Discovering that someone registered a SIM, opened an e-wallet, accessed an online bank account, or transferred money using your identity can be frightening. The most important point is that this is not merely a “telco problem” or a “banking problem.” It may involve identity theft, unlawful processing of personal data, financial account scamming, access-device fraud, falsification, and cybercrime. You need to act on several tracks at the same time: secure your accounts, stop the movement of funds, preserve evidence, correct the false SIM registration, and create formal records with the proper agencies.
How SIM registration identity theft leads to online banking fraud
A criminal does not always need to steal your physical phone. Common schemes include:
- Registering a new SIM using a copy or altered image of your government ID.
- Taking over your existing mobile number through an unauthorized SIM replacement or “SIM swap.”
- Using a fraudulently registered SIM to receive one-time passwords or open bank and e-wallet accounts in your name.
- Impersonating a telco, bank, government office, employer, delivery company, or online marketplace to obtain your password, OTP, selfie, or ID.
- Opening a financial account using your identity, then using it as a receiving or “mule” account for scam proceeds.
- Linking a fraudulent number to your email, social-media account, digital wallet, or online banking profile.
Warning signs include suddenly losing mobile service, receiving notices about a SIM or account you did not register, unexplained password-reset messages, unfamiliar loans or e-wallet accounts, unauthorized transfers, or calls from victims and investigators who believe an account in your name received stolen money.
Philippine laws that protect victims
SIM Registration Act
Republic Act No. 11934, or the SIM Registration Act of 2022, requires SIM registration and prohibits the use of fictitious identities or fraudulent identification documents. Providing false information or using a fictitious identity or fraudulent ID for SIM registration may result in imprisonment, a fine, or both.
Under the law’s implementing rules issued through NTC Memorandum Circular No. 001-12-2022, telecommunications companies must maintain secure SIM-registration systems, protect registration information, and immediately bar SIMs reported lost or stolen. Relevant information concerning a deactivated SIM must generally be retained for ten years from deactivation, which is why victims should specifically request preservation of registration and account records. (LawPhil)
Cybercrime Prevention Act
Republic Act No. 10175, or the Cybercrime Prevention Act of 2012, punishes computer-related identity theft—the intentional acquisition, use, misuse, transfer, possession, alteration, or deletion of identifying information belonging to another person without right.
Depending on what happened, investigators may also consider illegal access, computer-related fraud, data interference, or offenses under another law committed through information and communications technology.
Anti-Financial Account Scamming Act
Republic Act No. 12010, or the Anti-Financial Account Scamming Act of 2024, commonly called AFASA, directly addresses schemes involving bank accounts, e-wallets, credit accounts, and other financial accounts.
AFASA covers, among other acts:
- Opening an account using another person’s identity or identification documents.
- Using, lending, renting, buying, or selling financial accounts for criminal proceeds.
- Obtaining passwords, account details, OTPs, or other sensitive financial information through deception.
- Impersonating a bank or financial institution to obtain account credentials.
- Aiding, abetting, or attempting these offenses.
Banks and other BSP-supervised institutions must maintain adequate account-verification, multi-factor authentication, fraud-monitoring, and risk-management systems. A financial institution may be required to restore funds when loss resulted from its failure to maintain adequate controls or exercise the legally required degree of diligence. A criminal conviction of the scammer is not required before restitution may be considered. However, reimbursement is not automatic in every fraud case; the institution will examine its controls, the customer’s actions, transaction records, and how the account was compromised. (LawPhil)
Data Privacy Act
Republic Act No. 10173, or the Data Privacy Act of 2012, applies when an ID, selfie, address, phone number, account information, or other personal data was unlawfully collected, disclosed, accessed, or used.
A victim may exercise data-subject rights that include access to personal information relating to them, correction of inaccurate information, and blocking or removal in appropriate circumstances. Organizations controlling personal data must use reasonable organizational, physical, and technical security measures. The law also penalizes unauthorized processing, unauthorized use, negligent access, concealment of breaches, and processing for unauthorized purposes. (National Privacy Commission)
Other possible offenses
The facts may also support charges under:
- Republic Act No. 8484, the Access Devices Regulation Act of 1998, as amended by RA 11449.
