Discovering that someone used your name, identification documents, or mobile number to register a SIM and apply for a loan can be frightening. You may receive collection messages for money you never borrowed, find an unfamiliar account on your credit report, or learn that a SIM registered under your identity was used for fraud. The most important steps are to secure your accounts, dispute the loan in writing, preserve digital evidence, report the unauthorized SIM, and create an official record with the proper government agencies.
How SIM registration identity theft and fraudulent loans happen
These cases usually involve one or more of the following:
- A stolen or photographed government ID is used to register a SIM.
- A person registers a SIM using false information or fraudulent identification documents.
- A fraudster obtains control of the victim’s existing number through an unauthorized SIM replacement, sometimes called a SIM swap.
- A loan application is submitted using the victim’s name, ID, selfie, signature, address, or employment information.
- One-time passwords, or OTPs, are intercepted through phishing, malware, social engineering, or control of the victim’s SIM.
- Loan proceeds are released to a bank account, electronic wallet, or other financial account controlled by the perpetrator.
- The fraudulent account is later reported to the Credit Information Corporation, damaging the victim’s credit record.
A registered SIM, uploaded ID, OTP, selfie, or electronic signature may be evidence in a loan application, but none of these automatically proves that the named person knowingly borrowed the money. Digital credentials can be stolen, fabricated, intercepted, or used without authority.
Under Article 1318 of the Civil Code, consent is an essential requirement of a contract. A lender attempting to collect from an identity-theft victim should be able to prove that the victim personally entered into or authorized the loan—not merely that the application contained the victim’s personal information.
Philippine laws that may apply
Identity theft involving SIM registration and digital loans can violate several laws at the same time. The exact charges depend on how the identity was obtained, how the application was submitted, where the proceeds went, and what documents were falsified.
| Conduct | Possible legal basis | Why it matters |
|---|---|---|
| Using another person’s identifying information online without authority | Cybercrime Prevention Act of 2012, RA 10175, Section 4(b)(3) | Computer-related identity theft is a criminal offense. |
| Registering a SIM using false information, a fictitious identity, or fraudulent identification documents | SIM Registration Act, RA 11934, Section 11 | The offender may face imprisonment, a fine, or both. |
| Forging IDs, signatures, affidavits, employment records, or loan documents | Revised Penal Code, particularly Articles 171 and 172 | Falsification may apply depending on the document and the offender. |
| Obtaining money through false pretenses or fraudulent representations | Revised Penal Code, Article 315 | The conduct may constitute estafa. |
| Fraudulently applying for or using an access device | Access Devices Regulation Act, RA 8484 | This may apply to certain accounts, credit facilities, account numbers, PINs, and similar access devices. |
| Opening or using a financial account under another person’s identity | Anti-Financial Account Scamming Act, RA 12010 | This may apply when bank accounts or electronic wallets are opened or used under a stolen identity. |
| Unauthorized collection, use, disclosure, or retention of personal information | Data Privacy Act of 2012, RA 10173 | The victim may demand access, correction, blocking, or erasure and may file a privacy complaint. |
The Supreme Court upheld the validity of the computer-related identity-theft provision in Disini v. Secretary of Justice. It explained that a person has no right to acquire or use another person’s identifying information without authority. When an offense under the Revised Penal Code or another special law is committed through information and communications technology, Section 6 of RA 10175 may also affect the applicable penalty. (Lawphil)
False SIM registration is itself punishable
Under RA 11934, providing false or fictitious information, using a fictitious identity, or submitting fraudulent identification documents to register a SIM may be punished by imprisonment of six months to two years, a fine of ₱100,000 to ₱300,000, or both. Spoofing a registered SIM is separately punishable. The law also penalizes certain unauthorized sales or transfers of registered SIMs.
The law requires telecommunications companies to maintain secure SIM-registration systems and reporting mechanisms for fraudulent calls or messages, lost or stolen SIMs, changes in registration information, and related concerns. They must also investigate reported fraudulent use and may temporarily or permanently deactivate a SIM when warranted.
What to do immediately
1. Secure your mobile number, email, and financial accounts
Start with the accounts that can be used to reset everything else.
- Change the password of your primary email account.
- Sign out unknown devices and revoke unfamiliar login sessions.
- Change passwords for online banking, electronic wallets, social-media accounts, and loan applications.
- Replace reused passwords with unique ones.
- Enable multi-factor authentication, preferably through an authenticator app where available.
- Check whether your email forwarding rules, recovery address, or recovery number were changed.
- Review recent bank and electronic-wallet transactions.
- Ask your telecommunications provider whether there was a recent SIM replacement, eSIM activation, number-porting request, or change in account information.
