Introduction

Identity theft through an unauthorized loan application happens when a person’s name, personal information, identification documents, contact details, photograph, signature, biometrics, online account, phone number, or other identifying data are used to apply for a loan without that person’s knowledge or consent.

In the Philippine context, this problem has become more common because of online lending platforms, digital banks, e-wallet-linked credit products, salary loans, buy-now-pay-later services, mobile apps, and fast cash loan providers that rely on uploaded IDs, selfies, mobile numbers, employment details, and automated verification.

The victim usually discovers the problem only after receiving collection calls, demand letters, text messages, emails, app notifications, credit bureau alerts, employer calls, or threats from collectors. In some cases, the loan proceeds were released to another person’s bank account, e-wallet, or mobile wallet, while the victim is treated as the borrower.

The central legal issue is this: a person cannot be made liable for a loan they did not apply for, did not authorize, did not receive, and did not benefit from. But in practice, the victim must act quickly to dispute the loan, preserve evidence, notify the lender, protect their credit record, and consider civil, criminal, data privacy, and regulatory remedies.

---

What Is Identity Theft Through an Unauthorized Loan Application?

Identity theft through an unauthorized loan application occurs when someone uses another person’s identity to obtain credit, money, goods, services, or financial accommodation.

It may involve:

• Using a victim’s name and birthdate.
• Uploading a stolen government ID.
• Using a copied employee ID.
• Using a stolen selfie or edited photograph.
• Forging a signature.
• Creating an account using the victim’s phone number or email.
• Using a lost SIM card or compromised mobile number.
• Applying through an online lending app using the victim’s contact list.
• Submitting fake employment information.
• Using the victim as a borrower, co-borrower, guarantor, or reference without consent.
• Taking over the victim’s e-wallet, banking app, or email.
• Using personal data leaked from previous transactions.
• Using screenshots of IDs previously sent to employers, landlords, recruiters, sellers, or agents.
• Using information gathered from social media.

The unauthorized application may be made through a bank, lending company, financing company, online lending platform, cooperative, credit card issuer, salary loan provider, pawnshop, installment seller, or informal lender.

---

Basic Rule: No Consent, No Valid Loan Obligation

A loan is a contract. Like other contracts, it requires consent. If the supposed borrower never agreed to the loan, never signed the documents, never authorized the transaction, and never received the proceeds, then the essential element of consent is missing.

In principle, the victim should not be liable for the unauthorized loan.

A loan obtained through identity theft may be void or unenforceable against the victim because the victim did not consent. The person who used the victim’s identity may be liable for criminal, civil, and administrative consequences.

However, the victim must still formally dispute the debt. Silence or delay may create practical problems, especially if the lender reports the account as delinquent, sells it to a collection agency, files a small claims case, or continues collection activity.

---

Common Scenarios

1. Loan App Used the Victim’s ID Without Consent

A fraudster uploads the victim’s ID and possibly a photo or selfie to a lending app. The app approves the loan and releases proceeds to a bank or e-wallet account controlled by the fraudster.

The victim later receives collection messages.

2. Lost ID Used for Loan Application

The victim loses a driver’s license, passport, UMID, PhilID, company ID, or other document. Someone uses it to apply for a loan.

3. SIM Card or Phone Number Takeover

The fraudster controls the victim’s mobile number, receives one-time passwords, and uses the number to verify a loan application.

4. Forged Signature on Loan Documents

A physical or digital loan document bears the victim’s alleged signature, but the victim never signed it.

5. Unauthorized Co-Borrower or Guarantor

A borrower lists another person as a co-borrower, guarantor, surety, or reference without consent. The lender then collects from that person.

Being a mere character reference does not make someone liable for a loan. Liability as co-borrower, guarantor, or surety requires valid consent.

6. Employer or Payroll Loan Fraud

A loan is processed using the victim’s employment details or payroll account. The victim may discover deductions from salary or a demand from a salary loan provider.

7. Family Member Uses the Victim’s Identity

A relative, spouse, sibling, parent, child, partner, or housemate uses the victim’s ID or phone to apply for a loan.

The family relationship does not automatically make the victim liable. Consent still matters.

8. Data Breach Leads to Fraudulent Loan

Personal data exposed in a data breach is used for loan applications. The victim may have no direct relationship with the lender.

9. Online Seller or Recruiter Misuses ID

The victim previously submitted IDs to a fake job recruiter, landlord, online seller, buyer, travel agent, school, or broker. The documents are later used for a fraudulent loan.

---

Legal Character of the Unauthorized Loan

An unauthorized loan application may involve several overlapping legal issues:

1. Civil law issue — whether the victim is liable for the debt.
2. Criminal law issue — whether the fraudster committed identity theft, fraud, falsification, estafa, or cybercrime.
3. Data privacy issue — whether personal information was unlawfully processed, disclosed, retained, or used.
4. Consumer protection issue — whether the lender failed to verify identity or used abusive collection practices.
5. Credit reporting issue — whether the victim’s credit record was wrongfully damaged.
6. Regulatory issue — whether the lender violated rules applicable to banks, lending companies, financing companies, or online lending platforms.