- Article 315 of the Revised Penal Code on estafa or swindling.
- Articles 171, 172, or related provisions on falsification, depending on the document and offender.
- Republic Act No. 8792, the Electronic Commerce Act, for certain hacking or unauthorized-access conduct.
- The Anti-Money Laundering Act when criminal proceeds are routed through accounts.
AFASA expressly allows prosecution under other applicable laws. (LawPhil)
What victims should do immediately
1. Preserve evidence before changing everything
Take screenshots or photographs of:
- Unauthorized transaction notices.
- SIM-registration confirmations.
- Messages about password, email, device, or mobile-number changes.
- Scam texts, email headers, chat conversations, usernames, profile links, and phone numbers.
- Bank statements and transaction histories.
- Transaction reference numbers, recipient institutions, amounts, dates, and exact times.
- Device notifications showing loss of mobile signal.
- Calls or messages from persons claiming that an account in your name received money.
Export statements and emails when possible rather than relying only on screenshots. Keep the original files. Do not crop out dates, URLs, account identifiers, or timestamps.
Prepare a simple chronology showing what happened, beginning with the last time you had normal control of your SIM and accounts.
2. Contact your telecommunications provider
Use the telco’s official hotline, app, website, or physical store—not a number or link contained in the suspicious message.
Tell the provider clearly:
“My identity appears to have been used for an unauthorized SIM registration or SIM replacement. I did not authorize this registration. Please immediately block or deactivate the SIM, preserve all registration and account records, correct the registration information, and issue a case reference number and written confirmation.”
Request the following:
- Immediate barring or deactivation of the fraudulent or compromised SIM.
- Suspension of unauthorized SIM-replacement activity.
- Restoration of your legitimate number, when appropriate.
- Correction or cancellation of the false registration.
- Preservation of the registration form, submitted ID image, selfie, IP logs, timestamps, device information, store or agent details, replacement requests, and account changes.
- Written confirmation that you disputed the registration.
- A case or ticket number.
Bring or submit your valid ID, proof that you own the legitimate number, old SIM packaging if available, billing records, screenshots, and an affidavit describing the unauthorized registration.
The telco may refuse to give you personal information belonging to a suspected offender. That does not prevent you from requesting information about how your own identity was processed or asking the company to preserve evidence for law enforcement.
3. Report the fraud to the bank or e-wallet immediately
Use the institution’s 24-hour fraud-reporting channel. Do not wait for a police report before making the initial bank complaint.
Request:
- Immediate disabling of online and mobile access.
- Blocking of cards, linked devices, tokens, and fund-transfer functions.
- Removal of unauthorized email addresses, numbers, devices, and beneficiaries.
- Investigation of all disputed transactions.
- Tracing and temporary holding of transferred funds under AFASA.
- Preservation of login, device, IP, authentication, call, chat, and transaction records.
- A written acknowledgment and case reference number.
- A list of documents needed to continue the investigation.
Give the originating bank—the bank or wallet from which your money was taken—the recipient institution, account or wallet number, transaction reference, date, time, and amount.
Under BSP Circular No. 1215, a complaint through the originating institution’s fraud or consumer-assistance channel can trigger coordinated tracing and verification. Funds still within participating financial institutions may initially be held for up to five calendar days. When legally justified, the hold may be extended by up to another 25 calendar days, for a total of up to 30 days without a court extension. The rule does not guarantee recovery when the money has already been withdrawn, converted, transferred abroad, or moved outside the regulated financial system.
Use direct language:
“I dispute these transactions as unauthorized. Please initiate the AFASA temporary-holding and coordinated-verification process, trace the transaction chain, preserve all records, and provide my complaint reference number.”
4. Secure the rest of your digital identity
After preserving the evidence:
- Change the password of your primary email account first.
- Sign out all other email sessions and remove unknown recovery numbers or addresses.
- Change bank, e-wallet, social-media, cloud-storage, and shopping-account passwords.
