicate billing.
6. Hotel or car rental charged additional fees.
7. Subscription cancellation was ignored.

Banks may treat merchant disputes differently from fraud claims. A merchant dispute often depends on chargeback rules, merchant evidence, cancellation proof, delivery records, and service terms.

The cardholder should clearly state whether the dispute is:

1. “I never authorized this transaction”; or
2. “I authorized a transaction, but the merchant failed to perform or charged incorrectly.”

Confusing the two can weaken the complaint.

---

XI. Credit Card Chargeback

A chargeback is a process by which a card issuer disputes a transaction through the card network and merchant acquiring system.

Chargebacks may be available for:

1. Fraudulent transaction.
2. Unauthorized card-not-present transaction.
3. Non-receipt of goods or services.
4. Duplicate processing.
5. Incorrect amount.
6. Credit not processed.
7. Cancelled recurring transaction.
8. Defective or not-as-described goods.
9. Transaction after card cancellation.
10. ATM or cash advance error, depending on product.

Chargeback rules are often governed by card network rules and bank procedures. These are not always fully visible to consumers, but the bank should still explain the basis of its denial in a fair and understandable way.

A cardholder should act quickly because chargeback windows are time-sensitive.

---

XII. Provisional Credit

Some banks temporarily reverse a disputed charge while investigating. This may be called provisional credit, temporary credit, or temporary reversal.

If the bank later denies the dispute, it may reinstate the charge.

Important points:

1. Provisional credit is not always final.
2. The bank should inform the cardholder of the result.
3. If the bank reverses the provisional credit, it should explain why.
4. Interest and penalties should be disputed if the charge was genuinely unauthorized or if the bank caused delay.
5. A cardholder may still escalate after provisional credit is reversed.

The bank should not mislead the cardholder into believing a temporary reversal is final if it is still subject to investigation.

---

XIII. Reporting Deadlines

Credit card agreements often require the cardholder to report billing errors or unauthorized transactions within a specified period from statement date or transaction date.

Common issues include:

1. The cardholder did not receive the statement.
2. The transaction alert was not received.
3. The bank sent notice to an outdated number or email.
4. The transaction was hidden among many charges.
5. The cardholder discovered the fraud late.
6. The bank’s reporting channel was unavailable.
7. The bank delayed giving dispute forms.
8. The merchant posted the charge late.
9. The transaction was recurring and only later identified.

A bank may rely on late reporting, but late reporting should be assessed with the actual facts. If the bank had independent fraud indicators, failed to send alerts, failed to block after notice, or mishandled the investigation, the cardholder may still have arguments.

---

XIV. OTP, 3D Secure, and Authentication Issues

Banks often deny disputes because the transaction was authenticated with OTP, 3D Secure, app approval, biometrics, or other security measures.

Authentication evidence is important, but it is not always conclusive.

Questions to ask include:

1. Was an OTP actually generated?
2. To what mobile number or device was it sent?
3. Was the registered number changed before the transaction?
4. Was there a SIM swap?
5. Was the OTP intercepted by malware?
6. Was the cardholder deceived into giving OTP through phishing?
7. Did the bank’s message clearly identify the amount and merchant?
8. Did the OTP message warn not to share it?
9. Was the transaction consistent with normal spending?
10. Did multiple high-risk transactions occur in quick succession?
11. Did the bank ignore fraud alerts?
12. Did the bank allow transaction after cardholder report?
13. Was the device fingerprint new?
14. Was the IP address or country unusual?
15. Was the authentication method compromised because of bank-side weakness?

A bank may argue that OTP use proves authorization. A cardholder may respond that authentication does not always equal informed authorization, especially where social engineering, SIM swap, account takeover, malware, or inadequate warning is involved.

However, if the cardholder voluntarily gave OTP to a scammer despite clear warnings, the bank may argue cardholder negligence. The outcome depends heavily on facts and evidence.

---

XV. Lost or Stolen Card

When a physical card is lost or stolen, the cardholder should immediately call the bank and request blocking.

Key issues include:

1. Time the card was lost.
2. Time unauthorized transaction occurred.
3. Time the cardholder reported the loss.
4. Whether the bank blocked the card promptly.
5. Whether transactions occurred before or after report.
6. Whether PIN or signature was used.
7. Whether merchant followed proper verification.
8. Whether transaction was contactless and below verification threshold.
9. Whether multiple unusual transactions occurred.
10. Whether the bank sent real-time alerts.

Transactions after the bank received notice are generally harder for the bank to impose on the cardholder. Transactions before notice may be disputed depending on negligence, card security, transaction type, and fraud indicators.

---

XVI. Card-Not-Present Transactions

Card-not-present transactions are online, app-based, phone, mail, or manually keyed transactions where the physical card is not presented.

These are common in unauthorized credit card cases.

Evidence may include:

1. Merchant name.
2. IP address.
3. Delivery address.
4. Email used for order.
5. Device fingerprint.
6. 3D Secure result.
7. CVV entry.
8. Billing address verification.
9. Shipping records.
10. Account creation details.
11. Merchant response.
12. Proof that goods went to another person.

Card-not-present fraud may occur even when the cardholder never lost the card. Card details may be leaked through compromised merchants, phishing pages, malware, old subscriptions, or data breaches.

---

XVII. Recurring Charges and Subscriptions

Some disputes involve recurring charges. Banks may deny reversal by saying the cardholder previously authorized the subscription.

The cardholder should gather:

1. Proof of cancellation.
2. Terms of subscription.
3. Cancellation confirmation email.
4. Screenshot of account closure.
5. Prior correspondence with merchant.
6. Evidence that trial period was misleading.
7. Proof that the charge was after cancellation.
8. Bank dispute reference.

Recurring charges are often classified as merchant disputes rather than fraud, unless the cardholder never authorized the subscription at all.

If the merchant refuses to cancel, the cardholder should request the bank to block future recurring charges and replace the card if needed.

---

XVIII. Installment Transactions

Unauthorized installment transactions create added complications because the disputed amount may appear monthly.

