How to Recover Money Lost to Online Scams in the Philippines: NBI, PNP-ACG, and Bank Chargeback Steps

How to Recover Money Lost to Online Scams in the Philippines

NBI, PNP-ACG, and Bank/E-Wallet Chargeback & Recall Guide (Practical, Philippine-specific)

This is general information for the Philippines. It’s not a substitute for advice from your lawyer or law-enforcement officer handling your case.

1) First 24 hours: what to do (in order)

  1. Lock down your accounts

    • Freeze/lock the card or e-wallet in the app; change passwords/PINs; revoke devices; enable 2-factor authentication (2FA); disable biometric logins on any device you don’t control.
    • If there’s a SIM-swap or your phone was compromised, contact your telco to suspend the SIM and reissue with a new SIM number.

  2. Call the sending institution’s fraud line immediately

    • For credit/debit cards: ask to block the card and open a dispute for the unauthorized transactions.
    • For bank-to-bank / e-wallet transfers (InstaPay/PESONet/QR Ph): ask for a fund recall/return request and to flag the recipient account. These are time-critical and work best if funds are still in the receiving account.

  3. Preserve evidence

    • Screenshots of chats, websites, ads, emails, caller IDs, usernames/handles, order pages, payment confirmations, transaction IDs, dates and times, IP/email headers if any.
    • Save PDFs of statements; export chat threads; keep device logs if you can.
    • Do not alter or “clean” your device before law enforcement can image it if needed.

  4. Make an official blotter/incident report

    • If near you, proceed to PNP station or directly to PNP Anti-Cybercrime Group (PNP-ACG) or NBI Cybercrime Division (NBI-CCD). A blotter helps banks and platforms act on freezes and is often required for disputes.

2) Which laws cover online scams (quick map)

  • Revised Penal Code – Estafa (Art. 315): deception/defraud with damage (often charged with cyber provisions).
  • Cybercrime Prevention Act (RA 10175): computer-related fraud, identity theft, illegal access, data interference; Section 6 increases penalties one degree higher when crimes are committed through ICT.
  • Access Devices Regulation Act (RA 8484): fraud involving cards/OTP/online credentials.
  • Financial Products and Services Consumer Protection Act (RA 11765): duties of banks/e-money issuers; complaint handling; regulatory redress.
  • E-Commerce Act (RA 8792): electronic documents, signatures, electronic evidence.
  • Data Privacy Act (RA 10173): governs personal data; allows disclosure to law enforcement under lawful process.
  • Securities Regulation Code (RA 8799): unregistered securities / investment scams (SEC complaints).
  • SIM Registration Act (RA 11934): SIM deactivation and assistance to law enforcement for fraud numbers.

3) Reporting to NBI vs. PNP-ACG (how it actually works)

A) NBI Cybercrime Division (NBI-CCD)

  • When to go: Complex online fraud; investment scams; cross-border; identity theft; account takeovers.

  • What to bring

    • Valid ID; sworn complaint-affidavit (see template below)
    • Proof of loss (receipts, transaction slips, bank/e-wallet statements)
    • Evidence (screenshots, URLs, chat logs, email headers, device info)
    • If possible, bank certification that disputes/recalls were filed.

  • What NBI can do

    • Conduct cyber investigation; issue subpoenas to platforms/banks/telcos; coordinate with AMLC; prepare case for prosecutor (DOJ); coordinate with foreign LE via MLAT/INTERPOL if needed.

  • Outcome

    • If suspects or money-mule accounts are identified, NBI can help build a criminal case and support asset restraint requests.

B) PNP Anti-Cybercrime Group (PNP-ACG)

  • When to go: Any online scam; phishing/OTP compromise; romance/crypto scams; account takeovers; seller/buyer fraud.

  • What to bring: Same as NBI.

  • What PNP-ACG can do: Open investigation, issue subpoena/letter requests to institutions, conduct entrapment where feasible, refer for prosecution, and coordinate for account flagging/freezes with banks/telcos (subject to legal limits).

  • Which is “better”?