- Use unique passwords rather than variations of the same password.
- Replace SMS-only authentication with an authenticator app or hardware security key where available.
- Remove unknown devices and applications.
- Check whether your email has forwarding rules you did not create.
- Inform banks and wallets where your mobile number is used, even if no unauthorized transaction has appeared yet.
- Review credit cards, loans, insurance accounts, government portals, and online marketplaces for unfamiliar activity.
Do not send a complete unredacted ID, password, PIN, or OTP through social media or an unverified email address. BSP does not require a consumer’s password, PIN, full card number, passbook, passport, or other full identification credentials to process a BSP consumer complaint.
5. Execute an affidavit of identity theft and unauthorized transactions
A detailed affidavit creates a consistent formal account that can be submitted to the telco, financial institution, police, prosecutor, NTC, BSP, or NPC.
Include:
- Your complete name, address, contact information, and identifying details.
- The legitimate SIMs and financial accounts you own.
- The registration, SIM replacement, account opening, or transactions you did not authorize.
- When and how you discovered the fraud.
- Confirmation that you did not consent to the use of your ID or personal information.
- Whether you still possess the original ID and SIM.
- The steps you took and the case numbers issued.
- A numbered list of attached evidence.
- A request for investigation, preservation of records, correction of false information, and recovery of funds.
Have the affidavit notarized. Make several certified or notarized copies if different institutions require originals.
6. Report the crime to law enforcement
You may report to:
- The nearest police station.
- The Philippine National Police Anti-Cybercrime Group.
- The National Bureau of Investigation Cybercrime Division.
- The Cybercrime Investigation and Coordinating Center.
- The proper city or provincial prosecutor’s office, usually with a complaint-affidavit and supporting documents.
A barangay blotter may help establish when you first reported the incident, but it is not a substitute for a cybercrime investigation, bank dispute, telco complaint, or prosecutor’s complaint.
Ask the receiving investigator for:
- The complaint or reference number.
- A stamped receiving copy.
- The investigator’s name and contact information.
- Guidance on any additional affidavit, device examination, or document certification required.
- Immediate preservation requests to the telco, bank, e-wallet, email provider, or online platform.
Cybercrime evidence can disappear or become harder to obtain as records age. Early preservation requests are often more important than immediately identifying the individual scammer.
Documents victims should prepare
| Document or evidence | Why it matters |
|---|---|
| Valid government-issued ID | Confirms your real identity |
| Proof of ownership of the legitimate SIM | Helps distinguish your number from a fraudulent SIM or unauthorized replacement |
| Old SIM bed, postpaid bill, load records, or telco account history | Supports continuous ownership and use |
| Bank or e-wallet statements | Identifies unauthorized transactions |
| Transaction references and recipient details | Allows institutions to trace the money |
| Screenshots and original electronic files | Preserves messages, timestamps, URLs, and account changes |
| Affidavit of identity theft | Provides a sworn and consistent narrative |
| Police or NBI report | Supports the investigation and extended fund-holding request |
| Telco and bank case numbers | Proves prompt reporting |
| Copies of written complaints and responses | Needed for escalation to regulators |
| Device, email, and login alerts | Helps establish unauthorized access |
| Proof of location or travel | Useful when transactions occurred while you were elsewhere |
Keep an index of documents. Label attachments as Annex “A,” “B,” “C,” and so on. Submit copies unless an agency expressly requires the original.
Where to escalate unresolved complaints
Telecommunications company and NTC
The telco is the first place to request deactivation, correction, number restoration, and record preservation.
When the company does not resolve the registration or refuses to act, file a complaint with the National Telecommunications Commission, ordinarily through the NTC office or One Stop Public Assistance Center covering your location. NTC consumer-protection guidelines contemplate escalation when a service provider fails to address a consumer complaint within 30 days. In an active fraud case, however, do not wait 30 days before notifying law enforcement, your banks, and the telco’s fraud unit. (Region 7 NTC)
Attach your written telco complaint, ticket numbers, proof of identity, affidavit, and the response or evidence of nonresponse.
