Finding out that someone used your name, birth date, photo, address, passport details, PhilID, driver’s license, TIN, or other personal information to make a fake ID is frightening because the harm can spread quickly: loans, SIM cards, e-wallets, hotel records, travel documents, online accounts, criminal transactions, or debt collection notices may suddenly appear under your name. In the Philippines, this situation may involve identity theft, falsification, data privacy violations, estafa, access device fraud, or special ID-related offenses depending on what the fake ID was used for. The practical goal is simple: preserve proof, stop further use, report the incident to the right office, correct the affected records, and create a paper trail showing that you are the victim—not the person who used the fake ID.
What Counts as Identity Theft in the Philippines?
Identity theft happens when another person uses identifying information that belongs to you without authority. This can include your:
- Full name
- Birthday and birthplace
- Address
- Photo or selfie
- Signature
- Phone number or email
- PhilSys Number, PhilID, or Digital National ID details
- Passport, driver’s license, PRC, UMID, SSS, GSIS, TIN, or voter information
- Bank, credit card, e-wallet, or online account details
- Scanned IDs or documents you previously submitted to an employer, lender, landlord, school, broker, app, hotel, recruitment agency, or online seller
Under the Cybercrime Prevention Act of 2012, computer-related identity theft includes the intentional acquisition, use, misuse, transfer, possession, alteration, or deletion of identifying information belonging to another person or juridical entity, without right. If no damage has yet been caused, the penalty is one degree lower; otherwise, offenses under Section 4(b) are punishable by prision mayor or a fine of at least ₱200,000, or both. (Supreme Court E-Library)
A fake ID case often has both a physical document angle and a digital angle. For example, someone may print a fake driver’s license with your name and photo, but they may also upload it to register a SIM, open an e-wallet, apply for a loan, or pass online KYC verification. The digital part is important because online use may bring the case under cybercrime rules and may help investigators request preservation or disclosure of computer data from platforms, telecoms, or financial institutions.
What Laws May Apply When a Fake ID Uses Your Personal Information?
Computer-related identity theft under RA 10175
If your information was taken, stored, sent, uploaded, altered, or used through a computer system, app, website, email, social media account, messaging platform, or online KYC process, RA 10175, the Cybercrime Prevention Act of 2012, may apply. The law separately punishes computer-related forgery, computer-related fraud, and computer-related identity theft. It also provides that crimes under the Revised Penal Code or special laws committed through information and communications technology may receive a penalty one degree higher. (Supreme Court E-Library)
This matters in common situations such as:
- A fake ID was uploaded to register a lending app account.
- Your scanned ID was used to pass an e-wallet selfie verification.
- Your personal data was sent through Telegram, Facebook Messenger, Viber, email, or a Google Drive link.
- A scammer created a fake online profile using your name and ID.
- A person used your details to register a SIM or receive OTPs.
Falsification under the Revised Penal Code
If someone fabricated, altered, or used a fake ID, the Revised Penal Code, particularly Articles 171 and 172, may apply. Article 171 covers falsification by public officers, employees, notaries, or similar persons taking advantage of official position. Article 172 covers falsification by private individuals and the use of falsified documents. In Malabannan v. Sandiganbayan; Alid v. People, the Supreme Court discussed the punishable acts under Article 172 and explained that falsification of a private document requires damage or intent to cause damage, while falsification of public, official, or commercial documents does not require the same element in the same way. (Supreme Court E-Library)
A fake government ID is usually treated more seriously than a purely private document because IDs issued by government offices are public or official documents. If the fake ID was used to deceive a bank, telecom company, government agency, landlord, employer, casino, hotel, or lender, prosecutors may also consider related offenses such as estafa, use of falsified documents, or violations of special laws.
Estafa if the fake ID was used to obtain money, credit, property, or services
If the fake ID was used to trick another person or company into releasing money, goods, services, loans, or credit, the act may also fall under estafa under Article 315 of the Revised Penal Code. Estafa can be committed through false pretenses, fraudulent acts, use of a fictitious name, or other deceit made before or at the same time as the fraud. (Lawphil)
For victims, this is important because a creditor or collection agency may later claim that “your name borrowed the money.” Your defense should be built early with evidence that you did not apply, sign, receive proceeds, control the account, or benefit from the transaction.
