Credit Card Scam Complaint and Bank Fraud Investigation

A Philippine Legal Article

Credit card scams are among the most common consumer fraud problems in the Philippines. They may involve unauthorized card-not-present transactions, phishing, fake bank calls, stolen one-time passwords, card skimming, identity theft, fraudulent online purchases, account takeover, fake delivery links, SIM-related fraud, and social engineering.

When a cardholder discovers suspicious transactions, the matter is not merely a customer-service issue. It may involve contractual obligations between the bank and cardholder, consumer protection rules, banking regulations, cybercrime laws, data privacy issues, evidence preservation, and possible criminal prosecution.

The central questions are usually:

  1. Was the transaction authorized?
  2. How did the fraud occur?
  3. Did the cardholder exercise reasonable care?
  4. Did the bank’s systems, controls, or investigation comply with applicable standards?
  5. Who bears the loss?
  6. What remedies are available to the cardholder?

I. Common Credit Card Scam Scenarios

Credit card fraud can occur in many ways.

1. Phishing

The cardholder receives a fake email, SMS, or message pretending to come from a bank, payment platform, courier, e-wallet, or government agency. The link leads to a fake website where the victim enters card details, online banking credentials, or an OTP.

2. Vishing or Fake Bank Call

A scammer calls the cardholder pretending to be from the bank’s fraud department. The scammer may say that the account is compromised, that a card replacement is needed, or that a transaction must be blocked. The victim is tricked into revealing OTPs, card details, CVV, or login credentials.

3. Smishing

A fraudulent SMS contains a link to a fake banking or delivery website. It may claim that the card is suspended, a parcel is pending, reward points are expiring, or a fee must be paid.

4. Card-Not-Present Fraud

The physical card was not used, but the card details were entered online. This can happen after a data breach, phishing incident, malware infection, or compromise of merchant systems.

5. Card Skimming

Card details are copied through a skimming device installed on an ATM, point-of-sale terminal, gas station terminal, or compromised merchant device.

6. Account Takeover

The scammer gains access to the cardholder’s bank app, online account, email, phone number, or registered mobile device and performs transactions or changes security settings.

7. Lost or Stolen Card Use

A physical card is lost or stolen and used before the cardholder reports it.

8. SIM Swap or Mobile Number Hijacking

The scammer gains control of the cardholder’s mobile number and receives OTPs or banking alerts.

9. Fake Merchant or Investment Scam

The cardholder knowingly inputs card details into a merchant site, but the merchant is fraudulent. This can blur the line between unauthorized transaction and authorized-but-scammed payment.

10. Friendly Fraud or Disputed Authorized Transaction

A cardholder disputes a transaction that was actually authorized, usually because of buyer’s remorse, family use, merchant dispute, or failure to recognize the billing descriptor. Banks investigate these carefully.

II. Immediate Steps After Discovering Fraud

A cardholder should act quickly. Delay can affect liability, evidence, and recovery.

1. Call the Bank Immediately

The cardholder should contact the bank’s official hotline or in-app support and request:

  • Immediate blocking of the card;
  • Disabling of online transactions, if needed;
  • Replacement card;
  • Fraud case reference number;
  • Temporary reversal or dispute filing;
  • Copy of disputed transaction details;
  • Written confirmation of the report.

The cardholder should not rely on phone numbers from suspicious SMS or emails.

2. File a Written Dispute

A written complaint should be submitted through official bank channels. The complaint should identify:

  • Cardholder’s name;
  • Card number, usually masked;
  • Date and time fraud was discovered;
  • Disputed transactions;
  • Amounts;
  • Merchant names;
  • Why the transactions are unauthorized;
  • Whether the card was in the cardholder’s possession;
  • Whether any OTP was received or shared;
  • Whether any phishing link was clicked;
  • Whether the cardholder received fraud alerts;
  • Request for reversal and investigation.

3. Preserve Evidence

The cardholder should save:

  • SMS alerts;
  • Email notifications;
  • Screenshots of unauthorized charges;
  • Bank app screenshots;
  • Fraudulent links;
  • Caller numbers;
  • Chat messages;
  • Receipts or lack of receipts;
  • Timeline of events;
  • Complaint reference numbers;
  • Names of bank representatives spoken to;
  • Police or cybercrime report, if filed.