Bank or e-wallet and BSP
Every BSP-supervised institution must maintain a Financial Consumer Protection Assistance Mechanism, or FCPAM. This is the first-level complaint process.
When the institution denies the claim, fails to act, or gives an inadequate response, escalate the matter through the Bangko Sentral ng Pilipinas Consumer Assistance Mechanism. The BSP’s official complaint guide instructs consumers to complain to the financial institution first and then use the BSP Online Buddy or submit the prescribed complaint form with proof of the prior complaint. (Bureau of Small and Medium Enterprises)
The BSP complaint should include:
- The bank or wallet’s case number.
- Your written complaint and the institution’s final response.
- Transaction references and statements.
- Your affidavit and police report, when available.
- The specific resolution requested, such as reversal, restoration of access, correction of account information, or further investigation.
National Privacy Commission
A privacy complaint may be appropriate when a telco, bank, agent, employer, lending company, platform, or other entity unlawfully disclosed, processed, retained, or failed to protect your personal information.
Before filing, generally send the entity a written request or complaint and give it an opportunity to address the violation. Attach the correspondence and response to your NPC complaint.
The National Privacy Commission’s formal complaint procedure requires the prescribed or otherwise compliant complaint to be completed, verified or notarized, supported by evidence, and submitted through an accepted channel. NPC rules also require the respondent to be identified when possible, the material facts and requested relief to be stated, and prior correspondence to be attached. (National Privacy Commission)
An NPC case addresses privacy rights and organizational compliance. It does not replace a criminal complaint or the bank’s fund-recovery process.
Can the bank be required to return the money?
Possibly, but the answer depends on the evidence.
AFASA provides that a financial institution may be liable for restitution when it failed to employ adequate risk-management systems and controls or failed to exercise the required degree of diligence. It may also be liable when it was required to hold disputed funds but improperly failed to do so. Conviction of the offender is not a prerequisite to restitution under Section 6. (LawPhil)
Relevant questions include:
- Did the bank properly verify a new device, SIM, email address, or account change?
- Was there a pause or enhanced verification for a high-risk transaction?
- Did its fraud-monitoring system detect unusual activity?
- How quickly did the victim report the fraud?
- Could the transferred funds still have been held?
- Did the institution coordinate with the receiving bank?
- Were the authentication records reliable?
- Did the customer knowingly disclose a password or OTP?
- Was that disclosure itself obtained through a social-engineering offense?
- Did the institution give clear, timely instructions and findings?
The presence of a correct OTP does not by itself explain whether the victim knowingly approved the transfer, whether the SIM had been taken over, or whether the bank’s security controls were adequate. Conversely, a victim’s unreasonable delay or voluntary disclosure of credentials may complicate the claim. The complete transaction and authentication trail must be examined.
Common mistakes that weaken an identity-theft case
Reporting only by telephone
A phone call may stop immediate activity, but it can be difficult to prove later. Always obtain a ticket number and follow up in writing.
Deleting the scam conversation
Even embarrassing messages may show impersonation, deception, account details, or the exact time credentials were obtained. Preserve them.
Resetting or disposing of the phone immediately
Changing credentials is necessary, but first capture the relevant notifications, messages, device details, and account sessions. Do not factory-reset a potentially important device unless necessary for safety or instructed by a qualified investigator.
Treating the matter as only a lost-SIM problem
The offender may already have opened accounts, changed email settings, applied for credit, or transferred money. Check the entire identity ecosystem.
Filing only a barangay blotter
Barangay documentation can support the timeline, but barangay officials cannot order a bank to trace funds or compel a telco to produce cybercrime evidence.
Waiting for the police report before notifying the bank
Funds can move within minutes. Notify the financial institution first, then submit the police report and affidavit as soon as they are available.
Accepting a verbal denial from the bank
Ask for the final findings in writing, including the institution’s basis for treating the transactions as authorized and the records it considered.