Access device fraud for credit cards, bank accounts, e-wallets, and online access
If the fake ID was used to apply for or access a credit card, debit card, bank account, account number, PIN, e-wallet, online banking account, or similar financial access tool, RA 8484, the Access Devices Regulation Act of 1998, as amended by RA 11449 in 2019, may apply. The law defines an “access device fraudulently applied for” as one issued because of falsified documents, false information, fictitious identities or addresses, false pretenses, or misrepresentation, and it penalizes producing, using, trafficking, possessing, or transacting with counterfeit or unauthorized access devices. (Lawphil)
In practice, this covers cases like:
- A credit card was issued using your name and a fake address.
- A bank or e-wallet account was opened with your ID.
- A scammer used your details to receive proceeds of fraud.
- A loan app or online lender claims you borrowed money using an uploaded ID.
Data Privacy Act remedies under RA 10173
The Data Privacy Act of 2012, or RA 10173, protects data subjects—that means the individuals whose personal information is being processed. You have rights to be informed, to access your data, to dispute inaccurate information, to have incorrect personal information corrected, to request blocking or removal of unlawfully obtained or unauthorized data, and to be indemnified for damage caused by inaccurate, false, unlawfully obtained, or unauthorized use of personal information. (National Privacy Commission)
The Data Privacy Act also requires personal information controllers to use reasonable organizational, physical, and technical measures to protect personal information from unlawful access, fraudulent misuse, alteration, disclosure, or other unlawful processing. If a breach involves sensitive personal information or information that may enable identity fraud, the National Privacy Commission and affected data subjects must be notified when the legal conditions for breach notification are present. (National Privacy Commission)
Data privacy remedies are especially useful when the problem came from an organization that collected your ID copy, such as a lender, broker, employer, school, clinic, condo admin office, hotel, online platform, delivery app, or agency, and that organization refuses to explain, correct, block, or remove wrong records.
PhilSys, National ID, SIM, and passport-specific rules
Some fake ID cases involve special laws:
| ID or transaction involved | Possible law | Why it matters |
|---|---|---|
| PhilID, Digital National ID, PhilSys Number, or fake National ID | RA 11055, Philippine Identification System Act of 2018 | PSA has warned that false PhilSys information, unauthorized printing, falsification, tampering, possession of fake PhilID, or use of another person’s PhilID or PSN may be punished by imprisonment and heavy fines. (Philippine Statistics Authority) |
| SIM card registered using your identity | RA 11934, SIM Registration Act of 2022 | Using fictitious identities or fraudulent identification documents to register a SIM is punishable by imprisonment, fine, or both; spoofing and unlawful transfers have separate penalties. (Supreme Court E-Library) |
| Passport or passport-supporting documents | RA 11983, New Philippine Passport Act of 2024 | Forging, using another person’s passport or supporting document, making false passport statements, or using a passport secured through false statements carries serious imprisonment and fines. (Lawphil) |
| Credit card, e-wallet, online banking, account number, PIN, or similar access | RA 8484 as amended by RA 11449 | Fraudulently applied-for or unauthorized access devices are specifically covered. (Lawphil) |
What To Do First If Someone Made a Fake ID Using Your Information
1. Preserve evidence before confronting anyone
Do not rely only on memory or screenshots saved casually in your phone gallery. Build a clean evidence file.
Save:
- Screenshots showing the fake ID, account, post, loan notice, SIM message, transaction, or email
- The URL, username, account number, reference number, mobile number, or email address involved
- Date and time of discovery
- Original emails with full headers if available
- SMS messages without deleting the sender details
- Collection letters, demand letters, delivery notices, or verification messages
- Copies of your real IDs that prove the correct information
- Any proof that you were somewhere else or had no control over the transaction
- Names and contact details of witnesses
- Customer service ticket numbers from banks, apps, telecoms, or platforms
For online evidence, take screenshots that show the full screen, not just the cropped fake ID. Include the browser address bar, timestamps, profile URL, sender name, and conversation context. If the case becomes serious, investigators may need metadata, logs, device information, IP-related records, or platform data that ordinary screenshots cannot provide.
