How to Report E-Wallet Fraud to Maya and File a Cybercrime Complaint (Philippines)

How to Report E-Wallet Fraud to Maya and File a Cybercrime Complaint (Philippines)

This is practical legal information for the Philippines. It is not a substitute for advice from your own lawyer.

Quick-start checklist (do these now)

  1. Lock things down

    • Change your Maya PIN/password; enable biometrics if available.
    • If you used the same password elsewhere, change it there too.
    • If you suspect a SIM swap or SMS interception, call your telco to suspend/replace the SIM.

  2. Preserve evidence

    • Take timestamped screenshots of transactions, reference numbers, chat/SMS/OTP logs, caller IDs, emails, links/URLs, ads/posts, and any ID or account details the scammer used.
    • Export your Maya transaction history (CSV/PDF) and save to multiple locations.
    • Do not wipe or factory-reset your phone or laptop.

  3. Report to Maya (immediately)

    • Use the in-app Help/Support or official channels to report “unauthorized transaction/fraud.”
    • Ask for: a case/incident number, a written acknowledgment, and (if applicable) a card/wallet block and dispute filing.
    • Request preservation of logs and “certification of disputed transactions” for law-enforcement use.

  4. Report to law enforcement

    • File a complaint with PNP Anti-Cybercrime Group (ACG) or NBI Cybercrime Division.
    • Bring your evidence bundle and one valid ID. Ask them to assist in rapid data preservation and to issue/subpoena requests to Maya.

  5. Escalate if needed

    • If you believe Maya mishandled the complaint, use the Financial Consumer Protection escalation path to the Bangko Sentral ng Pilipinas (BSP) after you’ve tried Maya’s internal resolution.
    • Consider a Data Privacy complaint with the National Privacy Commission (NPC) if your personal data was mishandled or breached.

Understanding the legal landscape

  • Cybercrime Prevention Act of 2012 (RA 10175). Typical charges for e-wallet scams include computer-related fraud and computer-related identity theft. The law also compels service providers to preserve computer data upon request for a minimum period (investigators know how to trigger this).
  • Access Devices Regulation Act (RA 8484). Covers unauthorized use of “access devices,” a term broad enough to include e-wallet credentials, card numbers, OTPs, and similar instruments.
  • Revised Penal Code (Estafa, Art. 315). Often paired with cybercrime when deceit caused monetary loss.
  • Financial Consumer Protection Act of 2022 (RA 11765). Sets duties for financial service providers (including licensed e-money issuers like Maya) on complaint handling, disclosure, and redress.
  • Data Privacy Act (RA 10173). Governs handling of your personal data and remedies for privacy violations.
  • Anti-Money Laundering Act (RA 9160, as amended). Lets authorities seek freeze orders; Maya can also file Suspicious Transaction Reports (STRs) that help trace and restrain flows.
  • Rules on Electronic Evidence & Cybercrime Warrants. Screenshots, device logs, SMS, and platform records are admissible if properly authenticated; investigators can obtain warrants to disclose/search/seize/intercept computer data.

Practical effect: Even if funds moved quickly, early reporting + preservation + coordinated requests to Maya and receiving institutions can freeze residual balances, obtain KYC of recipients, and build a prosecutable case.

Part I — Reporting to Maya (what to do and what to expect)

A. How to file the report

  • Use in-app Support (Help/Chat/Report an Issue) or official support channels described in the app.

  • Select “Unauthorized transaction,” “Scam,” or “Account takeover.”

  • Provide:

    • Your full name, registered mobile/email, and government-issued ID (if requested).
    • Exact transaction details: date/time (PH time), amount, reference number, counterparty name/number, channel (Send Money/QR/Transfer/Online Card), device used.
    • Narrative of what happened (who contacted you, what link/app you used, where the QR came from, any remote-access apps installed, OTP or PIN prompts).
    • Evidence: screenshots, SMS, call logs, chat threads, emails, links, photos, and receipts.

B. Ask for these specifically

  • Case/Incident Number and a written acknowledgment of your complaint.
  • Immediate security actions: lock the wallet, disable “send money,” block the Maya card, remove linked devices.
  • Transaction dispute (for card-network transactions) and trace/recall attempts for transfers (note: recalls are not guaranteed; success depends on whether funds remain).
  • Data preservation of relevant logs (IP/device/IMEI, session logs, KYC of recipient accounts—released to law enforcement upon proper process).
  • A “Certification/Letter of Disputed Transactions” listing the unauthorized entries—useful for police, NBI, prosecutor, and insurance.