Issues include:

1. Whether the cardholder signed or agreed to installment terms.
2. Whether the merchant converted a transaction to installment without authority.
3. Whether the bank approved installment conversion.
4. Whether the transaction was online or in-store.
5. Whether the cardholder benefited from the purchase.
6. Whether monthly billing continued after dispute.
7. Whether acceleration, pre-termination, or interest charges apply.

The cardholder should dispute both the original transaction and the future installment postings.

---

XIX. Supplementary Cards

Unauthorized transactions on supplementary cards may raise questions about who is liable.

Usually, the principal cardholder is contractually liable for supplementary card charges. But if the transaction was unauthorized, fraudulent, or outside the supplementary cardholder’s authority, the principal cardholder may still dispute.

Questions include:

1. Was the supplementary card in possession of the supplementary holder?
2. Was the transaction made by the supplementary holder?
3. Was the card lost or stolen?
4. Did the principal cardholder authorize that use?
5. Were card limits or merchant categories restricted?
6. Was the bank notified to cancel the supplementary card?
7. Did the bank continue allowing charges after cancellation request?

---

XX. Corporate or Business Credit Cards

For corporate cards, the cardholder, company, and bank agreement determine liability.

Issues include:

1. Whether the employee was authorized.
2. Whether the transaction was personal or business-related.
3. Whether the card was compromised.
4. Whether the company reported promptly.
5. Whether internal controls failed.
6. Whether the employee committed fraud.
7. Whether the bank followed corporate card procedures.
8. Whether the merchant had suspicious activity.

A company may need internal investigation, employee affidavit, IT logs, and police report.

---

XXI. Evidence Needed to Dispute the Bank’s Refusal

A cardholder challenging a refusal should organize evidence carefully.

Important evidence includes:

1. Credit card statement showing the disputed charge.
2. Screenshot of transaction alert.
3. Dispute form submitted to bank.
4. Bank acknowledgment or reference number.
5. All emails and messages with the bank.
6. Bank’s final denial letter.
7. Explanation given by the bank.
8. Police report, if filed.
9. Affidavit of unauthorized transaction.
10. Proof of card possession at the time.
11. Proof of location at the time.
12. Passport, travel records, work attendance, CCTV, or receipts showing cardholder could not have transacted.
13. Proof that card was reported lost or blocked.
14. Merchant correspondence.
15. Proof of non-delivery.
16. Proof of cancellation for subscriptions.
17. Evidence of phishing, SIM swap, or account takeover.
18. Screenshots of fraudulent websites or messages.
19. Telco report, if SIM compromise occurred.
20. Data breach notice, if any.
21. Device security report, where relevant.
22. Timeline of events.

The best complaints are chronological and evidence-based.

---

XXII. Requesting Information from the Bank

A cardholder should ask the bank to provide the basis for denial.

Possible requests:

1. Copy of charge slip or transaction record.
2. Merchant name and merchant ID.
3. Transaction date and posting date.
4. Authorization date and time.
5. Authentication method used.
6. Whether OTP was used.
7. Mobile number or channel where OTP was sent.
8. Whether 3D Secure was used.
9. IP address, device, or country information if available.
10. Merchant response to chargeback.
11. Reason code for denial.
12. Copies of documents submitted by merchant.
13. Whether transaction was chip, magstripe, contactless, keyed, or online.
14. Whether card was present.
15. Whether CVV was entered.
16. Whether transaction occurred before or after card blocking.
17. Internal complaint reference and final resolution letter.

The bank may refuse to disclose some internal or third-party data for security or privacy reasons, but it should provide enough explanation to allow meaningful review.

---

XXIII. Written Demand to the Bank

Before escalating, the cardholder may send a formal letter or email to the bank.

The letter should include:

1. Cardholder name.
2. Last four digits of card only.
3. Disputed transaction details.
4. Date of discovery.
5. Date reported.
6. Statement that the transaction was unauthorized.
7. Evidence attached.
8. Explanation why the bank’s denial is wrong.
9. Request for permanent reversal.
10. Request to waive interest, late fees, finance charges, and penalties.
11. Request to stop collection while dispute is pending.
12. Request not to report negative information to credit bureaus.
13. Request for written explanation and supporting basis.
14. Deadline for response.
15. Notice that the matter may be escalated to BSP and other authorities.

The tone should be firm, factual, and professional.

---

XXIV. Sample Demand Letter

Subject: Request for Reconsideration and Permanent Reversal of Unauthorized Credit Card Transaction

To the Bank:

I am writing to request reconsideration of your refusal to reverse the disputed credit card transaction on my account ending in [last four digits].

The disputed transaction is as follows:

• Date of transaction: [date]
• Posting date: [date]
• Merchant: [merchant]
• Amount: [amount]
• Dispute reference number: [reference number]

I did not authorize, participate in, benefit from, or consent to this transaction. I reported the matter to your bank on [date] through [channel]. I submitted the required dispute documents on [date].

Your denial states that [state bank’s reason]. I respectfully dispute this finding because [state reasons, such as the card was in my possession, I was not in the location, the transaction occurred after I reported the card compromised, no OTP was received, the merchant did not deliver goods to me, or the transaction pattern was clearly suspicious].

Attached are copies of the relevant documents, including [list annexes].

I request that the bank:

1. Permanently reverse the unauthorized charge;
2. Waive all related interest, penalties, finance charges, and late fees;
3. Suspend collection activity on the disputed amount while this matter is under review;
4. Refrain from reporting the disputed amount as delinquent to any credit bureau;
5. Provide a written explanation of the factual and technical basis for any continued denial; and
6. Provide copies or details of the transaction authentication and merchant evidence relied upon, to the extent allowed by law.

I reserve all rights to escalate this matter to the Bangko Sentral ng Pilipinas, law enforcement, and other appropriate authorities.

Respectfully, [Name]

---

XXV. Filing a Complaint with the Bank’s Consumer Assistance Unit

Banks usually have internal complaint channels. A cardholder should exhaust these before or while escalating externally.