2. Write a short incident chronology
Prepare a one- to two-page timeline. Keep it factual.
Example format:
| Date | What happened | Proof |
|---|---|---|
| June 3, 2026 | Received SMS OTP for a loan app I never used | Screenshot of SMS |
| June 5, 2026 | Collection agent called claiming I borrowed ₱18,000 | Call log, agent name |
| June 6, 2026 | App sent a copy of an ID with my name but not my photo/signature | Email from app |
| June 7, 2026 | I reported the matter to the app and requested account freeze | Ticket no. 12345 |
This timeline will help when you prepare a complaint affidavit, file with the police or NBI, dispute a debt, or complain to the National Privacy Commission.
3. Notify the institution that accepted the fake ID
Send a written dispute to the bank, e-wallet, lender, telecom, hotel, school, employer, platform, or agency involved. Use email or ticket systems so there is a record.
Ask for:
- Immediate freezing, blocking, or suspension of the account or transaction
- A copy of the application, logs, ID submitted, selfie verification, signature, IP/device records, delivery address, and payout details, subject to lawful disclosure rules
- Correction of records showing you as borrower, account holder, subscriber, guest, employee, applicant, or customer
- Written confirmation that you are disputing identity theft
- Preservation of records for law enforcement purposes
Do not sign a promissory note, restructuring document, settlement, waiver, or “acknowledgment of debt” just to stop harassment if you did not make the transaction. A careless signature can later be used against you.
4. File a report with the proper law enforcement office
For online or technology-related identity theft, reports are commonly filed with the PNP Anti-Cybercrime Group or the NBI Cybercrime Division. The NBI’s citizen’s charter for computer-crime victims indicates that complainants fill out a complaint form and submit it to the Cybercrime Division or Regional Cybercrime Centers; the listed intake assistance is not the full investigation timeline. (National Bureau of Investigation)
Bring or prepare:
- Valid government ID
- Printed incident chronology
- Screenshots and electronic copies
- Copies of fake ID or disputed application if available
- Demand letters or collection notices
- Bank, telecom, e-wallet, or platform ticket numbers
- Affidavit of complaint, if already prepared
- Proof that the information belongs to you
- Proof that the signature/photo/address/account is not yours, when applicable
A barangay blotter may help establish that you reported the incident early, but it is usually not enough for cybercrime, falsification, access device fraud, SIM fraud, passport fraud, or serious estafa. Barangay conciliation is also generally not the correct route for offenses punishable by imprisonment exceeding one year or fines exceeding ₱5,000.
5. Prepare a complaint affidavit
A complaint affidavit is your sworn written statement. It should be clear, chronological, and specific.
It usually includes:
- Your full name, address, nationality, and contact details
- How you discovered the fake ID or fraudulent account
- What personal information was used
- Why you know the ID or transaction is fake
- What harm occurred or may occur
- Names of suspects, if known
- Names of platforms, banks, lenders, telecoms, or agencies involved
- List of attachments
- Request for investigation and prosecution for the appropriate offenses
Affidavits used in Philippine proceedings are usually notarized. Filipinos or foreigners abroad may execute documents before a Philippine embassy or consulate, or before a local notary with the required apostille or authentication depending on the country and the intended Philippine use. For Philippine documents that need apostille for use abroad, DFA authentication services are handled through the DFA Apostille system and may be applied for by the document owner or an authorized representative. (DFA Appointment System)
6. File a data privacy complaint if an organization mishandled your information
If a company, app, school, clinic, employer, hotel, broker, landlord, condo office, or agency collected your personal information and it was later misused, or if it refuses to correct or block false records, the National Privacy Commission may be relevant.
