1) What a “QR Code Payment Scam” Looks Like

A QR code payment scam is any scheme where a fraudster uses (or manipulates) QR codes to trick you into sending money, divulging credentials, or authorizing a transfer you did not intend. In the Philippines, these scams commonly happen through e-wallets, online banking apps, QR Ph merchant payments, and social media marketplaces.

Common QR-related modus

1. QR swap / QR overlay in stores

   • A scammer places a stickered QR on top of a merchant’s legitimate QR.
   • You “pay the merchant,” but funds go to the scammer’s wallet/bank account.

2. Fake “receive money” QR used as “pay” QR

   • Fraudster claims it’s for verification/refund/prize/fee settlement.
   • You scan and inadvertently send money.

3. QR “phishing”

   • QR leads to a fake login page resembling your bank/e-wallet.
   • You enter OTP/PIN/password and your account gets taken over.

4. Marketplace payment QR

   • Seller/buyer sends a QR and pressures you to pay a “reservation,” “shipping,” or “release” fee.
   • After payment, the scammer disappears.

5. Customer support impersonation

   • Fake agent instructs you to scan a QR for “reversal,” “refund,” “account reactivation,” or “KYC update.”
   • You end up authorizing a transfer or sharing credentials.

6. Remote-control + QR

   • Victim is guided to install screen-sharing/remote-control apps.
   • Scammer takes over and makes you scan/approve payments.

Why QR scams work

• QR codes hide destination details (until you inspect them).
• Social engineering: urgency, authority (fake bank staff), fear (account locked), greed (prize), or embarrassment.
• Many transfers are push payments (you authorized them in-app), making reversals harder than card chargebacks.

---

2) First 30 Minutes: What To Do Immediately (Whether You Lost Money or Not)

Treat this like an incident response. Speed matters.

A. If money was sent / account was compromised

1. Stop further loss

   • Lock/freeze the account if the app has that feature.
   • Change password, MPIN, and email password linked to the account.
   • Enable/restore 2FA (authenticator where possible).
   • If SIM is involved, contact your telco to check for SIM swap and secure your number.

2. Notify the bank/e-wallet provider right away

   • Use in-app support, hotline, or official help channels.

   • Ask for:

     • Account freeze
     • Transaction trace
     • Recipient account hold (if possible)
     • Case/ticket reference number

3. Preserve evidence before chats disappear

   • Screenshot conversations, profiles, QR images, payment confirmation pages, and any “instructions” sent to you.
   • Save URLs (even if you won’t click them again).
   • Export chat history where possible.

4. If your phone is infected/controlled

   • Disconnect from internet.
   • Uninstall suspicious apps (especially remote-control, unknown APKs).
   • Consider backing up evidence then doing a factory reset.

B. If it was only an attempt (no money lost)

• Still report and document:

  • The scam account details may be linked to other victims.
  • Attempted fraud can still support criminal investigation and takedowns.

---

3) Evidence Checklist (Build a Case File)

You want evidence that identifies: who, what, when, where, how, and how much.

Must-have items

• Screenshot/photo of the QR code you scanned (or the sticker on the merchant stand).

• Screenshot of payment confirmation, reference number, timestamp, amount.

• Receiver details shown in-app (name/handle, wallet number, bank account, merchant name).

• Chat messages, call logs, emails, social media profile links, and usernames.

• Any “proof” the scammer sent: IDs, invoices, waybills (even if fake).

• Device details:

  • Phone model, OS version, app version
  • SIM number used, email used

For in-store QR swap cases

• Photos of:

  • The QR stand and surrounding area
  • The suspected overlay sticker (close-up)
  • The merchant’s original QR (if available)

• Ask the merchant (politely) to preserve:

  • CCTV footage covering the QR stand
  • Their legitimate merchant account details
  • Their incident report (internal)

Keep originals

Avoid editing images. Save originals plus copies. Store backups in a secure folder/cloud.

---

4) Where to Report in the Philippines (Practical Route)

You typically report to (1) the financial provider, then (2) law enforcement, and optionally (3) regulators depending on facts.

4.1 Bank / E-Wallet / Payment App (Always first)

Why: They can act fastest to freeze accounts, trace funds, and document the incident.