    • Both are competent. Pick whichever is more accessible—or file with one and coordinate updates to your bank/platform. Some victims file with both to speed up inter-agency coordination.

Note on data access: You, as a private party, generally cannot compel banks/telcos/platforms to reveal subscriber/KYC data. NBI/PNP can obtain it via subpoena/warrant/court order under RA 10175 and related rules.

4) Bank, Card, and E-Wallet Remedies

A) Credit & Debit Cards (Visa/Mastercard/JCB/AmEx rails)

  1. Notify your issuer immediately. Ask for card block and to open dispute(s).

  2. Dispute grounds typically include:

    • Unauthorized/forged/without consent;
    • Services not rendered/merchandise not received;
    • Misrepresentation.

  3. Deadlines matter. Banks set short notice windows (often 7–30 days from statement or transaction notice) and card networks have hard outer windows (often ~60–120 days). File asap to preserve rights.

  4. Provide evidence: statement page highlighting the item; merchant descriptors; any proof you did not authorize (e.g., device not in your possession; OTP not shared; phishing details).

  5. Provisional credit is not guaranteed in PH; your issuer’s terms apply.

  6. Escalation: If denied or slow, use the bank’s formal complaints channel (see RA 11765 duties). If still unresolved, elevate to the Bangko Sentral ng Pilipinas (BSP) Consumer Assistance mechanism for supervised institutions.

Expectations: Chargebacks work best for card-not-present fraud and merchant disputes. They are not available for voluntary peer-to-peer transfers or cash-equivalent transactions (some crypto loads, remittance cash-outs).

B) Bank/E-Wallet Transfers (InstaPay, PESONet, QR Ph, wallet-to-wallet)

  1. Call the sending bank/e-money issuer (EMI) and request a fund recall/return and recipient-account flag.
  2. Speed is everything. If funds are still in the recipient account, banks may hold/return them with recipient consent or per interbank arrangements. Once withdrawn/cashed out or hopped through mule chains, recovery is unlikely without law-enforcement intervention.
  3. Documents banks commonly ask for: incident details; IDs; screenshots; police/NBI report; sworn affidavit; transaction reference numbers.
  4. Parallel steps: File with PNP-ACG/NBI right away so they can send law-enforcement letters to banks/telcos to preserve data and coordinate holds where legally allowed.
  5. Escalation: If the bank/EMI refuses to process a recall or mishandles a complaint, invoke their Financial Consumer Protection procedures (RA 11765), then escalate to BSP if unresolved.

Important limitations

  • Banks cannot simply “reverse” a completed transfer without grounds/recipient cooperation or lawful order.
  • Freeze/hold orders generally require proper legal process. AMLC can seek freeze orders from the Court of Appeals in money-laundering cases; law enforcement can request account flags/preservation while they process legal applications.

C) Remittance, Marketplace, and Platform Programs

  • Remittance/payments (e.g., over-the-counter cash pick-up): file immediately with the remittance company; if not yet claimed, a hold may be possible.
  • Marketplaces/payment processors: use buyer protection/“item not received” flows within platform deadlines; submit the police/NBI report to strengthen your claim.
  • Crypto exchanges: open a support ticket to flag addresses and freeze remaining funds in your own or counterparties’ exchange accounts; full KYC details usually require a law-enforcement request.

5) Filing a criminal case: process at a glance

  1. Investigative stage (NBI/PNP-ACG): you submit a sworn complaint-affidavit and evidence. Officers may image devices, pull logs, and request KYC/transaction data from banks/telcos/platforms.

  2. Prosecutor (DOJ/City/Provincial Prosecutor)

    • Inquest (if suspect arrested) or preliminary investigation (if at large).
    • You and the respondent submit affidavits and counter-affidavits; the prosecutor determines probable cause.

  3. Filing of Information in court if probable cause is found; warrants may issue.

  4. Restitution may be ordered upon conviction; civil liability may be adjudged with the criminal case.

Possible charges (depending on facts)

  • Estafa (Art. 315 RPC), often one degree higher if via ICT (RA 10175 Sec. 6).
  • Computer-related fraud and identity theft (RA 10175).
  • Access devices fraud (RA 8484).
  • Unregistered securities / investment fraud (SR Code) – also file a complaint with SEC.