Do not delete scam messages, even if embarrassing. They may be crucial evidence.

4. Change Passwords and Secure Accounts

The cardholder should change passwords for:

  • Bank app;
  • Email;
  • E-wallets;
  • Shopping accounts;
  • Social media accounts;
  • Cloud storage;
  • Telecom account.

Enable multi-factor authentication where available.

5. Report to Authorities

Depending on the facts, the cardholder may report to:

  • The bank’s fraud department;
  • Bangko Sentral ng Pilipinas consumer assistance channels;
  • Philippine National Police Anti-Cybercrime Group;
  • National Bureau of Investigation Cybercrime Division;
  • National Privacy Commission, if personal data compromise is involved;
  • Local police, especially for documentation.

III. Legal Framework in the Philippines

Credit card scam complaints may involve several areas of law.

1. Banking and BSP Regulations

Banks and credit card issuers are regulated by the Bangko Sentral ng Pilipinas. They are expected to implement consumer protection standards, risk controls, dispute handling mechanisms, cybersecurity measures, fraud monitoring, and fair treatment of financial consumers.

2. Financial Products and Services Consumer Protection

Financial institutions must generally observe fair treatment, disclosure, effective recourse, responsible business conduct, and protection of consumer assets and data.

A bank’s response to a fraud complaint may be reviewed in light of whether it handled the complaint fairly, promptly, and based on evidence.

3. Cybercrime Prevention Act

Online credit card fraud may involve cybercrime offenses, especially where information systems, unauthorized access, computer-related fraud, identity theft, or misuse of data are involved.

4. Access Devices Regulation

Credit cards are access devices. Unauthorized use, possession, trafficking, or fraudulent use of access devices may give rise to criminal liability.

5. Data Privacy Act

If personal information, card details, account credentials, or identity data were compromised, the Data Privacy Act may become relevant. A bank, merchant, processor, or third party may have obligations relating to security, breach management, and lawful processing.

6. Civil Code

Civil liability may arise from negligence, breach of obligation, abuse of rights, unjust enrichment, damages, or quasi-delict.

7. Revised Penal Code

Depending on the facts, fraud may involve estafa, falsification, theft, or related crimes.

8. Contracts and Card Terms

The credit card agreement is important. It usually contains provisions on:

  • Cardholder duties;
  • Lost card reporting;
  • OTP confidentiality;
  • Billing disputes;
  • Chargeback rules;
  • Liability for unauthorized use;
  • Minimum payment obligations;
  • Finance charges;
  • Investigation timelines;
  • Effect of provisional credits;
  • Exclusions and limitations.

However, contract terms are not absolute. They may be interpreted in light of consumer protection, banking standards, fairness, and evidence.

IV. Unauthorized Transaction vs. Authorized Scam Payment

A major issue is whether the transaction was unauthorized or whether the cardholder authorized it but was deceived.

Unauthorized Transaction

This may include cases where:

  • The cardholder never entered card details;
  • The cardholder did not make the purchase;
  • The card was in the cardholder’s possession;
  • No OTP was received or used by the cardholder;
  • The card was skimmed;
  • Card details were compromised elsewhere;
  • The merchant is unknown;
  • The location or pattern is suspicious.

In these cases, the cardholder may argue that the bank should reverse the charge unless it proves proper authentication and cardholder participation.

Authorized but Fraud-Induced Transaction

This may include cases where:

  • The cardholder entered card details on a fraudulent website;
  • The cardholder shared OTP with a scammer;
  • The cardholder was tricked into approving a transaction;
  • The cardholder purchased from a fake seller;
  • The cardholder knowingly sent payment but later discovered the merchant was fraudulent.

Banks often treat these differently. They may argue that the cardholder authorized the transaction, even if induced by fraud. The cardholder may still have remedies against the scammer or merchant, but recovery from the bank may be harder.

