How to Report an Online Scam Using Bank and E-Wallet Details

If you sent money to a scammer through a Philippine bank transfer, QR payment, GCash, Maya, Coins, GrabPay, or another e-wallet, the most important thing is speed. Bank and e-wallet transfers can move through several accounts within minutes. A proper report should do two things at once: ask your own bank or e-wallet to treat the transaction as a disputed transaction, and give law enforcement enough details to trace the recipient account. This guide explains what details to collect, where to report an online scam in the Philippines, what laws apply, what banks and e-wallets can realistically do, and what to expect after you file.

What “reporting an online scam using bank and e-wallet details” really means

Many victims only have the scammer’s payment details:

  • Bank or e-wallet name
  • Account name shown before payment
  • Account number, mobile number, QR code, or username
  • Transaction reference number
  • Amount, date, and time
  • Screenshots of the chat, listing, invoice, or payment confirmation

That is still useful. Under Philippine law, banks, e-wallet issuers, and other Bangko Sentral ng Pilipinas-supervised institutions can use these details to identify a disputed transaction, trace where the money went, and coordinate with other institutions involved in the transfer chain.

A common mistake is reporting only to the police days later. Criminal reporting is important, but for possible recovery or freezing of funds, the first urgent report should usually be to the source institution—the bank or e-wallet account you used to send the money. BSP Circular No. 1215, series of 2025, implements the Anti-Financial Account Scamming Act rules on temporary holding of disputed funds and coordinated verification among BSP-supervised institutions. It recognizes complaint-initiated holding through the source institution’s 24/7 fraud reporting channel.

Philippine laws that may apply to online scams paid through banks or e-wallets

Anti-Financial Account Scamming Act: RA 12010 of 2024

Republic Act No. 12010, the Anti-Financial Account Scamming Act or AFASA, directly addresses scams that use financial accounts. It covers money muling, social engineering schemes, and other offenses involving bank accounts, e-wallets, payment accounts, and similar financial accounts. The law recognizes that scammers often use accounts opened by other people or “mules” to receive and move stolen funds. (Lawphil)

AFASA is especially important because it allows institutions to temporarily hold funds involved in a disputed transaction for a period prescribed by the BSP, not exceeding 30 calendar days unless extended by a competent court. A transaction may be considered disputed when there is reasonable ground to believe it is unusual, has no clear economic purpose, comes from an illegal source, or was facilitated through social engineering. (Lawphil)

AFASA also gives the BSP authority to investigate and inquire into financial accounts that may be involved in prohibited acts. For those accounts, bank secrecy, foreign currency deposit secrecy, non-stock savings and loan association confidentiality, and data privacy restrictions do not bar the BSP investigation, subject to the law’s safeguards. (Lawphil)

Cybercrime Prevention Act: RA 10175 of 2012

Republic Act No. 10175, the Cybercrime Prevention Act of 2012, applies when the scam uses a computer system, mobile phone, social media, email, website, app, online marketplace, QR code, or other ICT system. Its implementing rules cover computer-related fraud, computer-related identity theft, and offenses committed through information and communications technology. (Supreme Court E-Library)

If a Revised Penal Code crime or special-law offense is committed through ICT, the cybercrime rules provide that the penalty may be one degree higher. This is why an online scam is often treated more seriously than an ordinary face-to-face swindling incident. (Supreme Court E-Library)

Estafa under Article 315 of the Revised Penal Code

Many online scams are also estafa, or swindling, under Article 315 of the Revised Penal Code. In a typical online seller, investment, job, rental, or romance scam, the key issue is whether the scammer used false pretenses or fraudulent acts before or at the same time you parted with your money.