C. Timelines and limitations to understand

  • Reversals/recalls are not automatic. Once funds post to another wallet/bank and are cashed out/spent, reversal is unlikely without a hold/freeze on the recipient’s end.
  • Disclosure limits. Due to privacy laws, Maya generally cannot give you the other party’s identity without a subpoena/warrant—but they can give it to law enforcement.
  • Card disputes. If your Maya card (physical/virtual) was used fraudulently with merchants, standard card chargeback windows apply (often 30–120 days depending on scheme/reason code). File immediately to preserve rights.

Part II — Filing a cybercrime complaint

You can go to PNP-ACG or NBI Cybercrime. Either can investigate; some people file with both to move quickly.

A. Where and who has jurisdiction

  • Venue: Any city/province where any element of the crime occurred (e.g., where you were when defrauded, where devices/servers are located, where money was received/cashed out).
  • Courts: Special Cybercrime Courts (Regional Trial Courts) handle warrants and cases.
  • Extraterritorial: RA 10175 allows prosecution even if elements happened partly outside the Philippines (e.g., OFW victims).

B. What to bring (evidence bundle)

  • 1 valid government ID.

  • Sworn Affidavit (see template below) narrating facts in chronological order.

  • Annexes:

    • Maya certification/acknowledgment and transaction statement.
    • Screenshots of the scam (full screen with visible timestamps and URLs), SMS/calls, messenger chats, emails with headers.
    • Bank/wallet receipts, Instapay/Pesonet references, QR images.
    • Device details: phone model, OS version, installed remote-access apps (e.g., AnyDesk), antivirus logs, and whether biometrics/OTP were used.
    • If SIM-swap suspected: telco service logs (date/time of SIM replacement or IMSI change) or a telco acknowledgment reference number.

Chain of custody tip: Put each file/screenshot in an Annex folder labeled by exhibit number. Keep originals unedited; if you must redact, keep an unredacted copy for investigators.

C. Offense mapping (common charging combinations)

  • Computer-related fraud (RA 10175) + Estafa (RPC) — for deceit-led transfers.
  • Computer-related identity theft (RA 10175) — if your name/photo/ID were used.
  • Access Devices fraud (RA 8484) — if credentials/OTP/card numbers were captured/used.
  • Qualified theft — if the offender is an insider with fiduciary access.
  • Data Privacy violations (RA 10173) — if a controller/processor mishandled your personal data (administrative).

D. What investigators can do (and why your early report matters)

  • Issue data preservation requests to Maya and other providers (statutory minimum preservation period applies).
  • Apply for Cybercrime Warrants to disclose/search/seize/intercept data (e.g., recipient KYC, IP logs, device identifiers).
  • Coordinate with AMLC for freeze orders where money remains parked.

E. Prosecutor’s process (overview)

  1. Intake at PNP-ACG/NBI; execution of sworn complaint-affidavit and receiving of annexes.
  2. Case build-up: subpoenas to Maya/banks/telcos; preservation; link analysis of accounts/phones/devices.
  3. Filing with the City/Provincial Prosecutor for inquest (if suspect arrested) or preliminary investigation (if at-large).
  4. If probable cause is found, Information is filed in court; warrants may issue.

Part III — Escalating consumer protection & privacy remedies

A. BSP escalation (Financial Consumer Protection)

  • Use Maya’s internal complaint pathway first.
  • If unresolved or you believe there’s regulatory non-compliance, escalate to BSP Consumer Assistance with: your narrative, incident/case number, copies of correspondence, and relief sought (e.g., refund for unauthorized transaction, correction of records).
  • Relief depends on facts, including whether the loss stemmed from system error, provider negligence, or consumer negligence. Keep your requests specific and documented.

B. NPC complaint (Data Privacy)

  • File if your personal data was mishandled (e.g., undisclosed breach, over-collection, failure to secure).
  • Ask for the Data Breach Notification (if any) and the controller’s remedial measures; include these in your NPC filing.

Part IV — Special scenarios

1) SIM-swap or OTP interception

  • Immediately suspend the SIM and replace in person with telco verification.
  • Secure your email and backup numbers (many account resets go through email).
  • Include telco change-SIM logs and ticket numbers in your evidence.

2) Remote-access app / screen-sharing

  • Uninstall the app; run a mobile security scan.
  • Change credentials on a clean device.
  • Note the app name, installation time, and who asked you to install it.

3) Fake merchant / QR tampering

  • Keep photos of the QR standee and location.
  • If it’s a QR Ph payment, investigators can trace the receiving FI and request a freeze if funds remain.

4) Card-not-present (online) use of your Maya card

  • Block the card in-app; file a chargeback dispute quickly.
  • Provide merchant descriptors, transaction dates/amounts, and proof you controlled the card.

5) Wrong recipient (honest mistake)

  • Report to Maya at once and request a trace/notify; recovery depends on recipient’s cooperation or legal action.
  • If the recipient refuses to return, that can ripen into unjust enrichment/estafa—seek police assistance.