The complaint should be filed through official channels such as:

1. Branch.
2. Hotline.
3. Email.
4. Mobile app complaint function.
5. Website form.
6. Registered mail.
7. Bank consumer assistance unit.

The cardholder should keep proof of filing:

1. Reference number.
2. Date and time.
3. Name of agent.
4. Screenshot of submission.
5. Email acknowledgment.
6. Copy of documents sent.
7. Follow-up history.

A verbal complaint is useful for immediate blocking, but written documentation is crucial for later escalation.

---

XXVI. Escalation to the BSP

If the bank refuses reversal or fails to act properly, the cardholder may escalate to the BSP’s consumer assistance channel.

The BSP complaint should be concise but complete.

Suggested structure:

1. Identify the bank.
2. Identify the product as credit card.
3. State the disputed transaction.
4. State that the transaction was unauthorized.
5. Explain when and how it was reported.
6. Summarize bank action or refusal.
7. Explain why the refusal is unreasonable.
8. Attach evidence.
9. State requested relief.

Possible requested relief:

1. Permanent reversal of the unauthorized charge.
2. Waiver of all related fees and interest.
3. Correction of billing statement.
4. Suspension of collection.
5. Correction of negative credit reporting.
6. Written explanation from the bank.
7. Review of bank’s fraud handling and consumer protection compliance.

BSP complaint mechanisms generally do not replace court actions, but they can be effective in forcing bank accountability and resolution.

---

XXVII. Police, NBI, and Cybercrime Reporting

If the transaction involved fraud, phishing, hacking, identity theft, stolen card use, or online scam activity, the cardholder may report to law enforcement.

Possible agencies include:

1. Philippine National Police Anti-Cybercrime Group.
2. National Bureau of Investigation Cybercrime Division.
3. Local police station.
4. Prosecutor’s office, where filing a criminal complaint is appropriate.

A law enforcement report helps show the bank that the cardholder is treating the transaction as criminal fraud, not merely a billing inconvenience.

The report may support:

1. Fraud investigation.
2. Merchant or recipient tracing.
3. SIM or account investigation.
4. Cybercrime preservation requests.
5. Criminal complaint against unknown persons.
6. Bank reconsideration.
7. Insurance or card network claim.

---

XXVIII. Criminal Laws Potentially Involved

Unauthorized credit card transactions may involve several crimes.

A. Access Devices Regulation Act

Credit cards are access devices. Unauthorized use, possession, production, trafficking, or fraudulent use of access devices may violate access device laws.

This may apply to:

1. Stolen card use.
2. Counterfeit or cloned cards.
3. Use of card numbers without authority.
4. Possession of card data with intent to defraud.
5. Unauthorized use of another person’s card information.
6. Fraudulent application for cards.
7. Use of access device to obtain money, goods, services, or anything of value.

B. Cybercrime Prevention Act

If the fraud involved computer systems, online banking, phishing, hacking, identity theft, or computer-related fraud, cybercrime charges may apply.

Relevant conduct may include:

1. Illegal access.
2. Computer-related fraud.
3. Computer-related identity theft.
4. Data interference.
5. Misuse of devices.
6. Cyber-related estafa or fraud.

C. Revised Penal Code

Depending on facts, the fraudster may be liable for:

1. Estafa.
2. Theft.
3. Falsification.
4. Use of falsified documents.
5. Other fraud-related offenses.

D. Data Privacy Violations

If personal data or cardholder information was unlawfully processed, disclosed, sold, leaked, or misused, Data Privacy Act issues may arise.

This may be relevant where the unauthorized transaction resulted from bank-side or merchant-side data compromise.

---

XXIX. Complaint Against the Merchant

Sometimes the bank refuses reversal because the merchant insists the transaction is valid.

The cardholder may also complain directly against the merchant if:

1. The merchant processed a transaction without authority.
2. The merchant failed to deliver goods or services.
3. The merchant ignored cancellation.
4. The merchant used misleading subscription terms.
5. The merchant refused refund despite proof.
6. The merchant accepted suspicious transactions.
7. The merchant participated in fraud.
8. The merchant misused card information.

Possible remedies include:

1. Demand for refund.
2. Complaint to DTI, where consumer goods or services are involved.
3. Complaint to platform marketplace.
4. Complaint to payment processor.
5. Civil action.
6. Criminal complaint, if fraudulent intent exists.

For foreign merchants, remedies may be harder, but card network chargeback and platform complaints may still help.

---

XXX. Data Privacy Complaint

A cardholder may consider a privacy complaint if the unauthorized transaction appears connected to mishandling of personal data.

Examples:

1. Bank or merchant leaked cardholder data.
2. Employee misused customer information.
3. Card details were exposed due to weak security.
4. Personal information was used to impersonate the cardholder.
5. Unauthorized account changes occurred.
6. Bank sent sensitive notices to wrong address or email.
7. Fraudster obtained information that should only be known to bank or merchant.
8. Bank failed to protect personal data.

A privacy complaint may seek investigation, compliance action, and appropriate remedies. It does not automatically reverse the credit card charge, but it can support the cardholder’s broader case.

---

XXXI. Debt Collection While Dispute Is Pending

One of the most distressing issues is collection activity while the cardholder disputes the charge.

Banks or collection agencies may send demand letters, call repeatedly, threaten legal action, or report delinquency.

A cardholder should write the bank and collection agency stating:

1. The amount is disputed.
2. The transaction is unauthorized.
3. A complaint is pending.
4. Collection of the disputed amount should be suspended.
5. Interest and penalties should not accrue on a fraud-disputed charge.
6. Negative credit reporting should not be made while the dispute is unresolved.
7. All communication should be in writing.

Abusive, deceptive, threatening, or harassing collection practices may be separately reportable.

---

XXXII. Negative Credit Reporting

If the bank reports the disputed amount as delinquent, the cardholder may suffer credit consequences.

The cardholder should request:

1. No negative reporting while dispute is pending.
2. Correction of any adverse report if the transaction is later found unauthorized.
3. Written confirmation that the account is under dispute.
4. Removal of penalties and delinquency history related to the disputed charge.
5. Updated statement reflecting reversal.

