How to Trace a Scammer Using a Bank Account: Legal Steps, Subpoenas, and What Victims Can File

1) Why a bank account is both a “trail” and a “wall”

When a scammer gives you a bank account (or you paid into one), it creates a financial trail: account-opening documents, transaction records, transfer metadata, cash-out points, and linked channels (online banking, mobile number, email, device, ATM usage).

But in the Philippines, that trail is protected by strong confidentiality rules, so victims usually cannot directly obtain the account holder’s identity from the bank. Tracing typically requires (a) fast reporting and interbank coordination, plus (b) law enforcement and court-backed processes.

2) What you can realistically do immediately (before legal processes catch up)

A. Move fast: the “recovery window” is short

Scam funds are often moved out within minutes to hours via:

  • intra-bank transfers
  • InstaPay / PESONet transfers
  • cash-out via ATM / over-the-counter
  • e-wallet “sweeps”
  • purchases / load / crypto onramps

The faster you act, the higher the chance the money is still in the receiving account (or at least traceable in a clean chain).

B. Report to your bank right away (and get a written reference number)

Tell your bank it’s a fraud/scam transfer and request:

  • a trace / beneficiary bank coordination
  • a request to hold / restrict the receiving account if possible
  • preservation of your own transaction records (official transaction slip, transfer confirmation, reference numbers)
  • advice on any dispute workflow available for the channel you used (branch, online banking, InstaPay/PESONet)

Banks and payment participants may be able to send interbank retrieval/trace communications—but they are not guaranteed to reverse an authorized transfer, and they may only act if funds remain available and internal rules allow.

C. Preserve evidence (do this even if you’re embarrassed)

Save:

  • proof of transfer (screenshots + downloadable receipts + reference numbers)
  • chat logs, emails, messages, call details (date/time)
  • the scam post/listing, links, usernames, profiles, and any IDs sent
  • delivery records (if any), courier details
  • your timeline in writing (a clean narrative helps law enforcement)

Avoid secretly recording calls. Philippine anti-wiretapping rules can create legal issues if you record private communications without consent. Screenshots and exported chat histories are safer.

3) The legal “confidentiality barrier”: what banks can and cannot disclose to you

A. Bank Secrecy (PHP)

Philippine banks are constrained primarily by:

  • RA 1405 (Bank Secrecy Law) – confidentiality of bank deposits and related information
  • RA 6426 (Foreign Currency Deposit Act) – even stricter protection for foreign currency deposits (with limited exceptions)
  • RA 10173 (Data Privacy Act) – personal information disclosure requires a lawful basis (e.g., legal obligation, court order)

Practical effect: Even if you have the account number, most banks will not tell you the account holder’s full name, address, or balance just because you are the victim. They will usually require proper legal process or a recognized exception.

B. What the bank may tell you without violating secrecy

This varies, but commonly:

  • confirmation that a transfer was sent/received (your own transaction)
  • the bank name and channel details
  • internal case reference and status updates
  • whether they escalated to their fraud team / compliance

But identifying information of the beneficiary account is generally restricted.

4) The main lawful routes to identify the person behind the account

Route 1: Criminal complaint + prosecutor/court processes (most common)

You trigger the criminal justice system so investigators can lawfully obtain bank-linked identity and transaction trails.

Route 2: AMLC route (when the fact pattern fits money laundering / suspicious movement)

If the scam involves patterns consistent with laundering (layering, rapid movement, multiple victims, mule accounts), the Anti-Money Laundering Council (AMLC) framework can be powerful—especially for freeze orders and rapid financial intelligence.

Route 3: Civil case + court-issued subpoenas (possible, but often slower and harder early on)

Civil litigation can compel production of evidence via court subpoenas and discovery tools, but identifying an unknown defendant and overcoming bank secrecy early can be challenging.

In many real cases, victims use Route 1 to identify the perpetrator and preserve evidence, while exploring Route 2 to freeze funds, and then use civil liability mechanisms to recover.

