How to Report Identity Theft Using Your Name in a Loan App

I. Introduction

Identity theft involving loan applications has become a serious problem in the Philippines. A person may discover that their name, mobile number, government ID, address, selfie, contact list, or other personal data has been used to create an account with an online lending application, apply for a loan, or harass family and friends for payment of a debt they never incurred.

This situation is not merely an inconvenience. It may involve criminal offenses, violations of data privacy law, unfair debt collection practices, and possible civil liability. The victim should act quickly to preserve evidence, deny liability in writing, report the incident to the proper authorities, and protect their credit, identity, and personal data.

This article explains what identity theft through loan apps is, what Philippine laws may apply, where to report it, what documents to prepare, and what legal remedies may be available.

II. What Is Identity Theft in the Loan App Context?

Identity theft occurs when another person uses someone else’s personal information without authority, usually to obtain money, credit, goods, services, or some other benefit.

In the loan app setting, identity theft may happen when:

  1. A loan account is opened using another person’s name;
  2. A government ID, selfie, or mobile number is used without consent;
  3. A SIM card or mobile wallet is used to receive loan proceeds under another person’s identity;
  4. A person’s contacts are accessed and harassed by the lending app;
  5. The victim is threatened, shamed, or falsely accused of refusing to pay;
  6. The victim receives collection messages for a loan they did not apply for;
  7. The victim’s name appears in a lending platform, credit report, or collection notice for a debt they do not recognize.

The key legal issue is lack of consent. If the victim did not apply for the loan, did not authorize anyone to use their identity, and did not receive or benefit from the loan proceeds, they should not be treated as the borrower.

III. Common Warning Signs

A person may be a victim of identity theft involving a loan app if they experience any of the following:

  1. Receiving text messages, calls, or emails demanding payment for an unknown loan;
  2. Being contacted by a lending app despite never downloading or using it;
  3. Friends, relatives, or co-workers receiving collection messages about the victim;
  4. Threats to post the victim’s photo, ID, or personal information online;
  5. Fake accusations that the victim is a scammer or runaway borrower;
  6. Unknown loan accounts linked to the victim’s mobile number, email, or ID;
  7. A suspicious OTP, verification message, or login attempt from a loan app;
  8. Discovery that a lost ID, compromised phone, hacked account, or stolen SIM was used to borrow money.

Once these signs appear, the victim should immediately document everything.

IV. Relevant Philippine Laws

Several Philippine laws may apply depending on the facts.

A. Revised Penal Code

Identity theft may overlap with offenses under the Revised Penal Code, especially when fraud, deceit, falsification, threats, coercion, or unjust vexation is involved.

Possible offenses may include:

  1. Estafa — if the offender used deceit or false pretenses to obtain money or credit;
  2. Falsification — if documents, signatures, IDs, or electronic records were falsified;
  3. Grave threats or light threats — if the victim was threatened with harm, public shaming, or exposure;
  4. Unjust vexation — if the acts caused annoyance, harassment, distress, or disturbance without lawful justification.

The exact offense depends on the evidence and the prosecutor’s evaluation.

B. Cybercrime Prevention Act of 2012

If the act was committed through a computer system, mobile app, online platform, electronic communication, or digital account, the Cybercrime Prevention Act may apply.

The law penalizes certain cyber-related offenses, including illegal access, computer-related fraud, computer-related identity theft, and cyber-related forms of traditional crimes.

In loan app identity theft, this law may be relevant when:

  1. The victim’s personal information was used through an app or website;
  2. The offender created an online account using the victim’s identity;
  3. Fraud was committed through electronic means;
  4. Personal data, photos, IDs, or contacts were misused digitally;
  5. Threats or harassment were sent through text, chat, email, or social media.

C. Data Privacy Act of 2012

The Data Privacy Act protects personal information and sensitive personal information. A loan app, lending company, collection agency, or other entity that collects, uses, stores, shares, or discloses personal data must have a lawful basis and must follow data privacy principles.

The law may be violated when a loan app or collector:

  1. Processes personal data without consent or lawful basis;
  2. Uses the victim’s ID, selfie, contact list, phone number, or address without authority;
  3. Discloses loan information to relatives, friends, employers, or social media contacts;
  4. Publicly shames the alleged borrower;
  5. Threatens to post personal data online;
  6. Fails to secure personal data from misuse;
  7. Refuses to correct or delete false account information;
  8. Continues collection despite notice of identity theft.