For example, estafa may be alleged when a person:

  • Uses a fake identity or fictitious business name
  • Pretends to be an authorized seller, broker, agent, recruiter, or employee
  • Offers a product, room, visa service, job, or investment that does not exist
  • Induces you to send money, then disappears or gives false excuses

The Supreme Court has repeatedly explained that estafa by false pretenses requires the false representation to be made before or simultaneously with the fraud, that the victim relied on it, and that the victim suffered damage. (Supreme Court E-Library)

Access Devices Regulation Act: RA 8484 of 1998, as amended by RA 11449 of 2019

Republic Act No. 8484, the Access Devices Regulation Act, may apply when the scam involves unauthorized use of cards, account numbers, PINs, codes, electronic identifiers, or similar means of account access. The law defines an access device broadly to include a card, code, account number, PIN, electronic serial number, or other means of account access that can be used to obtain money or initiate a transfer of funds. (Lawphil)

This matters in phishing, OTP scams, account takeover, fake bank calls, fake e-wallet verification messages, and unauthorized card or wallet transactions.

Financial Products and Services Consumer Protection Act: RA 11765 of 2022

Republic Act No. 11765, the Financial Products and Services Consumer Protection Act, protects financial consumers and gives them rights to fair treatment, protection of assets against fraud and misuse, data privacy, and timely complaint handling. BSP materials explain that BSP-supervised institutions must provide assistance and relevant information to consumers affected by fraudulent or unauthorized transactions.

This law does not automatically guarantee a refund, but it gives you a regulatory path when your bank or e-wallet mishandles your complaint.

What to do immediately after discovering the scam

1. Stop all communication that could expose more information

Do not send more money for “refund processing,” “account unlocking,” “tax clearance,” “delivery insurance,” “anti-money laundering clearance,” or “verification.” These are common second-wave scams.

If you gave your OTP, PIN, password, card number, or ID photo:

  • Change your password immediately.
  • Remove saved devices.
  • Disable or lock the card if possible.
  • Call your bank or e-wallet’s fraud hotline.
  • Turn on stronger authentication if available.
  • Check recent transactions.

2. Report to your own bank or e-wallet first

Use the official app, official website, verified hotline, or in-branch reporting channel of your own bank or e-wallet. Under BSP rules, complaint-initiated holding starts with the source account owner’s complaint through the source institution’s 24/7 fraud reporting channel. The institution should verify your identity, identify the disputed transaction, document the reasons why it appears disputed, and, when applicable, take steps to preserve your source account such as disabling access or transfer functions.

Ask for:

  • A case number or reference number
  • Confirmation that the report is treated as a fraud/scam report
  • The transaction reference number or identifier
  • Whether a temporary holding request was sent to the receiving institution
  • The expected timeline for updates

3. Report to the receiving bank or e-wallet if you have the details

You may also report the recipient account to the bank or e-wallet that received the funds. Some institutions will accept a direct report from the victim; others will require the source bank/e-wallet to coordinate or will ask for a police report, affidavit, or complaint reference.

Give only factual details. Do not exaggerate or name people you cannot connect to the scam. AFASA penalizes malicious or bad-faith reporting that causes an unwarranted temporary hold of funds. (Lawphil)

4. File a cybercrime report with law enforcement

For online scams, the main law enforcement routes are:

Agency When it is useful Practical notes
PNP Anti-Cybercrime Group Online scams, phishing, hacked accounts, fake marketplace sellers, QR/e-wallet scams The BSP’s consumer advisory lists PNP-ACG contact channels for scam/fraud reporting and notes that law enforcement can commence formal investigation and apprehend scammers.
NBI Cybercrime Division More complex scams, large amounts, organized online fraud, cross-platform evidence NBI’s Citizen’s Charter for victims of computer crimes lists filing a complaint, preliminary interview, sworn statements, device examination when relevant, and no filing fee for that listed assistance. (National Bureau of Investigation)
CICC Cybercrime coordination, urgent online incident reports, referrals BSP materials list CICC as a law enforcement reporting channel for scam or fraud victims, with report@cicc.gov.ph and hotline 1326 among listed channels.
DOJ Office of Cybercrime Coordination, cybercrime policy, international cooperation, preservation procedures RA 10175 and its rules identify the PNP and NBI as cybercrime law enforcement authorities and the DOJ Office of Cybercrime as a coordinating authority for cybercrime enforcement. (Supreme Court E-Library)

A police or NBI report is often useful because banks, e-wallets, prosecutors, and platforms may ask for it before acting further.