5) Subpoenas, court orders, and why “just subpoena the bank” isn’t that simple

A. Subpoena basics (Philippines)

A subpoena is an order to appear or produce documents. Two common types:

  • Subpoena ad testificandum – to testify
  • Subpoena duces tecum – to produce documents/records

Subpoenas are typically issued by:

  • a court (during a case)
  • a prosecutor (during preliminary investigation), in aid of fact-finding

B. The bank secrecy problem

Even with a subpoena, banks may resist disclosure if:

  • the request violates RA 1405 / RA 6426
  • the request is overly broad, a fishing expedition, or not tied to a valid exception
  • there’s no clear court finding or lawful ground

Banks often require either:

  • a court order fitting a recognized exception, or
  • a process under anti-money laundering powers, or
  • the depositor’s written consent (which scammers won’t give)

C. When courts are more likely to allow bank disclosure

Courts generally become more receptive where:

  • the deposit or funds are the subject matter of litigation (e.g., proceeds of fraud being traced)
  • the case falls within recognized exceptions (e.g., certain public officer bribery/dereliction contexts)
  • AMLA processes are properly invoked (see below)

Bottom line: A subpoena helps, but the legal basis matters. A well-anchored request (specific account, time period, transaction IDs, relevance to the offense) is far more effective than broad “give me everything.”

6) Cybercrime tools that can help in scam cases (when the scam used ICT)

Scams often involve online communications, platforms, or electronic fund transfers. Under RA 10175 (Cybercrime Prevention Act) and related rules, investigators can seek court-authorized tools that support tracing, such as:

  • Preservation of computer data (so logs aren’t deleted)
  • Disclosure of traffic data / subscriber data where lawful
  • Search, seizure, and examination of devices/accounts with proper warrants
  • Platform cooperation (where data is stored, who controls it, etc.)

This matters because the “person behind the bank account” is often identified not only by bank KYC, but also by:

  • linked phone numbers and emails used in account opening
  • device identifiers and IP logs (online banking access)
  • platform account data (marketplace/social media)
  • delivery/courier records
  • CCTV at cash-out points (ATM/branch)

7) The AMLC angle: freezing funds and tracing financial networks

A. Why AML matters in scam tracing

Banks are “covered persons” under anti-money laundering rules and must:

  • perform customer due diligence (KYC)
  • monitor and report suspicious transactions
  • keep records for a required retention period

Scam proceeds can qualify as proceeds of “unlawful activity” depending on the predicate offense and facts. When the legal thresholds are met, AMLC financial intelligence + freeze powers can be a major lever.

B. What victims can do in practice

Victims typically cannot “command” AMLC action, but you can:

  • file reports with law enforcement and provide bank details and patterns (multiple victims, repeated transfers, rapid movement)
  • request your bank’s fraud/compliance team to treat the matter seriously and coordinate appropriately
  • ensure investigators know the AML angle (mule accounts, rapid layering, multiple destinations)

C. Freeze orders (high-level)

Freeze orders are typically obtained through proper legal channels (often via court processes under AMLA). The practical point for victims is: the sooner authorities treat it as a financial crime pattern, the better the chance of freezing remaining funds and mapping the network.

8) What victims can file (Philippine context)

A. Criminal cases (most common set)

  1. Estafa (Swindling) – Revised Penal Code (Art. 315) Classic for scams involving deceit and damage (fake selling, investment scams, impersonation, “reservation fee” fraud).

  2. Other Deceits – Revised Penal Code (Art. 318) Sometimes used for deceptive schemes not neatly captured by estafa elements.

  3. Cybercrime-related charges – RA 10175 Depending on the method:

  • cyber-enabled fraud provisions (when ICT is used)
  • and/or the penalty enhancement rule for crimes committed through ICT (a major reason prosecutors frame online scams as cyber-related)
  1. Identity-related and access device offenses (case-dependent) If the scam involves credit cards, online payment credentials, SIM misuse, or identity theft-like conduct, other special laws may apply.

Where to file / report:

  • PNP Anti-Cybercrime Group (ACG)
  • NBI Cybercrime Division
  • City/Provincial Prosecutor’s Office (for the complaint-affidavit and preliminary investigation)

B. Civil recovery tracks (often alongside criminal)

  1. Civil liability arising from crime (implied with criminal case unless reserved/waived) This is often the most practical recovery path because the criminal case can identify the accused and the court can order restitution/damages.

  2. Independent civil action / damages (Civil Code Articles 19, 20, 21; unjust enrichment, etc.) Useful when facts support it, but often depends on identifying the defendant and assets.

  3. Provisional remedies (case-dependent) Where legally available and properly supported, remedies like preliminary attachment can preserve assets—but they typically require a known defendant and court processes that may not be “fast” in scam timelines.