If your phone suddenly lost signal without explanation, treat it as a possible SIM swap. Contact the telecommunications provider through its official hotline, application, website, or physical store. Ask it to block the unauthorized SIM, restore control of the number, secure the account, and preserve records connected with any recent replacement request.
Do not send IDs, selfies, OTPs, or account information to a collector through an unofficial mobile number or social-media account. Use only the lender’s verified customer-service or data-protection channel.
2. Create an evidence file
Preserve evidence before messages, online accounts, call logs, and application pages disappear.
Keep copies of:
- Collection texts, emails, chat messages, demand letters, and call logs
- The sender’s mobile number, email address, username, and profile link
- The lender’s name, application name, account number, and alleged loan amount
- Dates of application, approval, release, and supposed default
- Screenshots showing the full screen, date, time, number, and URL
- Your telecommunications account records and support-ticket numbers
- Proof that you owned or did not own the number involved
- Bank and electronic-wallet statements
- Your travel, employment, immigration, or location records if they show that you could not have completed the transaction
- Copies of the ID allegedly used and examples of your genuine signature
- Any fraudulent selfie, video-verification image, employment certificate, or address submitted in your name
- Your credit report and dispute reference numbers
Keep the original files and devices whenever possible. Do not crop, annotate, compress, or edit the only copy. Export emails with their headers and save chat histories in their original format. Philippine courts recognize electronic documents, but authenticity and integrity may need to be established under the Rules on Electronic Evidence. (Lawphil)
Prepare a simple chronology containing:
| Date and time | Event | Person or company involved | Supporting evidence |
|---|---|---|---|
| Example: 8 July, 10:15 a.m. | First collection text received | ABC Lending | Screenshot 01 |
| Example: 8 July, 2:30 p.m. | Fraud dispute submitted | ABC Lending customer service | Email and ticket number |
| Example: 9 July, 11:00 a.m. | SIM misuse reported | Telecommunications provider | Store acknowledgment |
This chronology is useful when preparing an affidavit, answering investigators, and showing regulators that you acted promptly.
3. Dispute the loan directly with the lender
Do not rely only on a telephone conversation. Submit a written fraud dispute to the lender’s official customer-service department and data protection officer.
State clearly that:
- You did not apply for, authorize, receive, or benefit from the loan.
- Your identity, SIM, ID, or personal information appears to have been used without authority.
- You dispute the existence of any debt or contractual obligation.
- Your communication must not be treated as an acknowledgment of the debt.
Request the lender to:
- Mark the account as disputed due to identity theft.
- Suspend collection activity, interest, penalties, and adverse reporting while investigating.
- Stop contacting relatives, employers, friends, or unrelated third parties.
- Preserve the complete application and audit trail.
- Provide a copy of the personal data and documents used in the application.
- Investigate where and how the loan proceeds were released.
- Correct or withdraw any inaccurate submission to the Credit Information Corporation.
- Give you a written investigation result and complaint reference number.
A useful core statement is:
I formally dispute this account because I did not apply for, authorize, receive, or benefit from the alleged loan. My personal information appears to have been used without my consent. Please freeze collection activity, preserve all application and transaction records, provide me with the personal data processed under my identity, and correct any adverse credit reporting. This notice is not an acknowledgment of the alleged debt.
Ask for records such as:
- The complete loan application
- Uploaded identification documents
- Selfies and liveness-verification results
- Electronic signatures and consent records
- OTP delivery and validation records
- Device identifiers, IP addresses, timestamps, and geolocation data
- Call recordings and chat transcripts
- Bank or electronic-wallet account receiving the proceeds
- Internal fraud-review notes
- Credit-bureau submissions
- Any document supposedly showing that you benefited from the funds
The Data Privacy Act gives a data subject rights of access and correction and, in appropriate cases, blocking or erasure of personal data that is false, unlawfully obtained, unauthorized, or no longer necessary. (National Privacy Commission)
4. Report the unauthorized SIM to the telecommunications provider
Give the provider:
- Your valid government-issued ID
- The mobile number involved
- Proof of ownership or account records, when available
- A copy of the lender’s notice or collection message
- Your affidavit or police/NBI report, if already available
- A written request to investigate, correct registration data, deactivate unauthorized service, and preserve records
Ask whether other numbers appear in its system under your identity. There is no reason to wait for a criminal case before alerting the provider about suspected misuse.
SIM-registration information is confidential. A provider may not simply give a private complainant the alleged registrant’s full records. Under RA 11934, disclosure may be made under legally authorized circumstances, including a subpoena from a competent authority in an investigation based on a sworn complaint that a specific mobile number was used in a crime. This is one reason a properly documented criminal complaint is important.