However, this does not automatically end the inquiry. The bank’s fraud monitoring, authentication design, warning systems, dispute process, and transaction controls may still be examined.

V. The Role of OTPs

One-time passwords are central to many Philippine banking fraud cases.

Banks often argue that use of a correct OTP proves authorization. Cardholders often argue that OTP use does not necessarily prove valid consent, especially where the OTP was obtained through deception, interception, SIM swap, malware, or misleading transaction prompts.

Important questions include:

  • Was an OTP required?
  • Was the OTP sent to the registered number?
  • Did the message clearly identify the amount, merchant, and purpose?
  • Was the OTP entered by the cardholder?
  • Was the OTP shared with anyone?
  • Was the OTP intercepted?
  • Was there a SIM swap?
  • Was the transaction pattern unusual?
  • Did the bank send fraud alerts?
  • Did the bank block suspicious activity?
  • Did the cardholder report promptly?

A cardholder should be truthful. Denying OTP disclosure when messages show otherwise can damage credibility. But sharing an OTP due to sophisticated fraud does not necessarily mean the bank investigation should be superficial.

VI. Bank Fraud Investigation: What the Bank Should Examine

A proper bank fraud investigation should not merely state, “OTP was used” or “transaction was valid.”

It should review:

  1. Transaction date and time;
  2. Merchant name and category;
  3. Authorization method;
  4. IP address or device fingerprint, where available;
  5. Whether 3D Secure or OTP was used;
  6. Whether the transaction matched prior spending behavior;
  7. Whether there were velocity triggers or multiple attempts;
  8. Whether the cardholder was notified;
  9. Whether the card was present or card-not-present;
  10. Whether the transaction was domestic or foreign;
  11. Whether prior fraud alerts were triggered;
  12. Whether the merchant has a fraud history;
  13. Whether chargeback rights exist;
  14. Whether the cardholder reported promptly;
  15. Whether the cardholder’s mobile number or email was changed;
  16. Whether there were failed login attempts;
  17. Whether the bank’s system flagged the transaction;
  18. Whether the merchant fulfilled any goods or services;
  19. Whether a refund, reversal, or chargeback can be pursued;
  20. Whether there was contributory negligence by either party.

A bare denial without explanation may be challenged as inadequate.

VII. What the Cardholder Should Request from the Bank

The cardholder may request the bank to provide or confirm:

  • Fraud case reference number;
  • Complete list of disputed transactions;
  • Merchant names;
  • Authorization method used;
  • Whether OTP or 3D Secure was used;
  • Date and time of OTP transmission;
  • Mobile number or channel where OTP was sent;
  • Whether fraud alerts were triggered;
  • Whether chargeback was filed;
  • Reason for denial, if denied;
  • Copy of investigation result;
  • Applicable card agreement provisions relied upon;
  • Whether provisional credit is available;
  • Whether finance charges and penalties will be suspended during investigation.

Banks may not disclose all internal security logs, but they should provide enough explanation to allow the consumer to understand the basis of the decision.

VIII. Chargeback and Card Network Rules

Credit card disputes may involve chargeback procedures under card network rules, such as Visa, Mastercard, JCB, or others.

A chargeback is a process where the card issuer disputes a transaction with the acquiring bank or merchant. It may apply in cases such as:

  • Unauthorized transaction;
  • Goods or services not received;
  • Duplicate billing;
  • Incorrect amount;
  • Canceled transaction still charged;
  • Refund not processed;
  • Fraudulent merchant;
  • Non-recognition of transaction.

Chargeback rights are time-sensitive. Cardholders should file disputes promptly.

A bank should not delay action until deadlines are missed. If the cardholder reported on time but the bank failed to process the dispute properly, that may be relevant to liability.

IX. The Complaint Letter

A strong complaint letter should be factual, chronological, and specific.

It should include:

  1. Cardholder details;
  2. Card type and masked card number;
  3. Date fraud was discovered;
  4. Date the bank was notified;
  5. Reference numbers;
  6. List of disputed transactions;
  7. Statement that the transactions were unauthorized;
  8. Whether card was in possession;
  9. Whether OTP was received, not received, or fraudulently obtained;
  10. Steps taken to secure the account;
  11. Request for reversal;
  12. Request to suspend finance charges and penalties;
  13. Request for written investigation report;
  14. Reservation of rights.