If negative reporting has already occurred, the cardholder may complain to the bank, credit bureau, and regulators, depending on the facts.

---

XXXIII. Interest, Finance Charges, and Late Fees

Even if the principal amount remains disputed, banks may impose:

1. Finance charges.
2. Late payment fees.
3. Overlimit fees.
4. Interest.
5. Installment acceleration charges.
6. Collection fees.
7. Annual fee complications.
8. Loss of rewards or privileges.

If the charge is unauthorized, the cardholder should demand reversal not only of the principal transaction but also all charges resulting from it.

A bank may not fairly profit from interest and penalties on a charge later shown to be unauthorized.

---

XXXIV. Should the Cardholder Pay the Disputed Amount?

This is a practical dilemma.

Paying may avoid interest, late fees, collection, or credit damage, but it may be perceived by the bank as acceptance unless clearly stated otherwise.

If the cardholder pays to avoid penalties, the payment should be accompanied by a written reservation:

“This payment is made under protest and without admission of liability, solely to avoid further charges and adverse credit consequences. I continue to dispute the transaction as unauthorized and reserve all rights to seek reversal and refund.”

Non-payment may preserve the dispute position but may trigger interest and collection. The best approach depends on the amount, urgency, bank conduct, and cardholder’s financial situation.

---

XXXV. Small Claims or Civil Action

If regulatory escalation fails, a cardholder may consider court action.

Possible civil claims include:

1. Recovery of amount paid under protest.
2. Damages for wrongful refusal to reverse.
3. Damages for negligence.
4. Damages for breach of contract.
5. Damages for bad faith.
6. Damages for unfair collection.
7. Correction of account.
8. Injunctive or other relief where appropriate.

For purely monetary claims within the applicable threshold, small claims procedure may be considered. Small claims is designed for simpler money claims and does not allow lawyers to appear for parties during hearing, subject to procedural rules.

More complex cases involving injunction, declaratory relief, damages, banking issues, data privacy, or technical evidence may require ordinary civil action.

---

XXXVI. Civil Code Bases for Bank Liability

Philippine Civil Code principles may be relevant in disputes with banks.

Possible legal theories include:

1. Breach of contract – failure to honor cardholder protections or dispute procedures.
2. Negligence – failure to exercise proper diligence in preventing or handling fraud.
3. Abuse of rights – exercising contractual rights in a manner contrary to honesty, good faith, or fairness.
4. Acts contrary to morals, good customs, or public policy.
5. Damages for bad faith.
6. Unjust enrichment, if the bank collects amounts not legally due.
7. Violation of consumer protection duties.

Banks are expected to exercise high diligence in their dealings with customers, especially because banking is imbued with public interest.

---

XXXVII. When the Bank May Have a Strong Defense

A bank may have a stronger position if evidence shows:

1. The cardholder knowingly authorized the transaction.
2. The cardholder benefited from the transaction.
3. The cardholder gave the card to another person.
4. The cardholder shared OTP, PIN, CVV, or password despite clear warnings.
5. The dispute was filed very late without reasonable explanation.
6. The merchant produced strong proof of delivery to the cardholder.
7. The transaction was recurring and never cancelled.
8. The cardholder previously paid similar charges.
9. The cardholder made inconsistent statements.
10. The fraud resulted mainly from cardholder negligence.
11. The bank blocked the card promptly after notice.
12. The bank complied with dispute procedures and provided a reasoned denial.

Even then, the bank’s defense should be evidence-based, not merely conclusory.

---

XXXVIII. When the Cardholder May Have a Strong Case

The cardholder may have a stronger case if:

1. The card was reported lost before the transaction.
2. The transaction occurred after the bank confirmed blocking.
3. The cardholder never received OTP or transaction alert.
4. The transaction was made from a foreign location while the cardholder was in the Philippines.
5. The amount and merchant were highly unusual.
6. Many suspicious transactions occurred in rapid sequence.
7. The bank failed to act on fraud alerts.
8. The merchant shipped goods to an unrelated person or address.
9. The bank cannot explain authentication.
10. The bank denied the dispute without meaningful investigation.
11. The transaction was card-not-present and unsupported by delivery proof.
12. The cardholder immediately reported the fraud.
13. There was evidence of data breach, SIM swap, phishing, or account takeover.
14. The bank continued collection despite pending dispute.
15. The bank imposed interest and charges caused solely by the disputed transaction.

---

XXXIX. Timeline of an Ideal Dispute Response

A cardholder should act in this order:

1. Immediately call the bank to block the card.
2. Ask for a reference number.
3. Note the date, time, and agent name.
4. File a written dispute.
5. Submit dispute form and affidavit if required.
6. Preserve screenshots and statements.
7. File a police or cybercrime report if fraud occurred.
8. Follow up in writing.
9. Request provisional reversal or suspension of charges.
10. Ask for written result of investigation.
11. If denied, request reconsideration.
12. Escalate to the bank’s consumer assistance unit.
13. Escalate to BSP if unresolved.
14. Complain to law enforcement, DTI, NPC, or other agencies as applicable.
15. Consider legal action if the amount and harm justify it.

---

XL. Affidavit of Unauthorized Transaction

Banks, police, prosecutors, or regulators may require an affidavit.

A useful affidavit should state:

1. The cardholder’s identity.
2. The credit card account involved.
3. The disputed transaction details.
4. That the cardholder did not authorize the transaction.
5. Whether the card was lost, stolen, or in possession.
6. Whether OTP, PIN, or password was received or shared.
7. When the cardholder discovered the transaction.
8. When the bank was notified.
9. What the bank did or refused to do.
10. What evidence supports the claim.
11. That the statement is made truthfully and voluntarily.