Making an inaccurate or exaggerated fraud report
AFASA penalizes malicious reporting made in bad faith when completely unwarranted or false information causes funds to be held. Report only the transactions you genuinely dispute and correct any mistake promptly. (LawPhil)
Special considerations for Filipinos and foreigners abroad
A victim outside the Philippines can usually make initial telco, bank, BSP, and privacy reports online. Preserve evidence showing where you were when the SIM registration or transaction occurred, such as immigration records, boarding passes, employment attendance, foreign mobile records, or card transactions.
When a representative in the Philippines must personally submit documents, obtain records, or attend proceedings, the victim may execute a Special Power of Attorney. A private document executed in a country participating in the Apostille Convention is generally notarized locally and apostilled by that country’s competent authority. Consular notarization may be used where appropriate. Requirements differ by country and by the receiving institution, so the SPA should list the authorized acts specifically. (Philippine Embassy)
Foreign nationals whose passport or Philippine-issued identification was used should also preserve passport stamps, visa documents, Alien Certificate of Registration records, and proof of their actual Philippine address or absence from the country.
Frequently Asked Questions
Someone registered a SIM using my name. What should I do first?
Contact the telco through an official channel and request immediate deactivation, correction of the registration, preservation of records, and a case number. At the same time, notify every bank or e-wallet connected to your identity or mobile number.
Can I find out whose phone or device was used?
You may request access to personal information relating to you, but the telco may not directly release third-party subscriber, device, or location information. Investigators can seek the relevant records through lawful preservation requests, subpoenas, court orders, or cybercrime warrants.
How quickly can transferred funds be frozen?
Under current BSP AFASA rules, an initial temporary hold may last up to five calendar days and may be extended, when justified, for up to 25 additional days. The practical result depends on how quickly the fraud is reported and whether the funds remain traceable within participating institutions.
Is a police blotter enough for the bank?
Usually not by itself. Banks commonly require a signed dispute, affidavit, transaction details, valid ID, and supporting evidence. A police or NBI report strengthens the claim but does not replace the bank’s own fraud-investigation process.
What if I gave the scammer my OTP?
Report the transaction anyway. Explain exactly how the OTP was obtained and what the scammer represented. Social engineering that obtains sensitive financial information through deception is expressly covered by AFASA. The bank will still assess the transaction, its controls, and your actions.
What if a bank or e-wallet account was opened in my name?
Send the institution a written denial that you opened or controlled the account. Request restriction or closure, preservation of onboarding and transaction records, correction of your personal data, and written confirmation that you dispute ownership. File reports with law enforcement and, when appropriate, BSP and the NPC.
Am I liable to people who sent money to the fraudulent account?
The use of your name alone does not establish that you participated in the fraud. Respond promptly to notices and preserve proof that you did not open, control, or benefit from the account. Do not ignore subpoenas, demand letters, police invitations, or prosecutor’s notices.
Can I demand an immediate refund from the bank?
You may demand investigation and restitution, but an immediate refund is not automatic. Liability depends on the circumstances, including the institution’s security controls, the transaction trail, the speed of reporting, and whether the customer authorized or contributed to the loss.
Can I file complaints even if I am outside the Philippines?
Yes. Initial complaints can ordinarily be submitted remotely. A properly notarized, consularized, or apostilled affidavit or Special Power of Attorney may be required for formal proceedings or transactions performed through a Philippine representative.
Key Takeaways
- Report the fraud to the telco and financial institution immediately; do not wait for a police report.
- Ask the bank to initiate AFASA tracing, temporary holding, and coordinated verification.
- Request written case numbers, record preservation, and formal findings.
- Preserve screenshots, original files, statements, transaction references, and a detailed chronology.
- File a cybercrime report with the PNP, NBI, or other proper law-enforcement office.
- Escalate unresolved banking issues to BSP, telecom issues to NTC, and personal-data violations to the NPC.
- A fraudulent SIM registration can lead to wider identity misuse, so secure your email, financial accounts, government portals, and online profiles.
- Bank reimbursement is fact-dependent, but AFASA allows restitution in proper cases without waiting for the scammer’s criminal conviction.