Civil actions (can be combined with or separate from criminal): damages (Civil Code Arts. 19–21), rescission, unjust enrichment. Small Claims: money claims up to ₱1,000,000 (no lawyers required in hearings) under the Revised Rules on Small Claims—useful if you can identify the scammer or money-mule.

6) Evidence: make it court-ready

  • Chronology: a timeline of events with timestamps and time zones.
  • Prove identity & ownership: IDs; account ownership documents; SIM/account recovery emails.
  • Digital trails: raw image/video files (not just screenshots), device details, app versions.
  • Headers & metadata: email headers, URL strings, wallet/explorer links, transaction hashes.
  • Chain-of-custody: once law enforcement images a device, don’t tamper with originals.
  • Preservation requests: Under RA 10175, providers can be ordered to preserve traffic data for at least 6 months (extendable)—another reason to file early.

7) Working with regulators (when your bank or wallet isn’t helping)

  • BSP (Bangko Sentral ng Pilipinas) – for banks/emoney issuers/payment system operators. RA 11765 requires fair complaint handling, disclosures, and redress.
  • SEC – investment solicitations, Ponzi/pyramiding, unregistered brokers or securities.
  • Insurance Commission – if the product is insurance/variable life.
  • NTC / telcos – SIM-swap, spam calls/SMS, spoofed numbers (usually with police report attached).
  • CICC/DICT – national cybercrime coordination and victim intake/triage.

Tip: When escalating, attach (1) your complete complaint file, (2) proof of first-level complaint to the institution and their response (or lack thereof), and (3) your police/NBI report.

8) Realistic outcomes & timelines

  • Fastest wins: card chargebacks for clearly unauthorized online charges reported quickly; bank recalls where funds haven’t moved.
  • Hard cases: P2P transfers to money-mule chains, crypto off-ramps, and cash-out at agents; investigations can take weeks to months, cross-border cases longer.
  • Recovery rates depend on speed, traceability, and whether funds remain accessible. File within hours, not days.

9) Red flags & “recovery” scams to avoid

  • Anyone claiming guaranteed “fund retrieval” for a fee, asking for your OTP/seed phrase, or directing you to pay “taxes/unlock fees” to release refunds is almost certainly another scam.
  • Never give remote-access permissions (screen-sharing, “tech support”) to unknown parties.

10) Templates you can reuse

A) Bank/Card/E-Wallet Dispute or Fund-Recall Request (email/letter)

Subject: URGENT – Dispute/Fund Recall for Fraudulent Transaction(s)

To: [Bank/EMI Name] – Fraud & Disputes
Account/Card No.: [XXXX-XXXX-XXXX-1234]  Account/Wallet Name: [Your Name]
Registered Mobile/Email: [number/email]

I report the following unauthorized/fraudulent transaction(s):

Date/Time (PH): [YYYY-MM-DD HH:MM]
Amount/Currency: [₱xx,xxx.xx]
Reference/Trace ID: [########]
Channel/Rail: [Visa/Mastercard | InstaPay | PESONet | Wallet-to-Wallet | QR Ph]
Counterparty: [Merchant name/Account name-number if available]

Facts: [Brief narrative of how the fraud occurred, when discovered, actions taken.]
I request:
1) Immediate block of my [card/account/wallet] and investigation.
2) For cards: open a chargeback/dispute under unauthorized/merchant dispute grounds.
   For transfers: initiate a fund recall/return and flag the recipient account.
3) Written acknowledgment and incident/case number.

Attached: ID, transaction proof, screenshots, police/NBI report (if available), sworn statement.

I certify I did not authorize these transactions and did not benefit from them.

[Name, signature, date]

B) Sworn Complaint-Affidavit (for NBI/PNP-ACG)

REPUBLIC OF THE PHILIPPINES )
CITY/PROVINCE OF _________ ) S.S.