Avoid emotional accusations unsupported by facts. The goal is to create a clear record.

X. Sample Credit Card Fraud Complaint to Bank

Date: __________

To: Fraud Investigation Department [Name of Bank / Credit Card Issuer] [Address / Email]

Subject: Formal Complaint and Dispute of Unauthorized Credit Card Transactions

Dear Sir/Madam:

I am writing to formally dispute unauthorized transactions charged to my credit card account.

Cardholder Name: [Name] Credit Card Number: [Masked number, e.g., XXXX-XXXX-XXXX-1234] Contact Number: [Number] Email Address: [Email] Fraud Report Reference No.: [Reference number, if any]

I discovered the unauthorized transactions on [date and time]. I immediately reported the matter to your hotline/customer service on [date and time], requested that my card be blocked, and asked that a fraud investigation be opened.

The disputed transactions are as follows:

  1. Date/Time: __________ Merchant: __________ Amount: ₱__________

  2. Date/Time: __________ Merchant: __________ Amount: ₱__________

  3. Date/Time: __________ Merchant: __________ Amount: ₱__________

I did not authorize, participate in, or benefit from the above transactions. At the time of the transactions, my card was [in my possession / lost / not used by me / other relevant fact]. I request that these charges be reversed and that any finance charges, penalties, or fees arising from them be suspended while the investigation is pending.

I also request written confirmation of the following:

  1. The status of my fraud dispute;
  2. The authentication method allegedly used for each transaction;
  3. Whether OTP, 3D Secure, or other verification was used;
  4. Whether a chargeback has been initiated;
  5. The basis of any decision regarding my liability;
  6. The expected timeline for resolution.

I reserve all rights and remedies under applicable law, banking regulations, consumer protection rules, and my cardholder agreement.

Thank you.

Respectfully,

[Name] [Signature]

XI. Sample Follow-Up Letter After Bank Denial

Date: __________

To: Fraud Investigation Department / Customer Assistance Office [Name of Bank]

Subject: Request for Reconsideration of Denial of Credit Card Fraud Dispute

Dear Sir/Madam:

I refer to your decision dated [date] denying my dispute regarding unauthorized credit card transactions under Case Reference No. [reference number].

I respectfully request reconsideration.

The denial does not adequately address the circumstances of the disputed transactions, including:

  1. The fact that I did not authorize or benefit from the transactions;
  2. The unusual nature, amount, timing, or merchant involved;
  3. The promptness of my report to the bank;
  4. The absence of a clear explanation of the authentication and fraud review performed;
  5. The need to determine whether chargeback remedies were timely pursued;
  6. The need to suspend penalties and finance charges while the dispute remains unresolved.

Please provide a written investigation report or explanation identifying the specific basis for holding me liable, including whether OTP, 3D Secure, device authentication, or other verification was used for each disputed transaction.

I reserve my right to elevate this matter to the appropriate regulatory and law enforcement authorities.

Respectfully,

[Name] [Signature]

XII. Complaint to the Bangko Sentral ng Pilipinas

If the bank fails to respond, unreasonably delays, or denies the dispute without adequate basis, the cardholder may elevate the matter to the BSP’s consumer assistance mechanism.

Before escalation, the cardholder should usually have:

  • Filed a complaint with the bank;
  • Received a final response, or experienced unreasonable delay;
  • Preserved complaint reference numbers;
  • Gathered evidence.

The BSP may require:

  • Complaint letter;
  • Bank’s reply;
  • Transaction details;
  • Screenshots;
  • Proof of reporting;
  • Identification documents;
  • Other supporting records.

The BSP does not automatically reverse charges. It reviews the financial institution’s handling of the complaint, compliance with regulations, and consumer protection obligations.

XIII. Criminal Complaint

Credit card scams may justify a criminal complaint, especially if the scammer is identifiable or there is evidence of phishing, unauthorized access, identity theft, or fraud.

