Disputing Unauthorized Credit Card Transactions in the Philippines

Disputing Unauthorized Credit Card Transactions in the Philippines

Updated for Philippine laws and standard industry practice as of 2024. This article is for general information only and is not a substitute for legal advice tailored to your facts.

1) What counts as an “unauthorized transaction”?

An unauthorized transaction is a charge you did not make, permit, or benefit from, including:

  • Card-not-present (CNP) fraud: online or phone purchases using your card details.
  • Lost/stolen or skimmed card use: physical card used without your knowledge.
  • Account takeover: fraudster controls your online banking or mobile app.
  • Phishing/SMiShing/voice phishing: credentials and OTPs tricked out of you.
  • Recurring charges you never agreed to or where authorization was forged.
  • Card present but forged signature or counterfeit chip/magstripe cloning.

If you authorized the transaction (including when you knowingly shared your OTP or one-time PIN), issuers often treat it as cardholder-authorized and may deny the dispute unless other facts rebut consent or show vitiated consent (e.g., coercion, misrepresentation).

2) Legal & regulatory framework

  • Republic Act No. 10870 (Credit Card Industry Regulation Law, “CCIRL”). Governs credit card issuance and operations and empowers the Bangko Sentral ng Pilipinas (BSP) to issue implementing rules, including consumer protection standards for billing errors and fraud handling.
  • Republic Act No. 11765 (Financial Consumer Protection Act, “FCPA”). Requires financial institutions to have effective complaint-handling and redress mechanisms, treat consumers fairly, and provide clear, timely information throughout dispute resolution.
  • BSP regulations & circulars implementing CCIRL and FCPA. Among others, they require clear disclosures of liability, prompt acknowledgment of complaints, fair investigation, and escalation channels. Issuers must maintain secure systems, monitor fraud, and keep auditable logs.
  • Republic Act No. 8484 (Access Devices Regulation Act). Criminalizes unauthorized use/possession of access devices (including credit cards), skimming, and related fraud schemes.
  • Republic Act No. 10173 (Data Privacy Act). If a breach of your personal data contributed to the fraud, the data controller may have breach-notification duties and you may assert data subject rights.

Network rules (Visa, Mastercard, JCB, AmEx, etc.) and issuer cardmember agreements further define chargeback windows, evidence standards, and liabilities. These private rules operate alongside Philippine law.

3) Cardholder liability: who pays?

General market practice—consistent with CCIRL/FCPA principles—is:

  • No liability for truly unauthorized transactions after you notify the issuer promptly and you did not act with fraud, willful misconduct, or gross negligence.

  • Possible liability if you:

    • Unreasonably delay reporting after learning of the fraud.
    • Share your card, CVV, PIN, or OTP (banks often treat OTP sharing as strong evidence of authorization or negligence).
    • Jailbreak/compromise your device or ignore obvious security warnings.

  • While the investigation is ongoing, issuers typically suspend finance charges and late fees on the disputed amount and allow you to pay only the undisputed portion. Always confirm how your issuer computes the minimum amount due during a dispute and request written confirmation.

4) Immediate steps when you spot a suspicious charge

  1. Secure your account immediately

    • Lock or block the card in-app (if available) and/or call the issuer to block the card and request replacement.
    • Change passwords; enable stronger authentication; call your telco if you suspect SIM-swap.

  2. Notify the issuer

    • Use the hotline on the back of your card or your issuer’s app/secure messaging.
    • Ask for a case reference number and written acknowledgment.

  3. File a formal dispute

    • Submit the Dispute/Chargeback Form and Affidavit of Fraud (issuer-prescribed forms).
    • Attach supporting documents (see §6). Keep copies of everything.

  4. Police/NBI blotter (recommended for lost/stolen card, skimming, account takeover)

    • File with PNP Anti-Cybercrime Group or NBI Cybercrime Division. Provide screenshots and logs.