Evidence & documentation templates

A. Affidavit of Complaint (skeleton)

AFFIDAVIT OF COMPLAINT I, [Name], Filipino, of legal age, with address at [Address], after being duly sworn, state:

  1. I am the registered owner of Maya account no. [number/email].
  2. On [date/time, PH time], I discovered the following unauthorized transactions totaling ₱[amount]: [list with reference numbers].
  3. The incident happened as follows: [chronological narrative: how you were contacted, links clicked, OTP prompts, device used].
  4. I did not authorize these transactions. I did not share my PIN/OTP/password [or explain if you were deceived and how].
  5. I immediately reported the matter to Maya on [date/time], received Case No. [xxx], and requested [block/dispute/preservation].
  6. Attached as Annexes “A” to “__” are true and faithful copies of transaction records, screenshots, chats, SMS, emails, call logs, device info, and Maya’s acknowledgment.
  7. I am executing this affidavit to request investigation and prosecution for [computer-related fraud/identity theft/estafa/RA 8484, etc.]. [Signature over printed name] ID details Jurat/Subscription before administering officer or prosecutor

B. Chain-of-Custody Log (short form)

Exhibit File name / Source Who collected Date/Time (PH) Description Storage location
A-1 2025-08-22_MayaTxn_Ref1234.png J. Dela Cruz 22 Aug 2025 14:12 Screenshot – unauthorized send money USB01 / Cloud folder

What Maya (and other providers) can and cannot do

Can

  • Lock your account/card; flag counterparties.
  • File STRs with AMLC; cooperate with police/NBI.
  • Preserve logs/records and furnish them to law enforcement on proper legal process.
  • Run dispute/chargeback workflows for card transactions.

Cannot (without legal process)

  • Disclose another user’s KYC details directly to you.
  • Reverse a transfer that has been withdrawn/spent.
  • Guarantee recovery on push payments (you initiated the transfer), unless negligence/system issues are proven.

Common pitfalls (and how to avoid them)

  • Paying “tracking” or “refund processing” fees to strangers—this is a second-stage scam. Only pay official fees at government offices or banks.
  • Editing screenshots — keep originals; annotate copies only.
  • Delaying your report — preservation windows run quickly; earlier is better.
  • Negotiating with the scammer — refer all contact to investigators.
  • Reusing passwords — rotate to unique, strong credentials; enable MFA/biometrics.

Civil remedies (in addition to criminal)

  • You may file a civil action for damages against identified offenders.
  • For claims up to ₱1,000,000, Small Claims may be available (no lawyer required), depending on the cause of action and parties.
  • Keep receipts for out-of-pocket losses (telco fees, notarization, transport) for possible recovery.

FAQs

Q: Will I get my money back? A: There is no guarantee. Recovery depends on how fast you reported, whether funds are still parked, and the facts (e.g., provider/system fault vs. social-engineering). Card chargebacks follow network rules; push transfers rely on freezes and cooperation.

Q: Do I have to go to the barangay first? A: No for criminal complaints. Barangay conciliation can apply to purely civil money claims when parties reside in the same city/municipality, but cybercrime complaints proceed directly to police/NBI/prosecutor.

Q: I was tricked into sharing an OTP—does that kill my case? A: Not necessarily. Deceit can still constitute estafa and computer-related fraud. Provide full context; investigators look at the scammer’s conduct, not just the OTP fact.

Q: I’m overseas (OFW). Can I file? A: Yes. RA 10175 allows action even if parts occurred abroad. Coordinate with NBI/PNP via relatives/attorneys-in-fact and execute a Special Power of Attorney if needed.

Final practical tips

  • Keep a case diary (dates/times of every step, names of agents/officers, reference numbers).
  • Store a master evidence zip with read-only copies; share a duplicate with the investigator.
  • If you hire counsel, give them your Maya case number and all annexes on Day 1.
  • After resolution, request Maya to restore/rectify your account records and consider changing your registered number/email.

One-page “to-Maya” request language you can reuse

“I am reporting unauthorized transactions on my Maya account [number/email] on [date/time], totaling ₱[amount] (Refs: [xxxx]). Please (1) block my wallet/card and remove linked devices, (2) file dispute/trace/recall where applicable, (3) preserve all relevant logs and records (session/IP/device/recipient KYC/communication logs), and (4) issue a written certification of disputed transactions and an incident report (Case No. [______]) for law-enforcement and prosecutor use. I will also coordinate with PNP-ACG/NBI.”

If you want, I can tailor this to your exact incident (type of scam, dates, amounts) and generate your affidavit + annex index in ready-to-print format.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login