---

XLI. Sample Affidavit Outline

AFFIDAVIT OF UNAUTHORIZED CREDIT CARD TRANSACTION

I, [Name], of legal age, Filipino, residing at [address], after being sworn, state:

1. I am the holder of a credit card issued by [Bank], ending in [last four digits].
2. On or about [date], I discovered a transaction charged to my card in the amount of [amount] under merchant name [merchant].
3. I did not authorize, make, approve, participate in, or benefit from this transaction.
4. At the time of the transaction, [state relevant facts: the card was in my possession / the card had been lost / I was in another location / I did not receive any OTP / I had already reported the card compromised].
5. I immediately reported the unauthorized transaction to [Bank] on [date] through [channel] and was given reference number [reference number].
6. I submitted the required dispute documents on [date].
7. Despite my report, the bank refused to reverse the transaction on [date], stating [reason].
8. I respectfully dispute the bank’s finding because [reasons].
9. Attached are copies of [statement, screenshots, bank emails, police report, transaction alert, and other evidence].
10. I execute this affidavit to attest to the truth of the foregoing and to support my complaint and request for reversal.

[Signature] Affiant

Subscribed and sworn to before me on [date] at [place].

---

XLII. Bank Refusal Based on “Cardholder Negligence”

A frequent issue is whether the cardholder was negligent.

The bank may allege negligence when the cardholder:

1. Shared OTP.
2. Entered details on a phishing website.
3. Gave card information to a fake caller.
4. Failed to update contact details.
5. Lost the card but delayed reporting.
6. Allowed another person to use the card.
7. Saved card details on insecure websites.
8. Ignored transaction alerts.
9. Used weak passwords.
10. Failed to secure mobile phone or email.

The cardholder may respond:

1. The bank’s warnings were insufficient.
2. The fraudulent message impersonated the bank convincingly.
3. The bank failed to detect unusual activity.
4. The transaction was obviously suspicious.
5. The bank allowed multiple transactions after red flags.
6. The bank’s system allowed unauthorized change of contact details.
7. The fraud involved a data breach not caused by the cardholder.
8. The bank failed to block promptly after report.
9. The cardholder acted immediately upon discovery.
10. The bank has not proven causation between alleged negligence and the charge.

Negligence disputes are fact-intensive. The question is often whether the loss should fall on the consumer, bank, merchant, or fraudster.

---

XLIII. Phishing and Social Engineering

In phishing cases, the fraudster tricks the cardholder into revealing card details, OTP, login credentials, or personal information.

Banks increasingly deny these disputes by saying the cardholder voluntarily gave away credentials. But the legal analysis may be more nuanced.

Relevant questions include:

1. Was the phishing page or message impersonating the bank?
2. Did the bank previously warn about that exact scam?
3. Was the OTP message clear as to amount and merchant?
4. Did the transaction occur immediately after credentials were harvested?
5. Were there unusual login attempts?
6. Did the bank detect a new device or location?
7. Were high-risk transactions allowed without additional verification?
8. Did the cardholder promptly report?
9. Did the bank fail to stop subsequent transactions?
10. Was there a broader data compromise?

The cardholder should preserve the phishing message, URL, caller number, screenshots, and timeline.

---

XLIV. SIM Swap and Mobile Number Compromise

A SIM swap occurs when a fraudster gains control of the victim’s mobile number and receives OTPs or banking messages.

In such cases, evidence may include:

1. Telco complaint.
2. SIM replacement records.
3. Loss of signal timeline.
4. Bank OTP logs.
5. Unauthorized change of bank contact details.
6. Device login records.
7. Fraudulent transaction timeline.
8. Police or cybercrime report.

A bank refusal based only on “OTP was used” may be challenged if the OTP was sent to a compromised SIM and the bank failed to detect other risk indicators.

The telco’s role may also need investigation.

---

XLV. Unauthorized Transaction After Card Blocking

If the bank allowed a transaction after the cardholder reported the card lost, stolen, or compromised, the cardholder has a stronger argument.

The key evidence is the report:

1. Call recording reference.
2. Email report.
3. Chat transcript.
4. App blocking confirmation.
5. SMS confirmation.
6. Date and time of blocking request.
7. Date and time of transaction authorization.

If the transaction was merely posted after blocking but authorized before blocking, the bank may argue it was already approved. The distinction between transaction date, authorization date, and posting date matters.

---

XLVI. Authorization Date vs. Posting Date

Credit card statements often show posting date, which may be later than the actual authorization date.

Important dates:

1. Transaction date – when purchase occurred.
2. Authorization date/time – when the bank approved the transaction.
3. Posting date – when charge appeared on statement.
4. Dispute date – when cardholder reported.
5. Blocking date/time – when bank blocked card.
6. Chargeback date – when bank initiated dispute.
7. Final resolution date – when bank denied or approved claim.

A transaction posted after blocking may still have been authorized before blocking. The cardholder should ask for the authorization timestamp.

---

XLVII. Merchant Evidence

When a bank denies a dispute, it may rely on merchant evidence.

Merchant evidence may include:

1. Charge slip.
2. Delivery receipt.
3. IP address.
4. 3D Secure authentication result.
5. Order confirmation.
6. Account login records.
7. Shipping address.
8. Proof of service use.
9. CCTV, for in-person transactions.
10. Signature.
11. PIN verification.
12. Device information.

The cardholder should request enough information to challenge the merchant’s evidence.

Examples of challenges:

1. Signature is not cardholder’s.
2. Delivery address is unrelated.
3. Recipient is unknown.
4. IP address is foreign or suspicious.
5. Merchant account uses a different email.
6. CCTV does not show cardholder.
7. Goods or services were never received.
8. Transaction amount differs from agreed price.
9. Merchant ignored cancellation.
10. Charge slip lacks proper verification.

---

XLVIII. The Importance of a Clear Timeline

A timeline is often more persuasive than a long emotional narrative.

Sample timeline:

Date/Time	Event	Evidence
May 1, 8:10 PM	Received SMS alert for ₱45,000 transaction at Merchant X	Annex A
May 1, 8:12 PM	Called bank hotline to report unauthorized transaction	Annex B
May 1, 8:20 PM	Bank blocked card and gave reference number	Annex C
May 2	Submitted dispute form	Annex D
May 3	Filed police report	Annex E
May 20	Bank denied dispute, claiming OTP was used	Annex F
May 21	Requested OTP logs and reconsideration	Annex G

This format helps banks, regulators, and courts identify the crucial facts.