  5. Monitor billing

    • Keep paying the undisputed amount to preserve your good standing.
    • Check that the disputed amount is placed on hold (no interest or late fees) pending resolution.

5) How issuers and networks investigate

  • Issuer review: Confirms your identity, card status, device/OTP logs, merchant category, and timing. May issue provisional credit (temporary reversal) depending on policy and strength of evidence.
  • Chargeback filing: Issuer raises a chargeback with the card network under a specific reason code (e.g., “fraud—card-not-present”).
  • Merchant representment: Merchant can respond with evidence (AVS/3-D Secure data, IP/device fingerprint, delivery confirmation, signed slips, etc.).
  • Arbitration (if needed): Card network decides if issuer and merchant disagree after representment cycles.

Timelines: Expect acknowledgment quickly and a final outcome typically within 45–90 days (complex cross-border matters can extend toward 120 days under network windows). Your own deadline to report a transaction varies by issuer (commonly 7–30 days from statement date or posting**)**—report as soon as possible to avoid missing windows.

6) Evidence that helps you win

Provide as many of the following as you can:

  • Your dispute form & affidavit (complete, signed).
  • Statement highlighting disputed items; transaction details (date, amount, merchant).
  • Proof of possession (e.g., you had your card when a foreign in-store use occurred).
  • Travel/work logs (to show you were elsewhere).
  • Communications with merchant (refund refusal, cancellation notices).
  • Device/tech evidence: screenshots of OTP you never received, login alerts, unusual device/location logs.
  • Police/NBI blotter or incident report numbers.
  • For subscription/recurring charges: proof you never enrolled or that you canceled.

7) Special scenarios & tips

A. You shared an OTP after a scam call/text

  • Banks and regulators treat OTPs as strong customer authentication. If you voluntarily disclosed an OTP, expect a tougher dispute.
  • Still file a dispute if there’s evidence of spoofing, coercion, or deception (e.g., caller pretended to be your bank). Provide call logs and screenshots. Consider filing a criminal complaint under RA 8484 and related penal provisions.

B. Card-present fraud with chip cards

  • EMV chip liability rules generally shift counterfeit fraud to the party with weaker tech (e.g., a merchant that failed to use chip). Your issuer will rely on network rules to pursue the merchant.

C. Card-not-present (online) purchases

  • If the merchant used 3-D Secure and the transaction was fully authenticated, networks may shift liability to the issuer/cardholder unless there’s proof of account takeover. Provide device/IP evidence and proof of compromised credentials.

D. Recurring charges you don’t recognize

  • Ask the issuer to block further recurring debits from that merchant ID and dispute past charges. Provide proof of non-enrollment or cancellation.

E. Cross-border transactions and dynamic currency conversion (DCC)

  • Cross-border disputes can take longer. DCC complaints are usually billing error disputes (pricing/consent), not “fraud”—frame them correctly.

F. Multiple small “test” charges

  • These often precede larger fraud. Report all test charges; ask the issuer to monitor and block the BIN/merchant.

8) How to structure your written dispute

Use clear, factual language. A concise template:

Subject: Dispute of Unauthorized Credit Card Transactions – [Last 4 digits] To: [Issuer’s Consumer Assistance / Disputes Team] I am disputing the following transactions as unauthorized:

  • Date – Merchant – Amount – Reference I did not authorize or benefit from these transactions. My card was [in my possession / blocked on (date)]. I reported the incident on (date), Case No. (reference). Attached are: my completed dispute form and affidavit, police/NBI blotter (if any), statement copy, screenshots, and other evidence. Please place the disputed amounts on hold, ensure no interest/late fees accrue on them, adjust the minimum due accordingly, and investigate under applicable laws and network rules. I request written updates and a copy of the investigation result. Signed: [Name, address, contact details, ID type/number]

9) What to expect during the process

  • Acknowledgment and a case number.
  • Requests for additional documents (respond quickly).
  • Provisional credit may be granted in clear cases; it can be reversed if merchant later proves authorization.
  • Final resolution notice stating whether charges are reversed permanently, partially, or upheld.