Ask for:

• Case/ticket number
• Written confirmation of your report
• Transaction trace and status
• Whether they can hold the recipient account or flag it as suspicious
• Guidance on dispute/reversal procedure

4.2 PNP Anti-Cybercrime Group (PNP-ACG)

Appropriate for:

• Online fraud, phishing, account takeover, QR scam rings, social media scams

Prepare:

• Printed evidence pack
• Valid IDs
• Your narrative timeline

4.3 NBI Cybercrime Division

Appropriate for:

• Larger losses, organized schemes, cross-border elements, identity use, fake documents

4.4 Prosecutor’s Office (City/Provincial Prosecutor)

For filing a criminal complaint (e.g., estafa, cybercrime-related offenses). Usually you bring:

• Affidavit-complaint
• Evidence attachments
• Proof of identity

4.5 BSP (Bangko Sentral ng Pilipinas) – Consumer Assistance

Appropriate for:

• Complaints about a bank/e-money issuer’s handling of your fraud dispute (delays, poor response, refusal to explain)
• Issues with regulated payment service providers

4.6 NPC (National Privacy Commission)

Appropriate if:

• Your personal data was exposed or misused (e.g., KYC data leaked, identity theft, unauthorized disclosure), or
• A company failed to protect your personal information and it contributed to harm

4.7 DTI / Consumer channels (situational)

If the scam involves a merchant or marketplace and you’re pursuing consumer remedies—this depends on the setup and whether it’s a legitimate business dispute versus pure fraud.

---

5) What Laws Apply (Philippine Context)

QR code scams typically fall under fraud/estafa plus cybercrime enhancements and related offenses, depending on conduct.

5.1 Revised Penal Code (RPC): Estafa and related fraud

Most QR payment scams involve deceit and damage—core ingredients of estafa (swindling). Even if the scam happened digitally, the underlying fraud theory often remains estafa.

5.2 RA 10175: Cybercrime Prevention Act

If the offense is committed through ICT (apps, internet, devices), cybercrime provisions may apply. This can cover:

• Computer-related fraud
• Identity-related offenses
• Illegal access (account takeover)
• Phishing-type conduct depending on method and evidence

Practical effect: Cyber elements can support specialized investigation and may affect charging strategy.

5.3 RA 8792: E-Commerce Act

Provides legal recognition of electronic data messages, e-documents, and electronic evidence—useful when proving chats, screenshots, and transaction logs.

5.4 RA 10173: Data Privacy Act

If personal data is misused (e.g., identity theft using your ID selfies, disclosure of KYC info, doxxing), this may be relevant. Also relevant where an organization’s poor security causes exposure.

5.5 RA 8484: Access Devices Regulation Act (situational)

If the scheme involves credit/debit card data, access devices, skimming, or unauthorized use of card credentials (less QR-specific but common in mixed scams).

5.6 RA 9160 (as amended): Anti-Money Laundering Act (AMLA) (situational)

Fraud proceeds often get layered through multiple wallets/accounts. While victims don’t “file AMLA cases,” your report can help institutions file suspicious transaction reports and assist tracing.

5.7 Payment system regulation (BSP / National Payment Systems framework)

Banks and many payment providers operate under BSP oversight and payment system rules. This matters most for:

• Complaint escalation
• Provider obligations on security, risk controls, and complaint handling
• Transaction tracing and documentation

---

6) Criminal Case vs Civil Case vs Administrative Complaint

Criminal case (punishment + restitution prospects)

Goal: prosecute the offender. Filed via law enforcement and the prosecutor.

Pros: Strong deterrence; can compel investigation tools. Cons: Takes time; identification and arrest can be challenging.

Civil case (money recovery)

You may sue for damages under the Civil Code (fraud, quasi-delict, unjust enrichment), or include civil liability in the criminal case.

Pros: Recovery-focused. Cons: You still need to identify the defendant and serve them.

Administrative / regulatory complaint (provider accountability)

When your provider mishandles your complaint (unreasonable delay, refusal to provide information, weak controls), you can escalate to the appropriate regulator.

Pros: Pressure for corrective action; helps improve process. Cons: Not always a direct route to full recovery.

---

7) How to Write Your Affidavit-Complaint (Template You Can Adapt)

Below is a commonly used structure in PH complaints. Customize facts precisely.

A. Caption and parties

• “AFFIDAVIT-COMPLAINT”

• Complainant’s name, age, address, ID details

• Respondent: “John/Jane Doe” (if unknown), plus identifiers:

  • Wallet number, bank account number
  • Usernames, profile links
  • Any name shown in transfer details

B. Statement of facts (chronological)

Include:

1. How you encountered the QR (store, chat, ad, link)

2. What you were told (quotes help—attach screenshots)

3. The exact steps you took (scanned QR, entered amount, confirmed)

4. Amount, date/time, reference number

5. What happened after (blocked, disappeared, account takeover)

6. Actions taken:

   • Reported to provider (ticket #)
   • Went to PNP/NBI, etc.