If the provider does not address the complaint, it may be escalated to the National Telecommunications Commission. NTC consumer guidelines generally require the subscriber to complain first to the provider; unresolved complaints may then be brought to the appropriate NTC office. (Region 7 NTC)
5. Make a criminal report
A police blotter creates an initial record, but a blotter entry alone does not investigate the offense, erase the loan, or correct a credit report. For a fuller investigation, report the case to one or more of the following:
- The PNP Anti-Cybercrime Group or the nearest police cybercrime unit
- The NBI Cybercrime Division
- The city or provincial prosecutor’s office
- The DOJ Office of Cybercrime for appropriate cybercrime coordination or referral
The NBI’s published process for computer-crime victims includes completing a complaint form, an interview, a sworn statement or affidavit, and submission of supporting documents or devices when relevant. The investigative service itself has no filing fee, although notarization, photocopying, transportation, and similar incidental expenses may arise. (National Bureau of Investigation)
A typical complaint package contains:
- Complaint-affidavit or sworn statement
- Valid identification
- Chronology of events
- Screenshots and original electronic records
- Loan and collection documents
- Telecommunications-provider records
- Bank or electronic-wallet statements
- Credit report, if affected
- Names and contact information of possible witnesses
- A list of the mobile numbers, accounts, URLs, and devices involved
The prosecutor’s office commonly requires a complaint-affidavit and supporting evidence for preliminary investigation. The DOJ’s filing guidance should be checked for current documentary requirements.
Barangay conciliation is usually not a prerequisite for serious cybercrime and identity-theft offenses carrying penalties beyond the limits covered by the Katarungang Pambarangay system. An investigating office may nevertheless direct the complainant to the proper venue based on the identities and residences of the parties. (Lawphil)
6. Ask that electronic records be preserved
Act quickly because technical records may be retained only for limited periods.
In your written complaints, specifically request preservation of:
- Subscriber and SIM-registration information
- SIM replacement and activation records
- Call, text, and network logs
- Loan-application audit trails
- IP addresses and device identifiers
- OTP generation and validation records
- Selfie and liveness-verification files
- Bank and electronic-wallet transfer records
- Customer-service recordings
- Internal fraud flags and investigation notes
Under the cybercrime framework, law-enforcement authorities may issue preservation requests and seek appropriate warrants or disclosure orders. Certain traffic data and subscriber information must be preserved for at least six months after a proper preservation direction, subject to the applicable legal rules. (Lawphil)
A victim’s preservation request is not the same as a court order, but it places the company on notice and may help prevent routine deletion while formal legal process is being obtained.
Which government agency should handle the complaint?
The correct regulator depends on the entity involved—not merely on the name of the mobile application.
| Problem | First complaint | Possible escalation |
|---|---|---|
| Loan issued by a bank, digital bank, electronic-money issuer, or other BSP-supervised institution | Institution’s fraud or consumer-assistance unit | BSP Consumer Assistance Mechanism |
| Loan issued by a lending or financing company | Company’s complaint and data-protection channels | SEC iMessage |
| Unauthorized SIM registration, SIM swap, or number misuse | Telecommunications provider | National Telecommunications Commission |
| Unauthorized processing or refusal to correct personal information | Company or its data protection officer | National Privacy Commission complaint process |
| Incorrect loan appearing on a credit report | Reporting lender and CIC | CIC Online Dispute Resolution System |
| Criminal identity theft, falsification, estafa, or cybercrime | PNP, NBI, or prosecutor | DOJ Office of Cybercrime or appropriate prosecution office |
BSP-supervised institutions
RA 11765, the Financial Products and Services Consumer Protection Act, recognizes consumers’ rights to fair treatment, protection of assets against fraud and misuse, data privacy, and timely handling of complaints.
For a BSP-supervised institution, the consumer should ordinarily use the institution’s Financial Consumer Protection Assistance Mechanism first. If unresolved or inadequately handled, the complaint may be escalated through the BSP’s consumer-assistance channels. (Lawphil)
SEC-regulated lenders
Complaints involving lending and financing companies may be filed through SEC iMessage after the company has been given an opportunity to address the issue. Collection harassment, threats, deceptive representations, and unnecessary disclosure of a borrower’s information may also raise issues under SEC rules on unfair debt-collection practices and the Data Privacy Act. (SEC Appointment System)
Before filing, verify the company’s full corporate name. The mobile application’s brand may differ from the registered lending company operating it.