The National Privacy Commission may receive complaints involving improper processing, unauthorized disclosure, or failure to protect personal information.

D. Lending Company Regulation Act and SEC Rules

Many online lending platforms are lending companies or financing companies subject to regulation by the Securities and Exchange Commission. The SEC has issued rules and advisories against abusive, unfair, and improper debt collection practices.

A loan app or its collectors may be reported to the SEC if they engage in conduct such as:

  1. Threatening borrowers or alleged borrowers;
  2. Using obscenity, insults, or humiliating language;
  3. Contacting persons in the victim’s contact list to shame or pressure them;
  4. Misrepresenting legal consequences;
  5. Publicly posting personal information;
  6. Continuing to collect from someone who denies the loan and reports identity theft;
  7. Operating without proper registration or authority.

Even if the victim did not borrow money, the SEC may still be relevant if the app or company is a regulated lending or financing entity.

E. SIM Registration and Related Concerns

If the identity theft involved a mobile number, lost SIM, unauthorized SIM use, or OTP interception, the victim should also consider SIM-related remedies. A compromised SIM may be used to register accounts, receive loan proceeds, bypass verification, or impersonate the victim.

The victim should immediately contact the telecommunications provider to report the compromise, request blocking or replacement if necessary, and secure written confirmation of the report.

F. Civil Code Remedies

The victim may also have civil remedies if they suffered damage, humiliation, loss of reputation, emotional distress, financial loss, or injury due to wrongful acts. Depending on the facts, possible claims may involve damages for fraud, negligence, abuse of rights, defamation, invasion of privacy, or other wrongful conduct.

Civil remedies may be pursued separately or together with criminal or administrative complaints, subject to procedural rules.

V. Immediate Steps for the Victim

Step 1: Do Not Pay the Loan If You Did Not Borrow It

A victim should not immediately pay a loan they did not apply for simply to stop harassment. Payment may later be misunderstood as acknowledgment of the debt. Instead, the victim should issue a clear written denial and demand investigation.

A proper response may say:

“I deny applying for, receiving, authorizing, or benefiting from this loan. I am a victim of identity theft. Please immediately stop collection activities against me, preserve all records, provide the account details and verification documents, and investigate this fraudulent transaction.”

The victim should communicate in writing when possible, such as by email, app support ticket, or official customer service channel.

Step 2: Preserve Evidence

Evidence is critical. The victim should save:

  1. Screenshots of loan app messages;
  2. Text messages and call logs;
  3. Emails and collection notices;
  4. Names and numbers of collectors;
  5. App name, company name, website, email address, and phone numbers;
  6. Screenshots of threats or public posts;
  7. Messages sent to relatives, friends, or employers;
  8. Proof that the victim did not receive loan proceeds;
  9. Bank, e-wallet, or transaction records;
  10. Copies of IDs allegedly used;
  11. Proof of lost ID, lost phone, hacked account, or compromised SIM, if applicable;
  12. Any police blotter, telco report, or bank report.

The victim should avoid deleting messages, even if they are distressing. If possible, export conversations and keep backup copies.

Step 3: Identify the Loan App and Company

The victim should determine:

  1. The exact name of the loan app;
  2. The lending company or financing company behind it;
  3. Whether it is registered with the SEC;
  4. Its official email address and customer support channels;
  5. Its privacy policy and registered business details;
  6. The collection agency, if any.

Some abusive loan apps use different app names from their corporate names. The victim should check the app page, messages, privacy policy, terms and conditions, and collection notices for identifying details.

Step 4: Send a Written Dispute and Demand Letter

The victim should send a written dispute to the loan app or lending company. The letter should:

  1. Deny the loan;
  2. State that the victim is reporting identity theft;
  3. Demand proof of the loan application;
  4. Demand copies of documents, logs, IP addresses, device information, phone numbers, bank or e-wallet disbursement details, and verification records;
  5. Demand immediate suspension of collection;
  6. Demand removal or correction of false records;
  7. Demand that the company stop contacting third parties;
  8. Demand preservation of evidence;
  9. Reserve the right to file complaints with the PNP, NBI, NPC, SEC, and other agencies.

The victim should keep proof of sending.

VI. Where to Report Identity Theft Involving a Loan App

A. Philippine National Police Anti-Cybercrime Group

The PNP Anti-Cybercrime Group may receive reports involving online fraud, cyber identity theft, harassment through electronic means, and other cyber-related offenses.