Information to include in your report

The strongest reports are organized, chronological, and evidence-based. Prepare one folder with the following:

Evidence Why it matters
Your full name, contact details, and valid ID The institution must verify that you are the source account owner or authorized representative.
Name of your bank/e-wallet and account used Identifies the source institution.
Recipient bank/e-wallet name Helps trace which institution received the money.
Recipient account name, number, mobile number, QR code, username, or wallet ID Helps identify the beneficiary account.
Transaction reference number One of the most important data points for tracing and coordinated verification.
Exact amount, date, and time Helps match records across institutions.
Screenshots of chats, posts, ads, invoices, receipts, and profile pages Shows the false representations that induced the payment.
Link to the seller profile, marketplace listing, website, or social media account Helps law enforcement preserve and verify online evidence.
Delivery tracking, fake receipts, fake IDs, or fake permits Shows deception and modus.
Your written narrative Explains how the scam started, what was promised, why you paid, and what happened after payment.
Prior complaint reference numbers Shows you already reported to the bank, e-wallet, platform, or police.

For screenshots, keep the original files. Do not crop out timestamps, usernames, URLs, phone numbers, or profile identifiers. Export chats where possible. If you are printing screenshots for an affidavit, include captions explaining what each screenshot shows.

Sample narrative format for a scam report

Use a simple timeline. Avoid emotional conclusions and focus on facts.

  1. How you found the scammer: “On 10 January 2026, I saw a Facebook Marketplace post offering an iPhone 15 for ₱____.”
  2. What the scammer represented: “The seller used the name ____ and claimed the item was available for same-day delivery.”
  3. Why you relied on it: “The seller sent photos, a courier booking screenshot, and a copy of an ID.”
  4. Payment details: “At 3:42 p.m., I transferred ₱____ from my ____ account to ____ Bank / e-wallet account no. ____ under the name ____.”
  5. What happened after payment: “After receiving the transfer, the seller demanded an additional shipping insurance fee / blocked me / deleted the listing.”
  6. Actions already taken: “I reported this to my bank/e-wallet on ____ and received case reference no. ____.”
  7. Evidence attached: “Screenshots A to H, payment receipt, transaction confirmation, profile link, and chat export.”

This structure helps banks, investigators, and prosecutors see the elements of fraud instead of reading a long, confusing chat history.

What the bank or e-wallet can do after your report

Under AFASA and BSP Circular No. 1215, institutions involved in a disputed transaction may temporarily hold disputed funds and conduct coordinated verification. The rules require institutions to identify the transaction, trace involved financial institutions, review supporting documents such as sworn complaints, police reports, fraud findings, and investigation reports, and communicate with account owners where needed.

If funds are successfully held, the coordinated verification should be completed within the 30-calendar-day temporary holding period unless extended by a court. If no funds were held, the process should generally be completed within 30 calendar days, with a possible extension up to 60 calendar days for meritorious reasons under the source institution’s risk management policies.

If the verification shows that the disputed funds are connected to money muling, unlawful activities, illegal sources, no underlying economic purpose, or social engineering schemes, the holding institution may return the equivalent amount to the source institution for release to the source account owner. The decision is still without prejudice to other legal remedies of an aggrieved party.

What the bank or e-wallet usually cannot do

Even with a strong report, victims should understand the limits.

A bank or e-wallet usually cannot:

  • Instantly reverse a completed transfer just because you say it was a scam
  • Reveal the recipient’s home address, ID documents, or KYC file directly to you
  • Guarantee recovery if the funds have already been withdrawn or transferred onward
  • Decide criminal guilt
  • Force the scammer to appear without law enforcement or court process

This is why speed matters. The best chance of recovery is often when the report is made before the recipient withdraws or moves the money.

When to escalate to BSP

Escalate to the BSP when your complaint is about how a BSP-supervised financial institution handled your fraud report—for example, the bank or e-wallet refused to receive the complaint, failed to provide a reference number, ignored your follow-ups, gave unclear responses, or did not follow its consumer assistance process.