Possible evidence includes:

  • Scam messages;
  • Phone numbers;
  • Bank accounts receiving funds;
  • Merchant accounts;
  • IP addresses, if obtainable;
  • Email headers;
  • Delivery addresses;
  • CCTV footage;
  • Social media profiles;
  • Screenshots of fake websites;
  • Receipts or transaction confirmations.

The complaint may be filed with cybercrime authorities or prosecutors, depending on the facts.

However, criminal investigation is separate from the bank’s civil or consumer dispute process. The bank should not necessarily refuse to investigate merely because a police report is pending.

XIV. Data Privacy Complaint

A data privacy issue may arise if the fraud appears connected to:

  • Leakage of personal information;
  • Unauthorized processing of cardholder data;
  • Compromise of bank, merchant, or processor systems;
  • SIM swap involving personal data misuse;
  • Unauthorized access to account information;
  • Failure to protect personal data.

A complaint may be considered if there is reason to believe that a personal information controller or processor failed to protect data or respond properly to a breach.

XV. Bank Liability: When May the Bank Be Responsible?

A bank may be challenged if:

  • It failed to implement reasonable security measures;
  • It ignored obvious fraud indicators;
  • It approved unusual transactions without proper verification;
  • It failed to send timely alerts;
  • It delayed blocking the card after report;
  • It failed to process a chargeback despite timely notice;
  • It imposed finance charges while investigation was pending;
  • It issued a conclusory denial;
  • It relied solely on OTP use despite evidence of fraud;
  • Its employee participated in or facilitated the fraud;
  • Its systems were compromised;
  • It failed to provide fair and effective complaint handling.

Banks are not insurers against every scam, but they are expected to maintain reasonable systems and handle complaints fairly.

XVI. Cardholder Liability: When May the Cardholder Be Responsible?

A cardholder may be held liable, in whole or in part, if:

  • The cardholder shared OTPs or passwords;
  • The cardholder delayed reporting loss or fraud;
  • The cardholder gave card details to a suspicious site;
  • The cardholder allowed another person to use the card;
  • The cardholder failed to secure the physical card;
  • The cardholder ignored bank warnings;
  • The transaction was actually authorized;
  • The cardholder benefited from the transaction;
  • The dispute was filed beyond applicable deadlines;
  • The cardholder made false statements during investigation.

Even then, liability should be based on evidence, not assumptions.

XVII. The Importance of Timeline

A fraud case often turns on timing.

The cardholder should prepare a timeline showing:

  • When the suspicious message, call, or event occurred;
  • When the unauthorized transaction happened;
  • When SMS or email alerts were received;
  • When the cardholder noticed the transaction;
  • When the bank was called;
  • When the card was blocked;
  • When written complaint was filed;
  • When the bank responded;
  • When reconsideration was requested.

Prompt reporting strengthens the cardholder’s position.

XVIII. Evidence Checklist

A cardholder should organize evidence in a single file.

Useful evidence includes:

  • Statement of account;
  • Screenshots of disputed transactions;
  • SMS transaction alerts;
  • OTP messages;
  • Fraudulent SMS or email;
  • Call logs;
  • Screenshots of fake websites;
  • Bank complaint reference number;
  • Email complaint to bank;
  • Bank reply;
  • Police or cybercrime report;
  • Valid ID;
  • Proof of card possession;
  • Travel records, if location is relevant;
  • Affidavit of unauthorized transaction;
  • Affidavit of non-participation;
  • Proof of no delivery or benefit from merchant.

XIX. Affidavit of Unauthorized Credit Card Transaction

Banks or authorities may require an affidavit.

The affidavit should be truthful and specific. It may state:

  • Identity of cardholder;
  • Card details, usually masked;
  • Disputed transactions;
  • Non-authorization;
  • Whether the card was in possession;
  • Whether OTP was received or shared;
  • Date and time of report to bank;
  • Request for investigation.

Sample Affidavit

REPUBLIC OF THE PHILIPPINES ) CITY/MUNICIPALITY OF ______ ) S.S.