The NPC’s formal complaint process requires the complaint to be filed in the proper format, printed and filled out, notarized, and submitted personally, by courier, or by scanned email to the NPC. (National Privacy Commission) The NPC also states that a complaint-assisted form or verified complaint should be accompanied by evidence and witness affidavits, and electronic submissions should generally be digitally signed and in PDF format where practicable. (National Privacy Commission)
NPC complaints are helpful when you need:
- Access to records about how your data was processed
- Correction of wrong records
- Blocking or removal of unauthorized data
- Accountability for negligent disclosure or weak data safeguards
- Action after an organization ignores your data subject request
7. Escalate financial disputes through BSP channels if needed
If the fake ID was used with a bank, e-money issuer, remittance company, pawnshop, virtual asset service provider, or other BSP-supervised financial institution, first file a complaint with that institution’s customer assistance or financial consumer protection channel. If unresolved, the BSP Consumer Assistance Mechanism can be accessed through the BSP Online Buddy or traditional channels such as email, postal mail, phone, or walk-in assistance. The BSP says complainants should include a clear summary, requested resolution, contact details, and copies of the complaint filed with the financial institution and its reply, if any. (Bank Secrecy Policy)
For identity theft involving unauthorized loans or e-wallets, your written request should ask for account freezing, investigation, removal of negative records, reversal of unauthorized charges where justified, and confirmation that the transaction is disputed.
Documents You Should Prepare
| Document | Purpose |
|---|---|
| Valid government ID | Proves your identity as complainant |
| Incident chronology | Helps investigators understand the sequence |
| Screenshots and electronic files | Shows fake ID use, account creation, messages, or transactions |
| Printed emails, SMS, collection letters | Shows demands, threats, OTPs, or notices |
| Affidavit of complaint | Main sworn statement for police, NBI, prosecutor, or NPC |
| Affidavit of denial or non-involvement | Useful for banks, lenders, telecoms, or platforms |
| Specimen signature or proof of correct signature | Helps dispute forged signatures |
| Proof of correct address, phone, email, or employment | Helps show false application details |
| Police/NBI report or complaint receipt | Helps support disputes and record correction |
| NPC complaint documents | Needed when asserting data privacy rights |
| Authorization letter or SPA | Needed if someone files or follows up for you |
Common Problems Victims Face
“The lender says the account is under my name, so I must pay.”
A name match does not prove that you borrowed the money. Ask for the complete application file, selfie verification, payout account, device logs, IP records, phone number used, delivery address, and signed documents. Send a written dispute and preserve proof that you reported identity theft early.
“The fake ID has my real information but another person’s photo.”
That is still dangerous. It may mean your data was combined with someone else’s image to pass weak verification. In your affidavit, specifically state which details are yours and which are not.
“The fake ID has my photo but wrong details.”
This may still be identity misuse. Your face is personal information. Ask where the photo was obtained and demand blocking or correction of the false account.
“A SIM was registered under my name.”
Immediately report to the telecom provider and request investigation and deactivation if the SIM is fraudulent. RA 11934 penalizes the use of fictitious identities or fraudulent identification documents to register a SIM, and prosecution under that law is without prejudice to liability under the Revised Penal Code or special laws. (Supreme Court E-Library)
“My PhilID or National ID details were used.”
Report to the relevant institution and preserve the fake ID copy. PSA has publicly reiterated that unauthorized printing, preparation, issuance, falsification, alteration, possession of fake PhilID, and use or possession of another person’s PhilID or PSN without reasonable excuse can carry severe penalties under the PhilSys Act. (Philippine Statistics Authority)
“The fake ID was used abroad or by a foreigner.”
The Philippine case can still move if the harmful transaction, victim, platform, bank, telecom, account, or evidence has a Philippine connection. Foreigners in the Philippines can report to the PNP or NBI as victims. If foreign public documents are needed in a Philippine case, expect authentication, apostille, certified translation, or consular steps depending on the issuing country and document type.