---

XLIX. Practical Annex List

A complete dispute file may include:

1. Annex A – Credit card statement.
2. Annex B – Transaction alert.
3. Annex C – Screenshot of unauthorized charge.
4. Annex D – Dispute form.
5. Annex E – Bank acknowledgment.
6. Annex F – Bank denial letter.
7. Annex G – Police or cybercrime report.
8. Annex H – Affidavit of unauthorized transaction.
9. Annex I – Proof of location.
10. Annex J – Proof of card possession.
11. Annex K – Telco report, if SIM issue.
12. Annex L – Phishing screenshots, if any.
13. Annex M – Merchant correspondence.
14. Annex N – Delivery or non-delivery proof.
15. Annex O – Follow-up emails.
16. Annex P – Collection notices.
17. Annex Q – Credit bureau dispute, if any.

---

L. When to Involve a Lawyer

A lawyer may be especially useful when:

1. The amount is large.
2. The bank has issued a final denial.
3. Collection agencies are involved.
4. The bank threatens legal action.
5. The cardholder’s credit record is affected.
6. There is possible identity theft.
7. A criminal complaint is needed.
8. The cardholder is accused of negligence or fraud.
9. There are multiple institutions involved.
10. The cardholder wants to file a civil case.
11. The case involves data privacy or cybercrime.
12. The cardholder paid under protest and seeks recovery.

A lawyer can prepare a demand letter, affidavit, BSP complaint, criminal complaint, or court filing.

---

LI. Possible Outcomes

A dispute may end in several ways:

1. Full reversal of the charge.
2. Partial reversal.
3. Reversal of principal but not fees.
4. Waiver of interest and penalties only.
5. Permanent denial by bank.
6. Settlement with merchant.
7. Refund by merchant.
8. Chargeback success.
9. Chargeback loss.
10. Bank goodwill credit.
11. Regulatory-mediated resolution.
12. Court judgment.
13. Criminal investigation against fraudster.
14. Data privacy investigation.
15. Account closure.

The cardholder should insist that any resolution be in writing and reflected in the statement of account.

---

LII. Settlement Considerations

Sometimes banks offer compromise, such as:

1. Installment payment of disputed amount.
2. Partial waiver.
3. Reversal of fees only.
4. Reduced settlement.
5. Account closure.
6. Non-reporting to credit bureau.
7. Goodwill credit.

Before accepting, the cardholder should clarify:

1. Is acceptance an admission of liability?
2. Will the dispute be closed?
3. Will negative credit reporting be removed?
4. Will collection stop?
5. Will the card account remain active?
6. Will the bank issue a certificate of full settlement?
7. Will future claims be waived?
8. Will the merchant or fraudster still be pursued?

Settlement may be practical, but it should be documented carefully.

---

LIII. Defenses Against Bank Collection Suit

If the bank sues to collect the disputed amount, the cardholder may raise defenses, depending on facts:

1. Transaction was unauthorized.
2. Bank failed to investigate properly.
3. Bank breached contract.
4. Bank was negligent.
5. Bank failed to block after notice.
6. Bank imposed unfair charges.
7. Bank relied on insufficient merchant evidence.
8. Cardholder did not benefit from transaction.
9. Fraud was caused by third-party criminal acts not attributable to cardholder.
10. Bank violated consumer protection duties.
11. Amount claimed includes improper interest, penalties, or fees.
12. Cardholder paid under protest or already settled.
13. Bank failed to prove valid authorization.

The bank must prove its claim. The cardholder should preserve all dispute records.

---

LIV. Burden of Proof

In practice, burden of proof can be complex.

The bank may rely on:

1. Statement of account.
2. Cardholder agreement.
3. Transaction authorization records.
4. Merchant documents.
5. OTP logs.
6. Card network records.
7. Account history.

The cardholder may rely on:

1. Denial under oath.
2. Immediate report.
3. Proof of impossibility or non-participation.
4. Evidence of fraud.
5. Lack of benefit.
6. Bank’s failure to explain.
7. Weakness in merchant evidence.
8. Evidence of data or system compromise.

A mere statement “I did not authorize it” may not be enough in a contested case. Strong supporting evidence improves the cardholder’s position.

---

LV. Electronic Evidence

Because credit card disputes involve electronic records, the Rules on Electronic Evidence may become relevant.

Electronic evidence may include:

1. SMS alerts.
2. Emails.
3. App notifications.
4. Screenshots.
5. Transaction logs.
6. IP logs.
7. Device logs.
8. Online order records.
9. Chat transcripts.
10. Call recordings.
11. Digital receipts.
12. Bank system records.

Electronic evidence should be authenticated. The person presenting it should be able to explain where it came from, how it was preserved, and why it is reliable.

---

LVI. Calls and Recordings

Cardholders often rely on hotline calls. The bank may have call recordings.

The cardholder should note:

1. Date and time of call.
2. Hotline number called.
3. Name or ID of agent.
4. Reference number.
5. What was reported.
6. What the agent promised.
7. Whether blocking was confirmed.
8. Whether dispute instructions were given.

If the bank refuses to acknowledge a report, these details are important. The cardholder may request retrieval of the call recording or call log.

---

LVII. Dealing with Collection Agencies

If a collection agency contacts the cardholder, respond in writing.

Suggested response:

“This amount is formally disputed as an unauthorized credit card transaction. The matter is pending with the bank and/or regulators. Please refer this account back to the bank and cease collection efforts on the disputed amount unless and until the dispute is finally resolved. Any further collection communication should be made in writing.”

Do not ignore collection letters, but do not admit liability casually.

Avoid saying:

1. “I will pay when I can,” unless settlement is intended.
2. “This is my debt,” if the amount is disputed.
3. “I forgot to pay,” if the issue is unauthorized use.
4. “I accept the charges,” unless true.