AFFIDAVIT OF UNAUTHORIZED CREDIT CARD TRANSACTION

I, [FULL NAME], Filipino, of legal age, [civil status], and residing at [complete address], after being duly sworn, state:

  1. I am the holder of a credit card issued by [Name of Bank], with card number ending in [last four digits];

  2. On or about [date], I discovered unauthorized transaction/s charged to my credit card account, as follows:

    a. Date/Time: __________ Merchant: __________ Amount: ₱__________

    b. Date/Time: __________ Merchant: __________ Amount: ₱__________

  3. I did not authorize, approve, participate in, or benefit from the said transaction/s;

  4. At the time of the transaction/s, my credit card was [in my possession / lost / stolen / other explanation];

  5. I [did not receive any OTP / received an OTP but did not use or share it / received suspicious messages or calls as follows: ______];

  6. Upon discovering the unauthorized transaction/s, I immediately reported the matter to [Name of Bank] on [date and time] through [hotline/email/branch/app], and I was given Reference No. [reference number];

  7. I requested that the card be blocked and that a fraud investigation be conducted;

  8. I am executing this Affidavit to attest to the truth of the foregoing and to support my complaint, dispute, and request for reversal of the unauthorized transaction/s.

IN WITNESS WHEREOF, I have signed this Affidavit on this ___ day of __________ 20___ at __________________, Philippines.

[Signature] [Full Name of Affiant]

SUBSCRIBED AND SWORN to before me this ___ day of __________ 20___ at __________________, Philippines, affiant exhibiting competent evidence of identity:

ID: __________________ ID No.: ______________

Notary Public

XX. Should the Cardholder Continue Paying the Bill?

This is a practical and legal issue.

If the disputed amount appears in the statement, the cardholder should ask the bank in writing to suspend payment obligation, finance charges, late fees, and negative credit reporting for the disputed amount while the investigation is ongoing.

For undisputed amounts, the cardholder should consider paying them to avoid delinquency.

If the cardholder refuses to pay the entire bill, the bank may impose charges or report delinquency. If the cardholder pays the disputed amount, the payment should be made under protest.

Sample Payment Under Protest Notice

Date: __________

To: [Name of Bank]

Subject: Payment Under Protest of Disputed Credit Card Charges

Dear Sir/Madam:

I am paying the amount of ₱__________ under protest and without admitting liability for the disputed credit card transactions under Case Reference No. [reference number].

This payment is made solely to avoid additional charges, collection action, or adverse credit consequences while my fraud dispute remains unresolved.

I reserve my right to seek reversal, refund, damages, regulatory relief, and all other remedies available under law.

Respectfully,

[Name]

XXI. Collection Calls During Pending Fraud Investigation

Banks and collection agencies should not harass cardholders. If the disputed amount is under investigation, the cardholder should inform the collector in writing and provide the fraud reference number.

Improper collection conduct may include:

  • Threats;
  • Harassment;
  • Repeated calls at unreasonable hours;
  • Disclosure of debt to third parties;
  • False legal threats;
  • Humiliating language;
  • Misrepresentation;
  • Ignoring the pending dispute.

The cardholder may complain to the bank and appropriate regulators if collection becomes abusive.

XXII. If the Bank Says “OTP Was Used, Therefore You Are Liable”

This is a common denial ground.

The cardholder may respond:

  • OTP use does not automatically prove informed consent;
  • The bank should show the transaction details tied to the OTP;
  • The bank should prove the OTP message clearly identified the merchant and amount;
  • The bank should consider whether phishing, vishing, SIM swap, malware, or social engineering occurred;
  • The bank should review whether fraud monitoring should have flagged the transaction;
  • The bank should explain whether chargeback was available;
  • The bank should identify what evidence supports cardholder authorization.

The strength of this argument depends on the facts. If the cardholder voluntarily gave the OTP to a scammer, the bank may rely on cardholder negligence. But even then, the bank must still conduct a fair investigation.

XXIII. If the Bank Says the Transaction Was “Validly Authenticated”

A transaction may be technically authenticated but still disputed.