Civil Remedies and Damages
Criminal complaints focus on punishment and prosecution. Civil remedies focus on compensation, correction, prevention, and protection of your rights.
Possible civil bases include:
- Civil Code Article 26, which protects dignity, personality, privacy, and peace of mind
- Civil Code Articles 19, 20, and 21, which cover abuse of rights, acts contrary to law, and willful acts contrary to morals, good customs, or public policy
- Civil Code Article 32, for violations of certain constitutional rights, including privacy of communication and protection against unreasonable searches and seizures
- Civil Code Article 33, which allows an independent civil action in cases of fraud
- Data Privacy Act Section 16, which includes the right to correction, blocking, removal, and indemnification for damage caused by inaccurate, false, unlawfully obtained, or unauthorized use of personal information (National Privacy Commission)
Civil claims may include actual damages, moral damages for anxiety or reputational harm, exemplary damages in proper cases, attorney’s fees where allowed, and injunctive relief to stop continued use of your information. In practice, many victims first focus on stopping the fraud, correcting records, and clearing debt or account issues before filing a separate civil case.
Frequently Asked Questions
Is using my personal information on a fake ID a crime in the Philippines?
Yes, it can be. Depending on how the fake ID was made and used, the case may involve computer-related identity theft, falsification, use of falsified documents, estafa, access device fraud, SIM registration violations, PhilSys violations, passport offenses, or Data Privacy Act violations.
Am I liable for a loan or e-wallet account opened with a fake ID?
Not automatically. You should dispute the account in writing, request the application and verification records, file a police or NBI report when appropriate, and avoid signing any document that admits liability if you did not make the transaction.
Should I go to the barangay first?
A barangay blotter can help create an early record, especially if you know the person involved. But for cybercrime, falsification, financial fraud, SIM fraud, passport fraud, or serious identity theft, you usually need the PNP, NBI, prosecutor, NPC, bank, telecom, or platform process—not just barangay mediation.
Can I file with the National Privacy Commission?
Yes, if your personal information was misused, improperly disclosed, unlawfully processed, inaccurately recorded, or not corrected despite your request. NPC complaints generally require a properly completed and notarized complaint or complaint-assisted form with supporting evidence. (National Privacy Commission)
What if the company refuses to give me the fake application records?
Ask in writing under your Data Privacy Act rights to access and correction. The company may redact information that belongs to others or is restricted by law, but it should still respond properly to a legitimate data subject request. If it refuses without a valid reason, that refusal may become part of an NPC complaint.
What if my passport details were used?
Report to the DFA if a Philippine passport or passport-supporting document is involved, and file with law enforcement if there is forgery, false statement, or fraudulent use. RA 11983 penalizes forged passports, use of another person’s passport or supporting document, and passports secured through false statements. (Lawphil)
What if I am a Filipino abroad?
You can preserve evidence abroad, execute an affidavit before the Philippine embassy or consulate or through locally valid notarization and apostille/authentication, authorize a trusted person in the Philippines through an SPA, and file with the relevant Philippine agency depending on the facts.
What if I do not know who made the fake ID?
You can still file a report against an unknown person. Focus on the account, phone number, email, platform, transaction reference, payout account, delivery address, IP/device records if available, and the institution that accepted the fake ID. Investigators often start from those traces.
Key Takeaways
- Fake IDs using your personal information may involve identity theft, falsification, estafa, access device fraud, data privacy violations, or special ID laws.
- Preserve evidence before confronting the suspect or deleting anything.
- Send written disputes to banks, e-wallets, lenders, telecoms, platforms, or agencies that accepted the fake ID.
- File with PNP ACG, NBI Cybercrime Division, or the prosecutor when the facts show a criminal offense.
- File with the NPC when the issue involves misuse, breach, refusal to correct, or unauthorized processing of personal data.
- Do not sign any document admitting a debt or transaction you did not make.
- A strong paper trail—screenshots, affidavit, dispute letters, complaint receipts, and agency reports—is often what protects you from collection, blacklisting, and repeated misuse.