A victim should prepare:

  1. Valid government ID;
  2. Screenshots and printed copies of messages;
  3. Links, phone numbers, email addresses, and account names used;
  4. Chronology of events;
  5. Copies of the fake loan demand;
  6. Proof that the victim did not apply for or receive the loan;
  7. Any details about the suspected offender.

The victim may request assistance in investigating the digital trail, including accounts, phone numbers, and electronic communications.

B. National Bureau of Investigation Cybercrime Division

The NBI Cybercrime Division may also investigate online identity theft, cyber fraud, unauthorized use of personal information, and related digital offenses.

The victim should bring the same evidence: screenshots, URLs, app details, contact numbers, emails, IDs, transaction records, and a written narrative.

C. National Privacy Commission

The National Privacy Commission is the proper agency for complaints involving misuse, unauthorized processing, or unauthorized disclosure of personal data.

A complaint may be appropriate if the loan app or collector:

  1. Used the victim’s personal data without consent;
  2. Failed to verify identity properly;
  3. Disclosed the alleged debt to third parties;
  4. Accessed the victim’s contacts without valid authority;
  5. Sent defamatory or threatening messages to contacts;
  6. Refused to correct false personal information;
  7. Failed to respond to the victim’s data privacy request;
  8. Failed to secure personal data.

Before filing, it is often advisable to send the company a written request or complaint, unless urgent circumstances justify immediate reporting.

D. Securities and Exchange Commission

The SEC may receive complaints against lending companies, financing companies, or online lending platforms for abusive collection practices, unfair conduct, or operating without authority.

A complaint to the SEC should include:

  1. Name of the loan app;
  2. Name of the lending or financing company, if known;
  3. Screenshots of the app and messages;
  4. Proof of threats, harassment, or third-party disclosure;
  5. Written denial of the loan;
  6. Copies of communications with the company;
  7. Details of collectors and numbers used.

The SEC complaint is especially important when the app is engaged in harassment, public shaming, or illegal collection practices.

E. Bangko Sentral ng Pilipinas

If the identity theft involves a bank, e-wallet, payment service provider, remittance channel, or financial account, the victim may also report the matter to the relevant financial institution and, when appropriate, to the Bangko Sentral ng Pilipinas consumer assistance mechanism.

This may be relevant when:

  1. Loan proceeds were sent to an e-wallet or bank account;
  2. A mobile wallet was opened or used without authority;
  3. The victim’s financial account was compromised;
  4. Unauthorized transactions occurred;
  5. A regulated financial institution failed to act on a fraud report.

F. Telecommunications Provider

If the victim’s mobile number, SIM, or OTP was involved, the victim should immediately report to the telco. The victim may request:

  1. Blocking of a lost or compromised SIM;
  2. SIM replacement;
  3. Account security review;
  4. Record of report;
  5. Assistance regarding suspicious OTPs or account takeover.

This report can support the identity theft complaint.

G. Barangay or Police Station Blotter

A blotter is not the same as a criminal case, but it creates an early record. The victim may file a blotter at the barangay or police station stating that their name and personal information were used in a loan app without consent.

The blotter may be useful when sending disputes to loan apps, banks, telcos, employers, or government agencies.

VII. What to Include in the Complaint

A strong complaint should include a clear chronology. The victim should answer the following:

  1. When did the victim first learn about the loan?
  2. Who contacted the victim?
  3. What app or company made the demand?
  4. What amount was claimed?
  5. Did the victim ever download or use the app?
  6. Did the victim ever receive money?
  7. Were the victim’s contacts messaged?
  8. Were threats made?
  9. Was personal data disclosed?
  10. Was an ID, selfie, phone number, or e-wallet used?
  11. Was there a lost ID, lost phone, hacked account, or compromised SIM?
  12. What steps has the victim already taken?

The complaint should attach evidence in organized form. It is helpful to label attachments, such as:

  • Annex A — Screenshot of collection message;
  • Annex B — Screenshot of message sent to relative;
  • Annex C — Copy of written dispute to loan app;
  • Annex D — Proof of non-receipt of loan proceeds;
  • Annex E — Telco report;
  • Annex F — Police blotter.

VIII. Sample Written Denial to a Loan App

Subject: Formal Denial of Loan and Notice of Identity Theft

To the Compliance Officer / Data Protection Officer / Customer Support Team:

I am writing to formally deny the loan account allegedly registered under my name.

I did not apply for this loan, did not authorize any person to apply for this loan on my behalf, did not receive the proceeds of this loan, and did not consent to the use of my personal information for this transaction. I believe that my identity and personal data may have been used without authority.