COMPLAINT-AFFIDAVIT

I, [Full Name], of legal age, Filipino, with address at [address], after being duly sworn, state:

1. I am the owner of [card/account/wallet/email/SIM] registered to me under [details].
2. On [date/time, PH], I was defrauded by [username/alias/phone or Unknown] via [platform/website/call].
3. The scheme was as follows: [clear narrative in numbered paragraphs].
4. As a result, the following transactions occurred without my authority: [table of date/time/amount/ref no./channel/counterparty].
5. I immediately took these steps: [blocked card, called bank, filed recall, etc.] on [date/time].
6. I suffered loss totaling ₱[amount].
7. I am executing this to support criminal charges for [estafa, computer-related fraud, identity theft, access devices fraud, as applicable] and for any lawful actions to recover my funds.

ATTACHMENTS: [IDs, screenshots, statements, chat logs, email headers, etc.]

[Affiant’s Signature Over Printed Name]
SUBSCRIBED AND SWORN to before me this [date] in [city/province], affiant exhibiting [ID details].

11) Special scenarios

  • Compromised email leading to invoice fraud (business email compromise): ask your bank for an urgent recall; notify the receiving bank via your bank; file with NBI/PNP-ACG; alert suppliers and customers; consider preliminary attachment in a civil case if the mule account holder is identified.
  • Romance/crypto “investment”: preserve wallet addresses/transaction hashes; report exchange handles; provide on-chain explorers links; banks often deny chargebacks where you voluntarily sent funds—focus on criminal complaint and platform/exchange flags.
  • Loan-app harassment/doxing: file with NBI/PNP-ACG for unlawful processing and harassment; complain to the National Privacy Commission (NPC) for data-privacy violations; keep all messages as evidence.

12) Prevention checklist (Philippines-specific)

  • Use passkeys or app-based authenticators (avoid SMS OTP where possible).
  • Transaction alerts on every account; daily balance checks for high-risk wallets.
  • Separate “spending” card with low limit for online purchases.
  • Whitelist devices and enable login notifications.
  • Telco PIN/PUK and SIM lock; do not post your number publicly.
  • Never share OTPs, one-time links, recovery codes; no screen-sharing with strangers.
  • Keep a fraud pack ready: PDFs of IDs, recent statement, and a prewritten dispute letter you can fill and send fast.

13) Quick decision tree

  • Card charge posted? → Dispute with issuer now → Provide police/NBI report → Escalate via RA 11765 if needed.
  • Bank/e-wallet transfer? → Request recall/flag immediately → File with NBI/PNP-ACG → Prepare evidence for AMLC-type preservation via LE.
  • Investment pitch / unregistered entity? → File with SEC + LE; warn bank/platform; keep proof of solicitations.

14) FAQs

Q: Can my bank just put the money back? A: For card disputes, sometimes after investigation; for transfers, only if funds are still there and legal/practical conditions are met. Otherwise, you’ll likely need law-enforcement and/or court action.

Q: Can I force the telco/bank to tell me who owns the mule account? A: Generally no. Data is disclosed to law enforcement or by court order.

Q: What if I shared my OTP by mistake? A: Disclose it. Banks consider OTP sharing, but many scams involve deception/coercion. File anyway; the criminal case is independent of bank policy.

Q: How long do I have to file? A: Immediately for recalls/chargebacks (hours to days). Criminal/civil cases have legal prescriptive periods, but evidence and logs are time-limited—file now.

15) Action-oriented checklist (print this)

  • Block card/wallet; change passwords; lock SIM if needed
  • Call bank/EMI; open dispute or recall; get case number
  • Save all evidence; export chats; download statements
  • File blotter + NBI-CCD or PNP-ACG complaint with sworn affidavit
  • Send formal written dispute/recall letter with attachments
  • Track deadlines; escalate via BSP Consumer Assistance (for banks/EMIs) or SEC/NPC where applicable
  • Consider civil remedies (Small Claims up to ₱1,000,000; consult counsel for more)

If you want, I can turn this into a fill-in-the-blanks packet (editable dispute letter + affidavit + checklist) you can download and use right away.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login