---

LVIII. Demand for Waiver of Charges

Even if the bank refuses to reverse the transaction, the cardholder may separately demand waiver of charges arising from the dispute.

This includes:

1. Interest.
2. Finance charges.
3. Late payment fees.
4. Overlimit charges.
5. Collection fees.
6. Annual fee penalties.
7. Installment penalties.
8. Credit bureau consequences.

The argument is stronger where the cardholder timely disputed the charge and the bank caused delay or failed to properly investigate.

---

LIX. Special Issue: Unauthorized Transaction by Family Member

Banks may treat family-member use differently.

If a spouse, child, sibling, helper, employee, or relative used the card without permission, the bank may argue that the cardholder failed to secure the card. The cardholder may still dispute if there was no authority, but proving lack of authorization can be harder.

Questions include:

1. Did the cardholder previously allow that person to use the card?
2. Was the card voluntarily given?
3. Was the PIN shared?
4. Was the transaction within past permission?
5. Did the cardholder benefit?
6. Was a police complaint filed against the person?
7. Did the cardholder report immediately?
8. Were there prior similar transactions?

If the cardholder is unwilling to identify or complain against the family member, the bank may be less likely to reverse.

---

LX. Special Issue: Employee or Agent Misuse

If an employee used a company or personal card without authority, the cardholder should gather:

1. Employment records.
2. Card custody policies.
3. Written authority limits.
4. Unauthorized transaction proof.
5. Internal investigation report.
6. Demand letter to employee.
7. Police report, if appropriate.
8. Proof that goods or services did not benefit the cardholder.

The bank may argue apparent authority if the cardholder entrusted the card or credentials to the employee.

---

LXI. Special Issue: Hotel, Travel, and Rental Charges

Hotels, airlines, travel agencies, and car rental companies often process delayed, pre-authorized, or incidental charges.

Disputes may involve:

1. No-show fees.
2. Cancellation fees.
3. Security deposits.
4. Damage charges.
5. Mini-bar charges.
6. Upgrade charges.
7. Foreign currency conversion.
8. Duplicate booking.
9. Failed refund.
10. Unauthorized add-ons.

These are often merchant disputes, not pure fraud. The cardholder should provide booking terms, cancellation proof, receipts, and correspondence.

---

LXII. Special Issue: Foreign Currency Transactions

Unauthorized foreign currency transactions may include conversion charges and forex differences.

The cardholder should dispute:

1. Original foreign currency amount.
2. Peso equivalent.
3. Foreign transaction service fee.
4. Currency conversion fee.
5. Interest and penalties.
6. Related charges.

If reversed, the amount may differ because of exchange rate timing. The cardholder should check whether fees were also reversed.

---

LXIII. Special Issue: Multiple Fraudulent Transactions

If multiple unauthorized transactions occurred, the cardholder should dispute each one separately and as part of a pattern.

The bank should examine:

1. First suspicious transaction.
2. Whether alerts were triggered.
3. Whether later transactions should have been blocked.
4. Velocity of transactions.
5. Merchant categories.
6. Geographic impossibility.
7. Spending pattern deviation.
8. Aggregate exposure.
9. Whether the bank delayed blocking.

Even if the bank disputes liability for the first transaction, it may be harder to justify allowing later suspicious transactions after clear red flags.

---

LXIV. Special Issue: Contactless Transactions

Contactless cards allow small transactions without PIN or signature up to certain limits.

Unauthorized contactless transactions may occur after theft or loss.

Issues include:

1. Whether transaction was below contactless limit.
2. Whether multiple contactless transactions were allowed successively.
3. Whether bank sent alerts.
4. Whether cardholder promptly reported loss.
5. Whether merchant required verification.
6. Whether transaction occurred after blocking.

Cardholders should report lost contactless cards immediately.

---

LXV. Special Issue: Cash Advance

Unauthorized cash advances can be more difficult because they often require PIN or strong authentication.

The cardholder should determine:

1. Whether ATM or over-the-counter cash advance occurred.
2. Whether PIN was used.
3. Where the cash advance occurred.
4. Whether CCTV exists.
5. Whether card was present.
6. Whether PIN was compromised.
7. Whether card was cloned.
8. Whether bank detected suspicious withdrawal.

If the cardholder never disclosed PIN and card was cloned or skimmed, the dispute may still be viable.

---

LXVI. Special Issue: Balance Conversion or Loan on Card

Some credit cards allow cash loans, balance transfer, or installment conversion.

Unauthorized conversion or loan may occur through phone banking, app, or forged documents.

Evidence should include:

1. Application record.
2. Call recording.
3. Signature or e-signature.
4. Disbursement account.
5. Destination bank account.
6. OTP or authentication logs.
7. Device used.
8. Whether proceeds benefited cardholder.

The cardholder should dispute both the loan and related interest.

---

LXVII. Duties After Discovery

Once the cardholder discovers the unauthorized transaction, they should:

1. Stop using compromised card.
2. Block card.
3. Change online banking password.
4. Change email password.
5. Check registered mobile number and email.
6. Review all recent transactions.
7. Check other bank accounts.
8. Report to bank.
9. File written dispute.
10. Preserve evidence.
11. Report to authorities if fraud or identity theft occurred.
12. Monitor future statements.
13. Request replacement card.
14. Ask bank to block recurring merchant tokens.
15. Review credit reports if available.

Prompt action strengthens credibility.

---

LXVIII. What Not to Do

Cardholders should avoid:

1. Ignoring the statement.
2. Waiting months to dispute.
3. Deleting phishing messages.
4. Throwing away card or SIM evidence.
5. Admitting liability casually.
6. Paying without reservation if disputing.
7. Filing a false police report.
8. Altering screenshots.
9. Submitting incomplete dispute forms.
10. Refusing to cooperate with investigation.
11. Posting accusations online without evidence.
12. Sharing full card number in unsecured emails.
13. Sending CVV, OTP, or passwords to anyone.
14. Threatening bank staff.
15. Relying only on phone calls without written follow-up.