BSP explains that its Consumer Assistance Mechanism is a second-level recourse, meaning you should first report to the institution’s Financial Consumer Protection Assistance Mechanism or customer service channel. If you are not satisfied, you may escalate through the BSP Online Buddy chatbot or, if you cannot access it, by submitting a complaint form and proof that you first went through the institution’s channel.

BSP materials also state that the BSP-CAM process may take about 55 to 65 days from receipt of the complaint to termination, and that no lawyer is needed for BSP-CAM.

Special situations

Online seller scams

If the issue is an online merchant who failed to deliver, delivered a fake item, or disappeared after payment, report to the bank/e-wallet and law enforcement if there is fraud. You may also file a consumer complaint with the Department of Trade and Industry. DTI’s e-commerce FAQ states that consumer complaints against online sellers may be sent to the Fair Trade Enforcement Bureau, with eco@dti.gov.ph copied, and that DTI accommodates complaints involving online and offline businesses. (DTI ECommerce)

The Internet Transactions Act, RA 11967 of 2023, also created a stronger legal framework for online consumer and merchant protection in the Philippines. DTI’s e-commerce legal resources list RA 11967 and its implementing rules as measures intended to build trust between online merchants and online consumers. (DTI ECommerce)

Investment scams, crypto scams, and online lending scams

If the scam involves pooled investments, guaranteed returns, fake trading, fake crypto investment platforms, or unregistered securities offerings, report to the Securities and Exchange Commission as well. The SEC iMessage system includes e-complaints on investment scams under its Enforcement and Investor Protection Department. (Securities and Exchange Commission)

If the issue involves financing companies, lending companies, online lending apps, or their collection agencies, BSP’s complaint guide states that those complaints are best directed to the SEC because the SEC regulates those institutions.

OFWs, Filipinos abroad, and foreign victims

A scam report can often start by email, app, hotline, or online portal, especially for banks, e-wallets, CICC, and platform reports. For a formal criminal complaint, however, you may later need a sworn affidavit, clearer identification documents, and sometimes a representative in the Philippines.

If you execute an affidavit abroad for use in the Philippines, ask whether the receiving agency requires consular notarization or an apostille. DFA apostille guidance states that DFA authentication services are handled through its apostille appointment system and that authorized representatives may apply with proper authorization; Philippine consular posts also describe consular notarization for documents executed before consular officers. (DFA Appointment System)

For foreigners, attach a clear copy of your passport bio page, proof of your payment account, proof that the transaction involved a Philippine bank/e-wallet or Philippine-based scam activity, and a short explanation of your connection to the Philippines. A foreign police report can help, but Philippine banks and investigators will still need transaction details that match the Philippine financial account.

Common mistakes that weaken scam reports

  • Waiting several days before reporting to the bank or e-wallet. Funds may be withdrawn quickly.
  • Reporting only the social media profile but not the transaction reference number. The financial trail is often more useful than the display name.
  • Deleting the chat out of anger or embarrassment. Preserve everything first.
  • Sending edited screenshots only. Keep original files and full-page screenshots.
  • Assuming the displayed account name is the mastermind. It may be a money mule, hacked account, or borrowed wallet.
  • Posting the alleged scammer’s personal data publicly. This may create privacy, defamation, or harassment issues and may alert the scammer.
  • Filing a vague report. “I was scammed by this number” is weaker than a clear timeline with payment details and screenshots.
  • Making unsupported accusations. Stick to facts you can prove.
  • Paying a “recovery agent.” Many so-called recovery services are another scam.