C. Administrative / regulatory complaints (pressure + documentation)

  1. BSP consumer complaint (against a bank/EMI for service failures, handling, dispute response) This is not the same as forcing disclosure of the scammer’s identity, but it can push institutions to act within their dispute/fraud processes and document outcomes.

  2. SEC complaint (if the scam is an investment scheme, unregistered securities, soliciting investments) Relevant when the scam used a bank account as the receiving rail but the core misconduct is securities-related.

  3. National Privacy Commission (limited, fact-specific) If your personal information was unlawfully processed or used (e.g., doxxing, misuse of identity), though this is typically not the fastest tool for fund recovery.

9) What “tracing” actually means in evidence terms (what investigators try to obtain)

When authorities trace a scam through a bank account, they typically aim to obtain:

A. Account-holder identification (KYC file)

  • name, birthdate, address
  • government IDs submitted
  • specimen signatures
  • selfies/video verification (if digital onboarding)
  • contact details (mobile/email)
  • employment/business declarations (if any)

B. Transaction trail and movement map

  • inbound credits from victims
  • outbound transfers to other banks/e-wallets
  • ATM withdrawals and branch cash-outs
  • check encashments (if used)
  • timestamps and reference IDs
  • counterpart accounts (to identify the next hop)

C. Access and attribution evidence (when online banking was used)

  • IP logs
  • device/browser fingerprints (where kept)
  • login timestamps
  • OTP delivery records (sometimes via telco/platform logs rather than bank)

D. Physical attribution (cash-out identification)

  • CCTV at ATM sites or branches (subject to retention limits)
  • teller transaction records
  • withdrawal patterns tied to location/time

This is why speed matters: CCTV and platform logs may be retained only for limited periods.

10) Building a strong complaint-affidavit package (what to include)

A good complaint package makes it easier for investigators/prosecutors to justify targeted subpoenas and court requests.

Core contents

  • Chronology (dates/times; how you met; what was promised; what induced payment)

  • Representation/Deceit (the exact claims made)

  • Reliance + Damage (why you believed it; amount lost; proof)

  • Bank transfer specifics

    • bank name, account number, account name if shown on your app/receipt
    • transaction reference numbers
    • date/time, channel (InstaPay/PESONet/intrabank/cash deposit)

  • Communications (chat screenshots/export with timestamps)

  • Identifiers (usernames, profile links, emails, phone numbers, delivery addresses)

  • Other victims (if known; patterns; group reports help show scheme)

Attachments checklist

  • proof of transfer (official receipts and screenshots)
  • screenshots/exported chat logs
  • screenshots of scam listing/profile
  • any IDs/documents the scammer sent
  • affidavit of witnesses (if any)
  • demand message (if you sent one) and response

11) Common misconceptions and dangerous “shortcuts” to avoid

A. “I can force the bank to reveal the name if I’m the victim.”

Not usually. Bank secrecy and privacy rules typically require proper legal grounds.

B. “I’ll post the account number and accuse the person publicly.”

Public accusations can backfire legally (defamation risks) and can also compromise investigations. Report through proper channels.

C. “A hacker / ‘recovery agent’ can retrieve my money.”

Be extremely cautious. Many “recovery services” are secondary scams. Legitimate recovery usually follows legal and institutional processes.

D. “I should secretly record calls for proof.”

Unlawful recordings can become a liability. Focus on documentary and digital records you can lawfully preserve.

12) Practical expectations: what outcomes look like

Best-case outcomes

  • funds are still in the receiving account and get held/returned through institutional processes
  • authorities identify a mule account quickly and stop movement
  • a freeze order or targeted intervention prevents cash-out
  • the accused is identified, charged, and restitution is ordered

Common real-world outcomes

  • the account is a money mule; the “account holder” may be identifiable but not the mastermind
  • funds are dispersed quickly; recovery depends on how far the chain is traced and whether assets can be frozen
  • criminal accountability is more attainable than full recovery, but both are possible with strong evidence and coordinated action

13) Key takeaways (Philippines)

  • You generally cannot “trace” a bank account to a person by yourself; bank secrecy and privacy laws require legal process.
  • The most effective lawful route is: immediate bank reporting + criminal complaint + targeted requests (subpoenas/court orders) + cyber/AML angles where applicable.
  • Evidence quality and speed determine whether authorities can freeze, attribute, and recover.
  • Scams frequently use mule accounts, so tracing often expands beyond one account to a network.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login