I demand that your company immediately:

  1. Suspend all collection activities against me;
  2. Stop contacting my relatives, friends, employer, or other third parties;
  3. Preserve all records relating to the alleged loan application;
  4. Provide copies of the application records, verification documents, device logs, IP address logs, phone numbers, disbursement details, e-wallet or bank account details, and all personal information used;
  5. Investigate this matter as identity theft and fraud;
  6. Correct or delete any false record linking me to this loan;
  7. Confirm in writing that I will not be held liable for a loan I did not apply for or receive.

Please treat this as a formal dispute and data privacy request. I reserve all rights to file complaints with the Philippine National Police Anti-Cybercrime Group, National Bureau of Investigation Cybercrime Division, National Privacy Commission, Securities and Exchange Commission, and other proper authorities.

Sincerely, [Name] [Contact Details] [Date]

IX. Data Privacy Rights of the Victim

Under Philippine data privacy principles, a person has rights over their personal information. In the context of a fraudulent loan app account, the victim may invoke the right to:

  1. Be informed about how their data was collected and used;
  2. Access personal data held by the company;
  3. Object to unauthorized processing;
  4. Correct inaccurate or false information;
  5. Request deletion or blocking of unlawfully processed data;
  6. File a complaint for improper data handling;
  7. Claim damages when legally warranted.

A victim may ask the loan app for the name and contact details of its Data Protection Officer. The victim may also demand an explanation of the company’s basis for processing the data.

X. Harassment of Contacts and Public Shaming

Some loan apps misuse contact lists to pressure alleged borrowers. This may involve sending messages to relatives, friends, co-workers, or employers stating that the person has unpaid debt, is a scammer, or should be forced to pay.

This conduct may create several legal issues:

  1. Unauthorized disclosure of personal information;
  2. Defamation or cyber libel, depending on the content and manner of publication;
  3. Harassment or unjust vexation;
  4. Abusive debt collection;
  5. Violation of privacy rights;
  6. Possible administrative liability for the lending company.

If contacts receive messages, the victim should ask those contacts to preserve screenshots, including the sender’s number, date, time, and full message.

XI. Should the Victim Talk to the Collector?

The victim may communicate only enough to deny the debt and request formal verification. The victim should avoid emotional arguments, admissions, or informal promises.

The victim should not say:

  1. “I will pay just to stop this.”
  2. “Maybe someone in my family borrowed.”
  3. “Give me time.”
  4. “I will settle partially.”
  5. “I admit the account is mine.”

Instead, the victim should say:

“I dispute this alleged loan. I did not apply for it, did not authorize it, and did not receive the proceeds. Please send your formal verification and stop collection while this identity theft report is pending.”

Whenever possible, communicate through official written channels.

XII. What If the Loan App Claims There Is an ID or Selfie?

A loan app may claim that the account contains the victim’s ID, photo, or selfie. This does not automatically prove that the victim borrowed money.

The victim should demand:

  1. The date and time of application;
  2. The device used;
  3. IP address logs;
  4. Mobile number used;
  5. SIM verification records;
  6. E-wallet or bank account where proceeds were sent;
  7. Copy of the alleged selfie or ID submission;
  8. Any liveness detection or verification record;
  9. Any consent record;
  10. The exact account that received the funds.

A stolen ID, copied photo, edited image, hacked account, or compromised phone may have been used. The burden should not be shifted unfairly to the victim without proper verification.

XIII. What If the Victim’s Contact List Was Accessed?

If the loan app accessed or used a person’s contacts, there may be a serious data privacy issue. The victim should check whether they ever installed the app or granted permissions. If they never installed it, the app may have obtained contact information from another person’s phone or from an unauthorized source.

The victim should document:

  1. Which contacts were messaged;
  2. What messages were sent;
  3. Whether the messages disclosed debt information;
  4. Whether threats, insults, or false accusations were made;
  5. Whether personal photos or IDs were shared.

This evidence may support complaints with the NPC, SEC, PNP, or NBI.

XIV. What If the Victim Actually Downloaded the App but Did Not Borrow?

Some people download a loan app, inquire about available credit, or begin registration but do not proceed with a loan. If the app later claims that a loan was approved, the victim should still demand proof of consent, loan acceptance, disbursement, and receipt of proceeds.

Mere installation of an app should not automatically mean consent to a loan. The company must still show a valid transaction, proper disclosure, and lawful processing of personal data.