Practical timeline after reporting

Stage Typical timing What usually happens
Urgent fraud report to bank/e-wallet Same day, ideally immediately Account is verified, case number issued, transaction identified, possible holding request initiated.
Initial holding or tracing Hours to days, depending on institution and whether funds remain Institutions check whether funds are intact, transferred, or withdrawn.
Coordinated verification Up to 30 calendar days if funds are held Institutions review documents, communicate with account owners, and verify legitimacy.
Possible extended verification if no funds held Up to 60 calendar days in meritorious cases Source institution may continue verification based on risk policies.
BSP-CAM escalation About 55–65 days from receipt to termination BSP facilitates second-level consumer complaint handling after you first complain to the institution.
Criminal investigation Varies widely PNP/NBI may take sworn statements, evaluate digital evidence, request records, coordinate with platforms or institutions, and refer for prosecution if supported.

Frequently Asked Questions

Can I get my money back if I only have the scammer’s bank account or e-wallet number?

Possibly, but it depends mainly on speed and whether the funds are still in the financial system. Under AFASA and BSP Circular No. 1215, disputed funds may be temporarily held and verified. If the funds were already withdrawn, transferred through several accounts, or converted to cash or crypto, recovery becomes harder.

Should I report first to the police or to my bank/e-wallet?

For possible holding or recovery of funds, report first to your own bank or e-wallet’s official fraud channel. For criminal investigation, also report to PNP-ACG, NBI Cybercrime Division, or CICC. Do both as soon as possible.

Can the bank reveal the scammer’s real name and address to me?

Usually, no. Banks and e-wallets must protect customer information. AFASA creates mechanisms for BSP investigation and coordinated verification among institutions and authorities, but that does not mean the victim is entitled to receive the recipient’s KYC file directly.

What if the account name looked real before I sent the money?

The displayed name is useful evidence, but it may not be the mastermind. Scammers often use money mules, borrowed accounts, hacked wallets, or accounts opened using fake or stolen identities. Include the displayed name in your report, but focus on the transaction reference number and institution.

Is a police blotter enough?

A blotter can help document that you reported the incident, but a serious cybercrime or estafa complaint usually needs a clearer complaint-affidavit, sworn statements, payment records, screenshots, and other supporting evidence. NBI’s computer-crime assistance process includes sworn statements and collection of supporting documents. (National Bureau of Investigation)

Do I need a lawyer to report an online scam?

Not necessarily. You can report to your bank/e-wallet, PNP, NBI, CICC, DTI, SEC, or BSP without a lawyer. BSP materials expressly state that a lawyer is not needed for BSP-CAM.

What if I voluntarily sent the money?

Voluntary transfer does not automatically defeat a scam report. Many estafa and social engineering cases involve victims who willingly sent money because they were deceived. The key is proving the false representation, your reliance on it, the payment, and the damage.

What if the scammer used GCash, Maya, or another e-wallet instead of a bank?

Report it the same way: start with your own source institution, then report the recipient wallet details, reference number, amount, date, and time. E-wallet issuers regulated by the BSP are part of the financial ecosystem covered by consumer protection and AFASA-related coordinated verification rules when applicable.

Can I report a Philippine online scam from abroad?

Yes. Start with online or email reporting to your bank/e-wallet and the relevant Philippine cybercrime channels. For formal affidavits or representative filings, you may need a consular-notarized or apostilled document, depending on where the document is executed and what the receiving agency requires.

What if the bank or e-wallet ignores me?

Follow up in writing and ask for the complaint reference number, status, and basis for any denial. If you already used the institution’s complaint mechanism and remain dissatisfied, escalate to BSP-CAM as a second-level recourse.

Key Takeaways

  • Report the scam immediately to your own bank or e-wallet’s official fraud channel.
  • Preserve the transaction reference number, recipient account details, amount, date, time, and screenshots.
  • File a cybercrime report with PNP-ACG, NBI Cybercrime Division, or CICC for investigation.
  • AFASA allows temporary holding and coordinated verification of disputed funds, but recovery is not guaranteed.
  • BSP is for complaints against banks, e-wallets, and other BSP-supervised institutions after you first complain to the institution.
  • DTI may help with online seller complaints; SEC may help with investment scams, lending companies, and online lending app issues.
  • A clear timeline and complete evidence are stronger than a long emotional narrative.
  • Do not delete chats, send more money, or rely on “recovery agents” who promise guaranteed refunds.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.