C. Evidence list (attach and label)

• Annex “A” – screenshot of chat
• Annex “B” – QR photo
• Annex “C” – transaction confirmation
• Annex “D” – provider ticket response
• Annex “E” – ID copy

D. Prayer

• Investigation, identification, prosecution
• Request subpoenas to providers for subscriber/account info and logs
• Restitution of amount lost (if applicable)

E. Verification and signature

Signed before a notary (if required by the receiving office).

---

8) Reporting “Attempted” Fraud (No Loss) Still Matters

If you didn’t lose money, report anyway when:

• The scammer provided a QR and demanded payment
• They tried to obtain OTP/MPIN/password
• They sent a QR that links to a fake login page
• They attempted remote-control installation

Your report can:

• Flag the recipient account
• Help link multiple complaints to one operator
• Support takedowns of scam pages and mule accounts

Evidence for attempts:

• The QR image
• The message instructing you to scan
• The destination account details revealed upon scanning (if shown without completing payment)
• Links tied to phishing pages (record them; don’t revisit)

---

9) If the Scam Happened at a Physical Merchant (QR Swap)

For victims

• Inform the merchant immediately (calmly and factually).
• Ask for CCTV preservation and an incident acknowledgment.
• Request the merchant’s legitimate QR for comparison.

For merchants (risk control)

• Use tamper-evident QR stands or sealed frames.
• Train staff to inspect QR stands every shift.
• Encourage customers to verify merchant name on the confirmation screen before paying.
• Place signage: “We will never ask you to scan a QR for refunds/verification.”

---

10) Recovery Realities and What Helps Your Chances

Factors that improve recovery likelihood

• Reporting within minutes/hours (before funds are cashed out)
• Clear recipient identifiers (wallet number, bank account)
• Provider cooperation and fast escalation
• Multiple victims reporting the same account (account gets frozen sooner)

Common barriers

• Funds moved through mule accounts quickly
• Transfers are “authorized” in-app (push payments), complicating reversal
• Cross-platform transfers and layered withdrawals
• Fake identities used for account opening (though KYC can still help trace)

Even when recovery is uncertain, documentation supports:

• Criminal prosecution
• Freezing of mule accounts
• Pattern identification for future victims

---

11) Prevention: Best Practices for Consumers

1. Never scan a QR sent by a stranger to “verify,” “receive,” “claim,” or “refund.”

2. Verify recipient/merchant name on the confirmation screen every time.

3. Treat urgency as a red flag (“last slot,” “account will be closed,” “refund expires today”).

4. Never share OTP, MPIN, or passwords—not even to “support.”

5. Avoid installing APKs or unknown apps; avoid remote-control apps for “assistance.”

6. Use separate email/number for finance apps where possible.

7. Enable transaction notifications and set limits.

8. Keep your phone secure

   • Lock screen, updated OS, no sideloading, anti-malware habits.

---

12) Quick Reference: What to Bring When You File a Report

• Government ID (and photocopy)
• Printed screenshots + digital copies on a USB/drive (optional)
• Transaction details: amount, time, reference number
• Recipient info: wallet/bank account number, name shown
• Provider ticket/case number and responses
• For store incidents: merchant name, branch address, CCTV request details

---

13) Common Questions

“I authorized the payment—can it still be fraud?”

Yes. Many QR scams are deception-induced authorization. The key is that consent was obtained through deceit.

“Is it still a case if it was only attempted?”

Yes. Attempts, especially with clear evidence, can support investigation and prevention.

“Should I post the scammer’s details online?”

Be careful. Public accusations can create defamation risk and may compromise investigations. Focus on reporting to providers and authorities.

“What if the provider says it’s final and irreversible?”

Request a written explanation, logs/trace information available to you, and escalate through formal complaint channels if the handling is unreasonable.

---

14) A Simple Incident Timeline Format (Copy/Paste)

• Date/Time:
• Platform/App:
• How contact started: (FB Marketplace, SMS, in-store, etc.)
• What scammer claimed:
• QR source: (photo, sticker, chat attachment)
• Transaction details: amount, reference no., recipient account/name
• What happened after: blocked/disappeared/account takeover
• Actions taken: provider contacted (ticket #), passwords changed, device secured
• Reports filed: PNP/NBI/prosecutor/BSP/NPC (as applicable)

---

If you want, paste (1) the exact messages you received (remove sensitive info like OTPs), (2) what the confirmation screen showed for the recipient name, and (3) whether this was in-store or online—then I can turn it into a clean affidavit-style narrative and an evidence annex list you can print.