If resolution is adverse, you can appeal internally, then escalate externally.

10) Escalation & enforcement options

  1. Internal appeal to the issuer’s Consumer Assistance Office or Dispute Resolution Team (cite CCIRL/FCPA duties; request a written decision explaining evidence relied upon).

  2. Bangko Sentral ng Pilipinas (BSP) consumer assistance

    • File a complaint after trying the bank’s process. Provide your dispute documents, timeline, and the bank’s final response. Ask BSP to require the bank to show audit logs and risk-control evidence and to explain any interest/fees applied to disputed sums.

  3. National Privacy Commission (NPC) if a data breach or privacy violation contributed to the fraud.

  4. Criminal complaints under RA 8484 and related laws against identified perpetrators (PNP-ACG or NBI-CCD).

  5. Civil remedies

    • Small Claims: For money claims up to ₱1,000,000 (no lawyers required in hearings; documentary evidence is key).
    • Ordinary civil action for damages if losses exceed the small-claims cap or complex issues are involved.
    • Potential claims: breach of contract, negligence, and damages under the Civil Code and FCPA/CCIRL-aligned duties.

11) Preventive practices (and how they affect disputes)

  • Never share OTPs/PINs—banks will presume authorization if OTP was entered correctly from your number/device.
  • Enable strong device security; avoid installing unknown APKs; keep OS updated.
  • Use separate email/number for banking; guard SIM against SIM-swap (SIM-lock, account PIN with telco).
  • Prefer virtual/limited-use card numbers for online merchants; disable international/online transactions by default; use transaction alerts.
  • Beware of spoofing: verify hotlines and URLs; your bank will not ask for OTP/PIN/password.
  • Review statements and alerts promptly; early reporting strengthens your case and preserves chargeback windows.

12) Frequently asked questions

Q: Can I stop paying my entire bill during a dispute? A: No. Keep paying the undisputed portion. Request that the issuer excludes the disputed amount when computing your minimum due and waives interest/fees on that portion pending resolution.

Q: Will I automatically get a refund? A: Not automatically. Outcomes depend on evidence and network rules. Provisional credits can be reversed if the merchant later proves authorization.

Q: I clicked a phishing link and entered my details. Am I still protected? A: Protection narrows. If you shared credentials/OTP, issuers may argue cardholder negligence. Still file a dispute and provide evidence of deception and speed of reporting.

Q: The merchant says they delivered to my address. A: Delivery to your address is not conclusive. Ask for proof of receipt (signed POD, photo at door with metadata) and challenge mismatched signatures, device/IP anomalies, or courier irregularities.

Q: The charges are small but many. A: Dispute them all; ask for BIN/merchant blocking and card replacement. Small “test” charges often precede bigger fraud.

13) Practical checklist

  • Card blocked/replaced; passwords changed; SIM checked.
  • Case number obtained; written acknowledgment saved.
  • Dispute form + affidavit completed and submitted.
  • Police/NBI blotter (if applicable).
  • Evidence bundle assembled (statements, screenshots, logs, delivery proof).
  • Request on record: no interest/fees on disputed amount; adjust minimum due.
  • Calendar reminders: issuer evidence deadlines; expected resolution window.
  • If unresolved or adverse: internal appeal → BSP consumer assistance → other regulators/courts.

14) Key takeaways

  • Report fast, document thoroughly, and keep paying the undisputed amount.
  • Do not share OTPs or credentials—doing so can severely weaken protection.
  • Use the legal path (CCIRL, FCPA, RA 8484) and network rules to insist on fair treatment, transparent evidence, and proper fee handling during the investigation.
  • Escalate with a complete dossier if the issuer’s resolution is unsatisfactory.

If you need help tailoring a dispute letter or evidence checklist to your facts, summarize your timeline (dates, amounts, communications) and I can draft language you can use right away.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login