---

LXIX. Practical Complaint Package

A strong complaint package should contain:

1. Cover letter.
2. Timeline.
3. Disputed transaction table.
4. Affidavit.
5. Credit card statement.
6. Bank dispute form.
7. Bank correspondence.
8. Denial letter.
9. Evidence disproving authorization.
10. Police or cybercrime report.
11. Merchant correspondence.
12. Telco or data compromise evidence.
13. Demand for reversal and waiver.
14. Demand to stop collection and credit reporting.
15. Contact details for follow-up.

---

LXX. Sample Disputed Transaction Table

No.	Transaction Date	Posting Date	Merchant	Amount	Reason for Dispute
1	[date]	[date]	[merchant]	₱[amount]	Unauthorized; cardholder did not transact
2	[date]	[date]	[merchant]	₱[amount]	Unauthorized; no OTP received
3	[date]	[date]	[merchant]	₱[amount]	Unauthorized; transaction after blocking report

---

LXXI. Remedies Summary

A cardholder may pursue one or more of the following:

1. Internal bank dispute.
2. Request for reconsideration.
3. Chargeback request.
4. Complaint to bank consumer assistance unit.
5. Complaint to BSP.
6. Complaint to merchant or platform.
7. Complaint to DTI for consumer transaction issues.
8. Police or cybercrime report.
9. NBI cybercrime complaint.
10. Data privacy complaint.
11. Demand letter through counsel.
12. Small claims case.
13. Ordinary civil action.
14. Criminal complaint against fraudster.
15. Credit bureau correction request.
16. Settlement with reservation of rights.

---

LXXII. Frequently Asked Questions

1. Can the bank refuse to reverse an unauthorized credit card transaction?

Yes, the bank may deny a dispute if it finds the transaction valid or the cardholder liable. But the refusal must be based on a fair investigation, evidence, contract, regulation, and law. A denial can be challenged.

2. Is OTP proof that I authorized the transaction?

It is strong evidence for the bank, but not always conclusive. OTP may be compromised through phishing, SIM swap, malware, or account takeover. The facts matter.

3. What if I accidentally gave my OTP to a scammer?

The bank may allege negligence. You may still argue based on fraud circumstances, bank warnings, transaction monitoring, unusual activity, and prompt reporting. The outcome is fact-specific.

4. What if I did not report within the bank’s deadline?

Late reporting weakens the dispute, but it does not automatically defeat every claim. Consider whether you received statements or alerts, when you discovered the fraud, and whether the bank or merchant had independent responsibility.

5. Should I file a police report?

For fraud, hacking, stolen card use, identity theft, or phishing, a police or cybercrime report is usually helpful.

6. Can the bank charge interest while the transaction is disputed?

Banks may attempt to do so, but the cardholder should request suspension or waiver of charges related to a disputed unauthorized transaction.

7. Can the bank send my account to collection?

It may happen, but the cardholder should formally notify the bank and collector that the amount is disputed and request suspension of collection on the disputed amount.

8. Can I complain to BSP?

Yes. If the bank fails to resolve the matter, refuses reversal without sufficient explanation, or mishandles the complaint, escalation to BSP is a common remedy.

9. Can I sue the bank?

Yes, depending on the facts, amount, evidence, and harm suffered. Possible claims may include breach of contract, negligence, damages, or recovery of amounts wrongfully collected.

10. Can I sue the merchant instead?

Yes, if the merchant caused or participated in the wrongful charge, failed to deliver, refused a refund, or processed an unauthorized transaction.

11. What if the transaction was made by a relative?

You may still dispute unauthorized use, but the bank may question card security and prior authority. Evidence and willingness to treat the act as unauthorized are important.

12. What if the bank says the transaction was “validly posted”?

Posting only means the charge entered the billing system. It does not necessarily prove that the cardholder authorized it.

13. What if the bank refuses to give me details?

Ask for a written explanation and the basis of denial. If the bank still refuses meaningful information, raise that issue in your BSP complaint or legal demand.

14. What if I already paid?

You may still seek refund or reversal, especially if you paid under protest. Put your reservation of rights in writing.

15. What if the bank closed my card?

Card closure does not necessarily end the dispute. Ask for written statement of remaining balance, disputed amount, fees, and credit reporting status.

---

LXXIII. Key Legal Principles

Several principles guide unauthorized credit card disputes:

1. A cardholder is liable for valid and authorized charges, not automatically for every posted charge.
2. A bank must investigate disputes fairly and reasonably.
3. Authentication evidence matters, but it is not always conclusive.
4. Cardholder negligence can affect liability.
5. Bank negligence can also affect liability.
6. Prompt reporting is critical.
7. Written documentation is stronger than phone conversations alone.
8. Merchant evidence should be tested, not blindly accepted.
9. Interest, penalties, and credit reporting should be challenged when based on a disputed unauthorized charge.
10. Regulatory complaints can pressure banks to justify their refusal.
11. Criminal fraud by a third party does not automatically settle who bears the loss between bank and cardholder.
12. The outcome depends on facts, contract, evidence, timing, and applicable regulations.

---

LXXIV. Conclusion

A bank’s refusal to reverse an unauthorized credit card transaction is not the end of the matter. In the Philippines, cardholders have remedies through internal bank dispute channels, chargeback procedures, BSP consumer assistance, law enforcement, data privacy complaints, merchant complaints, and court actions.

The strongest response is immediate, written, organized, and evidence-driven. The cardholder should block the card, preserve proof, file a formal dispute, demand the basis for denial, request waiver of charges, stop improper collection, escalate to regulators when necessary, and consider legal action for serious losses.

Banks may deny disputes where the transaction appears authenticated, reported late, or caused by cardholder negligence. But banks also have duties to maintain secure systems, monitor fraud, handle complaints fairly, explain denials, protect consumer data, and avoid unfair collection.

In unauthorized credit card transaction cases, the central question is not merely whether the charge appeared on the statement. The real question is whether the bank can lawfully and fairly hold the cardholder liable despite the evidence of unauthorized use.