National Privacy Commission
Before filing a formal NPC complaint, the complainant should generally notify the company or data protection officer in writing and allow it to act. Under the NPC’s amended procedural rules, a complaint may ordinarily proceed when the entity fails to take timely and appropriate action or does not respond within 15 calendar days. (National Privacy Commission)
A formal NPC complaint generally requires:
- A completed complaint form
- A notarized complaint or supporting affidavit
- Copies of correspondence showing that the entity was first notified
- Evidence of the unauthorized processing or refusal to correct data
- Supporting documents
- The required certification against forum shopping
The NPC accepts complaints through the methods stated on its official filing page, which may include personal filing, courier submission, or electronic transmission of scanned documents. (National Privacy Commission)
How to correct a fraudulent loan on your credit report
A police report does not automatically remove an account from the Credit Information Corporation database. The lender that submitted the information must investigate and correct its report, while the CIC dispute system provides a formal channel for challenging inaccurate data.
Step-by-step CIC dispute process
- Obtain your CIC credit report through an authorized access channel.
- Identify the unfamiliar account and the financial institution that reported it.
- Send a written identity-theft dispute to that institution.
- Preserve its acknowledgment and complaint reference number.
- File a dispute through the CIC Online Dispute Resolution System.
- Select the disputed account and explain that it resulted from identity theft.
- Upload your affidavit, government ID, criminal-report reference, correspondence, and other supporting evidence.
- Monitor the dispute and answer requests for clarification.
- Obtain a fresh credit report after the correction is confirmed.
The CIC dispute procedure is free and may be used for erroneous, misleading, incomplete, or outdated credit information. A transaction reference number from a CIC credit report is commonly required for the online process. (Credit Information Corporation (CIC))
Do not pay a fraudulent loan merely to improve your credit score. Payment may complicate the dispute by appearing to acknowledge or settle the obligation. The correct objective is to have the account investigated and corrected as an unauthorized transaction.
Documents that are commonly required
| Document | Purpose |
|---|---|
| Government-issued ID | Confirms the complainant’s identity |
| Affidavit of identity theft or non-availment | Gives a sworn account that the loan or SIM was not authorized |
| Police or NBI report | Creates an official criminal-report record |
| Collection notices and demand letters | Identifies the lender, account, and amount |
| Telecommunications records | Shows number ownership, replacement requests, or reported misuse |
| Loan-application records | Reveals the ID, selfie, device, account, and contact details used |
| Bank or electronic-wallet statements | Helps establish that the victim did not receive the proceeds |
| Credit report | Identifies inaccurate credit information |
| Travel, immigration, or employment records | May contradict the application’s claimed location or activity |
| Correspondence and ticket numbers | Proves that the lender and other entities were notified |
An affidavit is especially useful when requesting records, supporting regulatory complaints, or asking law enforcement to obtain subscriber information. Notarization fees vary by location and document.
For a person signing an affidavit abroad, the receiving Philippine agency or company may require Philippine consular notarization or local notarization followed by an apostille, depending on the country and the recipient’s requirements. Confirm the required form before arranging authentication. An overseas Filipino or foreign national may also need a properly authenticated special power of attorney when authorizing someone in the Philippines to obtain documents or make personal follow-ups.
Foreign nationals receive the same protection against unauthorized use of their personal information by Philippine entities. Under RA 11934, legitimate SIM registration by a foreign national ordinarily involves a passport, Philippine address, and applicable visa or travel documents. A tourist’s SIM has a limited validity period unless supported by an authorized extension of stay.
Common mistakes that make identity-theft cases harder
Paying or restructuring the alleged loan
A frightened victim may pay a small amount or sign a restructuring agreement just to stop the calls. This can create an argument that the victim recognized the account. Dispute first and avoid signing documents that describe you as the borrower.
Reporting only by telephone
Telephone calls are difficult to prove. Follow every call with an email or written complaint containing the date, representative’s name, and reference number.
Deleting or editing electronic evidence
Do not delete threatening messages after taking one screenshot. Keep the original conversation, device, email, attachment, and call log. Edited screenshots can create authentication problems.
Sending full IDs through unsafe channels
Collectors and impersonators may use the dispute itself to obtain more personal data. Redact information that is not reasonably necessary and submit documents only through verified company or government channels.
Assuming a blotter automatically clears the debt
A police blotter is supporting evidence, not a cancellation order. Separate disputes may still be required with the lender, telecommunications provider, regulator, NPC, and CIC.
Ignoring court papers
A collection message is not a court order, but an official summons, subpoena, prosecutor’s notice, or small-claims notice must not be ignored. Follow the deadline and appearance instructions stated in the document. The victim may raise lack of consent, identity theft, falsification, failure to authenticate electronic records, and lack of receipt of the proceeds.