XV. What If a Relative or Friend Used the Victim’s Identity?

If a known person used the victim’s name or ID without permission, the matter may still constitute fraud or identity theft. The victim must decide whether to file a complaint against the person involved.

Even if the offender is a relative, the victim should still send a written denial to the loan app and report the unauthorized use. Otherwise, the victim may continue to suffer collection, credit, and privacy consequences.

XVI. What If the Victim’s Employer Is Contacted?

If collectors contact the victim’s employer, HR department, co-workers, or business clients, the victim should immediately preserve evidence. The victim may send the employer a short written notice explaining that the loan is disputed and that the victim is reporting identity theft.

The victim may also include employer contact as part of the complaint, especially if the messages caused reputational harm, workplace embarrassment, or employment issues.

XVII. Protection Against Credit Damage

If the loan app reports the alleged debt to a credit bureau, database, or internal blacklist, the victim should dispute the record in writing. The victim should ask for correction or deletion of inaccurate information and demand confirmation that the disputed fraudulent account will not be treated as a valid debt.

The victim should keep copies of all reports and complaint acknowledgments, as these may be needed to challenge future credit consequences.

XVIII. Possible Liability of the Loan App

A loan app or lending company may face liability if it:

  1. Failed to verify the borrower’s identity;
  2. Processed personal data without lawful basis;
  3. Disclosed personal information to third parties;
  4. Used abusive collection practices;
  5. Ignored a valid identity theft report;
  6. Continued harassment after notice of dispute;
  7. Failed to secure personal data;
  8. Operated without proper authority;
  9. Used deceptive or unfair practices.

Liability may be criminal, civil, administrative, or regulatory, depending on the facts.

XIX. Practical Checklist for Victims

A victim should do the following as soon as possible:

  1. Save all messages, screenshots, call logs, and emails;
  2. Do not admit the debt;
  3. Do not pay unless legal advice confirms a valid obligation;
  4. Send a written denial to the loan app;
  5. Demand proof of application, verification, and disbursement;
  6. Ask the company to stop collection and third-party contact;
  7. File a blotter or police report;
  8. Report cyber aspects to PNP ACG or NBI Cybercrime Division;
  9. Report privacy violations to the NPC;
  10. Report abusive lending or collection practices to the SEC;
  11. Report compromised SIM issues to the telco;
  12. Report bank or e-wallet misuse to the institution involved;
  13. Secure IDs, accounts, passwords, email, SIM, and e-wallets;
  14. Monitor future messages, credit records, and suspicious activity;
  15. Consult a lawyer if there are threats, lawsuits, serious reputational harm, or large financial exposure.

XX. Preventive Measures

To reduce the risk of identity theft through loan apps:

  1. Do not send ID photos casually through chat;
  2. Watermark ID copies when possible, stating the specific purpose;
  3. Avoid installing unknown loan apps;
  4. Review app permissions before granting access;
  5. Do not allow apps to access contacts unless necessary;
  6. Secure email and mobile accounts with strong passwords;
  7. Enable two-factor authentication;
  8. Report lost IDs, phones, or SIM cards immediately;
  9. Be cautious with selfies holding IDs;
  10. Avoid posting personal documents online;
  11. Monitor suspicious OTPs and account alerts;
  12. Use official app stores and verify the company behind an app.

XXI. When to Consult a Lawyer

A lawyer should be consulted when:

  1. The amount involved is substantial;
  2. The victim receives a demand letter or court notice;
  3. The victim is publicly shamed or defamed;
  4. The victim’s employer or clients are contacted;
  5. The loan app refuses to stop collection;
  6. The victim’s ID, image, or private information is posted online;
  7. There are threats of arrest, lawsuit, or physical harm;
  8. The victim wants to file criminal, civil, or administrative complaints;
  9. The case involves multiple agencies or complex evidence.

A lawyer can help prepare affidavits, demand letters, complaints, evidence packets, and legal strategy.

XXII. Conclusion

Identity theft through loan apps is a serious legal problem in the Philippines. A person whose name is used without consent should not ignore collection messages, but neither should they immediately pay a debt they did not incur. The proper response is to document the incident, deny the loan in writing, demand verification, preserve evidence, and report the matter to the appropriate authorities.

Depending on the facts, the case may involve cybercrime, fraud, falsification, data privacy violations, abusive debt collection, and civil liability. The strongest protection is prompt action supported by clear documentation.

A victim should remember three principles: do not admit a debt you did not incur, preserve every piece of evidence, and report the identity theft through the proper legal and regulatory channels.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login