Questions to ask:

  • Was the authentication tied to the specific transaction?
  • Was the OTP sent to the correct number?
  • Was the customer warned not to share OTPs?
  • Did the OTP message contain the amount and merchant?
  • Was the merchant suspicious?
  • Was the transaction unusually large?
  • Were there multiple transactions in rapid succession?
  • Did the bank’s system trigger any fraud alert?
  • Was the cardholder contacted for verification?
  • Was the card blocked after unusual activity?
  • Was the transaction challenged through chargeback?

A valid authentication log is strong evidence, but it is not the only evidence.

XXIV. If the Bank Delays Investigation

A delay may prejudice the cardholder. Chargeback deadlines may lapse, fraudsters may withdraw funds, and finance charges may accumulate.

The cardholder should send written follow-ups and ask:

  • What is the case status?
  • Has chargeback been filed?
  • Are charges and penalties suspended?
  • What documents are still needed?
  • When will a written decision be issued?

If the bank repeatedly fails to respond, escalation may be appropriate.

XXV. If the Scam Involves an Online Merchant

Where the dispute involves a merchant, the cardholder should also gather:

  • Order confirmation;
  • Merchant website;
  • Product description;
  • Proof of non-delivery;
  • Cancellation request;
  • Merchant emails;
  • Refund request;
  • Tracking number;
  • Screenshots of misleading advertisement;
  • Proof that merchant is unreachable.

A cardholder may have a chargeback claim even if the transaction was not strictly unauthorized, particularly where goods or services were not delivered or were materially misrepresented.

XXVI. If the Scam Involves a Bank Employee or Insider

If the cardholder suspects insider involvement, the complaint should be escalated immediately.

Warning signs include:

  • Scammer knows confidential account information;
  • Scam call occurs shortly after a bank transaction;
  • Internal account details are known;
  • Fraud follows card replacement or branch visit;
  • Unauthorized changes were made to contact details;
  • Bank employee discouraged formal reporting;
  • Multiple customers report similar incidents.

The cardholder should request an internal investigation and consider reporting to regulators or law enforcement.

XXVII. If the Fraud Involves a Lost or Stolen Card

Cardholder liability may depend on when the loss was reported and whether transactions occurred before or after reporting.

The cardholder should document:

  • When the card was last seen;
  • When it was discovered missing;
  • When the bank was notified;
  • Transactions before notification;
  • Transactions after notification;
  • Whether the card had contactless capability;
  • Whether PIN or signature was used;
  • Whether CCTV or merchant records exist.

After a card is reported lost and blocked, later transactions should generally be more difficult for the bank to charge to the cardholder.

XXVIII. If the Fraud Involves Supplementary Cards

A principal cardholder may be liable for supplementary card transactions under the card agreement. But if the supplementary card was compromised or used fraudulently, the same dispute process should be followed.

The complaint should clarify:

  • Whether the transaction was on the principal or supplementary card;
  • Who possessed the card;
  • Whether the supplementary cardholder authorized the transaction;
  • Whether the card was lost, stolen, or compromised.

XXIX. If the Fraud Involves Family Members

Disputes involving family members are sensitive. Banks may treat transactions by authorized users, household members, or persons given access to the card as the cardholder’s responsibility.

If the card was used without permission by a relative, the cardholder should be prepared to state facts clearly. The bank may require an affidavit or police report, especially if the cardholder claims theft or unauthorized use by a known person.

XXX. Civil Remedies Against the Scammer or Merchant

If the scammer is identifiable, the cardholder may seek:

  • Refund;
  • Damages;
  • Rescission of transaction;
  • Criminal complaint;
  • Civil action;
  • Small claims action, where applicable and depending on the claim type;
  • Complaint with consumer authorities, if merchant-related.

However, many scammers are anonymous or use fake identities. This is why prompt bank reporting and chargeback action matter.

XXXI. Damages Against the Bank

A cardholder may consider legal action against a bank where there is evidence of:

  • Bad faith;
  • Gross negligence;
  • Failure to investigate;
  • Improper denial;
  • Unauthorized charges despite timely dispute;
  • Harassing collection;
  • Damage to credit reputation;
  • Breach of confidentiality;
  • Failure to secure account data;
  • Failure to block reported fraud.