Posting IDs and accusations publicly
Publicly posting an unredacted ID, telephone number, or alleged offender’s personal information may expose the victim to further identity theft and create unnecessary privacy or defamation issues. Give complete evidence to investigators and regulators instead.
If collectors continue contacting you
Send a written cease-and-dispute notice stating that the account resulted from identity theft and is under investigation. Ask the collector to communicate only through a specified email address and to identify:
- The creditor’s complete legal name
- The collection agency’s authority
- The alleged contract and account number
- The principal, interest, penalties, and fees
- The documents supposedly proving your consent
- The recipient account for the loan proceeds
Record repeated calls, threats, public shaming, disclosure to relatives, or communications with an employer. Collection practices that unnecessarily expose personal information or harass third parties may support complaints with the SEC, BSP, or NPC, depending on the institution involved.
Do not give an OTP, remote access to your phone, screen-sharing access, or payment through an unfamiliar personal account. A legitimate investigation does not require surrendering control of your device.
Frequently Asked Questions
Do I have to pay a loan someone obtained using my identity?
Not merely because the account contains your name, ID, or mobile number. The lender must establish that you consented to the loan or authorized another person to act for you. Dispute the account promptly and provide evidence showing that you did not apply for or receive the proceeds.
Does a SIM registered in my name prove that I applied for the loan?
No. SIM registration may connect a number with registration information, but it does not conclusively prove who physically controlled the SIM, entered an OTP, submitted the application, or benefited from the loan. The complete digital audit trail must be examined.
Should I file a police blotter or go directly to the NBI?
A blotter is useful for creating an immediate local record. The NBI Cybercrime Division or PNP cybercrime unit is more appropriate when technical investigation, digital records, SIM information, IP data, or coordinated cybercrime action may be needed. Filing with one does not necessarily prevent referral to another competent office.
Can I ask the telecommunications provider who registered the fraudulent SIM?
You may request an investigation and exercise your rights concerning personal data connected with your identity. However, SIM-registration records are confidential, and the provider may be unable to disclose another person’s complete information directly to you. Law enforcement can seek disclosure through the process allowed by RA 11934 and other applicable laws.
What if the lender refuses to give me the application records?
Send the request to the lender’s data protection officer and specifically invoke your right of access under the Data Privacy Act. If the lender fails to respond appropriately after written notice, you may consider a complaint with the NPC and the lender’s financial regulator.
Can a fraudulent loan damage my credit score?
Yes, if the lender reports the account as belonging to you. Obtain a CIC credit report, dispute the account with the reporting institution, and use the CIC dispute system. Keep checking until the correction appears in a new report.
Can collectors contact my relatives or employer?
A lender may use reasonable means to locate or communicate with the proper borrower, but harassment, threats, public shaming, and unnecessary disclosure of loan information to unrelated third parties may violate consumer-protection, debt-collection, or data-privacy rules. Document each communication and report persistent misconduct to the appropriate regulator.
What if I am outside the Philippines?
You can begin by sending written disputes electronically, securing your accounts, and requesting preservation of records. Ask the investigating office whether it accepts a remotely executed affidavit and whether consular notarization or an apostille is required. A properly authenticated special power of attorney may be needed for a representative handling physical documents in the Philippines.
How long does the process take?
A company may acknowledge the complaint within days, but a complete investigation can take weeks or longer because it may require records from the lender, telecommunications provider, bank, electronic-wallet provider, and credit-information system. Regulatory and criminal proceedings can take several months. Prompt reporting is important because some technical records have limited retention periods.
Key Takeaways
- Secure your email, SIM, banking, and electronic-wallet accounts immediately.
- Dispute the loan in writing and clearly state that you never authorized or benefited from it.
- Do not pay, restructure, or acknowledge a fraudulent account merely to stop collection calls.
- Preserve original messages, application records, device data, and transaction evidence.
- Report the unauthorized SIM to the telecommunications provider and request investigation, correction, deactivation, and record preservation.
- File an official criminal report with the PNP, NBI, or appropriate prosecutor when identity theft, falsification, estafa, or cybercrime is involved.
- Use the correct regulator: BSP for BSP-supervised institutions, SEC for lending and financing companies, NTC for telecommunications issues, and NPC for data-privacy violations.
- Obtain your CIC credit report and separately dispute any fraudulent account appearing in it.
- A registered SIM, OTP, uploaded ID, or selfie does not by itself prove valid consent to a loan.
- Keep every acknowledgment, reference number, affidavit, and written response until the loan record, SIM information, and credit report have all been corrected.