Possible damages may include actual damages, moral damages, exemplary damages, attorney’s fees, and costs, depending on proof and legal basis.

Litigation should be assessed carefully because banks usually have documentation, logs, card terms, and compliance defenses.

XXXII. Practical Strategy for Cardholders

A practical strategy is:

  1. Call the bank immediately.
  2. Block the card.
  3. Get a reference number.
  4. File written dispute.
  5. Save all evidence.
  6. Prepare timeline.
  7. Submit affidavit, if requested.
  8. Ask for chargeback.
  9. Request suspension of finance charges.
  10. Pay undisputed amounts.
  11. Follow up in writing.
  12. Request reconsideration if denied.
  13. Escalate to BSP or law enforcement if unresolved.
  14. Avoid inconsistent statements.

The cardholder’s credibility is important. The facts stated to the bank, police, BSP, and court should be consistent.

XXXIII. Practical Strategy for Banks

A responsible bank should:

  1. Receive the complaint promptly;
  2. Block compromised cards;
  3. Explain the process;
  4. Preserve transaction logs;
  5. Review authentication evidence;
  6. Check fraud patterns;
  7. File chargeback where available;
  8. Communicate clearly;
  9. Avoid conclusory denials;
  10. Suspend disputed charges where appropriate;
  11. Prevent abusive collection during investigation;
  12. Provide written resolution;
  13. Improve fraud controls based on recurring scams.

A bank’s investigation must be both technical and fair.

XXXIV. Frequently Asked Questions

1. Is the bank automatically liable for a credit card scam?

No. Liability depends on the facts, including authorization, authentication, cardholder conduct, bank controls, reporting timeline, and investigation quality.

2. Is the cardholder automatically liable if an OTP was used?

Not always, but OTP use is strong evidence for the bank. The cardholder must explain how the OTP was used or compromised and why the transaction was still unauthorized or fraud-induced.

3. Should I file a police report?

It is often useful, especially for cybercrime, stolen cards, identity theft, or bank escalation. Some banks may request it.

4. Can I refuse to pay the disputed amount?

You may dispute it and request suspension of charges. But refusing to pay everything may create delinquency issues. Pay undisputed amounts, and if paying disputed amounts, consider paying under protest.

5. Can the bank keep charging interest during the investigation?

You should request suspension or reversal of interest, penalties, and fees related to the disputed amount. If the bank refuses, that may be included in your complaint.

6. What if the bank denies my claim?

Request the full basis of denial, seek reconsideration, and escalate to the appropriate regulator or authority if the denial is unsupported.

7. What if I accidentally clicked a phishing link?

Disclose the facts honestly. The bank may consider negligence, but the investigation should still examine authentication, transaction pattern, warnings, and possible chargeback rights.

8. What if I shared my OTP?

This weakens the claim, but it does not prevent you from reporting the scam, filing a criminal complaint, or asking the bank to investigate whether recovery or chargeback is possible.

9. What if the transaction is still pending?

Report immediately. Pending transactions may sometimes be stopped, reversed, or blocked more easily than posted transactions.

10. What if the bank’s customer service refuses to accept my complaint?

Send a written complaint through official channels, keep proof of sending, and escalate if necessary.

XXXV. Conclusion

A credit card scam complaint in the Philippines should be handled as a serious legal and financial matter. The cardholder must act quickly, preserve evidence, file a written dispute, and insist on a proper bank fraud investigation.

The bank, in turn, must not rely on boilerplate denials. It should examine authentication, transaction behavior, fraud indicators, chargeback options, reporting timelines, and the fairness of holding the consumer liable.

The strongest cases are built on documents: transaction records, screenshots, timelines, complaint references, affidavits, bank replies, and evidence of prompt reporting.

Credit card fraud disputes are fact-specific. Some cases point to clear unauthorized use. Others involve social engineering or authorized-but-fraudulent payments. The legal outcome depends on the evidence, the bank’s investigation, the cardholder’s conduct, and the remedies pursued.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login