These remedies may proceed separately or together.

---

Is the Victim Liable for the Loan?

Generally, no, if the victim can establish that the loan was unauthorized.

The victim should not be liable if:

• They did not apply for the loan.
• They did not sign the loan agreement.
• They did not authorize anyone to apply for them.
• They did not receive the proceeds.
• They did not benefit from the loan.
• Their identity documents were used without permission.
• Their signature, photo, account, or mobile number was misused.
• The lender failed to properly verify identity.

However, disputes may arise if the lender claims that the victim’s ID, selfie, OTP, digital signature, bank account, e-wallet, or phone number was used. The victim must then challenge the authenticity and authorization of the transaction.

---

What If the Loan Proceeds Were Sent to the Victim’s Account?

If loan proceeds were actually credited to the victim’s own bank account or e-wallet, the case becomes more complicated.

Possible explanations include:

• The victim applied but later forgot or denies it.
• A fraudster accessed the victim’s account.
• A family member used the victim’s device.
• The victim’s account was taken over.
• The victim received the funds but did not realize their source.
• The fraudster transferred the funds out immediately.
• The victim was tricked into sending the money elsewhere.

If the victim received the funds and kept or used them, the lender may argue that the victim benefited from the loan. If the victim’s account was compromised and the funds were immediately transferred by the fraudster, the victim should gather bank records, device logs, OTP records, and complaint reports.

The key questions are:

• Who controlled the receiving account?
• Who initiated the application?
• Who received the OTP?
• Who transferred or withdrew the proceeds?
• Did the victim benefit?
• Did the victim promptly report the unauthorized transaction?

---

What If the Loan Was Released to Another Person’s Account?

If the proceeds were released to an account not owned or controlled by the victim, that strongly supports the claim of identity theft.

The victim should request from the lender:

• Loan application record.
• Date and time of application.
• IP address or device information, if available.
• Mobile number and email used.
• ID submitted.
• Selfie or photo submitted.
• Bank or e-wallet account where proceeds were released.
• Loan agreement or digital consent record.
• OTP logs or verification details.
• Disclosure and consent forms.
• Collection records.
• Credit reporting details.

If the lender refuses to provide reasonable information, the victim may raise data privacy, consumer protection, and regulatory concerns.

---

Is an Unauthorized Loan Application a Crime?

It may be. Depending on the facts, the unauthorized use of identity to obtain a loan may involve several offenses.

Identity Theft

Identity theft generally involves acquiring, using, misusing, transferring, possessing, altering, or deleting another person’s identifying information without authority, especially when done through or involving computer systems.

Unauthorized loan applications through apps, websites, email, mobile devices, or digital platforms may fall under cybercrime-related identity theft concepts.

Estafa or Swindling

If a person used deceit to obtain money from a lender by pretending to be the victim, that may constitute estafa. The lender is deceived into releasing money, and the victim’s identity is used as part of the fraud.

Falsification

Falsification may occur if the fraudster forged signatures, fabricated IDs, altered documents, made false statements in public or private documents, or submitted falsified loan documents.

A loan agreement, promissory note, employment certificate, payslip, ID, bank statement, or authorization document may be falsified.

Use of Falsified Documents

Even if the person did not personally create the fake document, knowingly using it may create liability.

Unauthorized Access or Account Takeover

If the fraudster accessed the victim’s email, phone, online banking, e-wallet, lending app, or cloud storage without permission, cybercrime or access-related offenses may apply.

Data Privacy Violations

Unlawful processing, unauthorized disclosure, malicious disclosure, unauthorized access, or improper use of personal information may violate data privacy laws.

SIM-Related Fraud

If a SIM card or mobile number was used to commit fraud, additional issues may arise under SIM registration and telecommunications rules.

---

Civil Liability of the Fraudster

The person who used another’s identity may be civilly liable for:

• The amount obtained from the lender.
• Damage to the victim’s credit reputation.
• Emotional distress and anxiety.
• Costs of disputing the debt.
• Attorney’s fees.
• Litigation expenses.
• Consequential damages.
• Reputational harm.
• Loss of employment opportunities, if credit or employer records were affected.

Civil liability may be pursued in connection with a criminal case or through a separate civil action.

---

Possible Liability of the Lender

A lender is not automatically liable merely because it was also deceived. However, a lender may face liability if it failed to exercise reasonable verification, mishandled personal data, ignored a valid dispute, continued abusive collection, or wrongfully reported the victim as delinquent.

Possible lender issues include:

1. Failure to Verify Identity

Lenders must conduct reasonable borrower verification. Depending on the type of lender, this may include Know-Your-Customer procedures, identity checks, document validation, fraud detection, and confirmation of contact details.

Weak verification may support a complaint, especially if obvious red flags existed.

2. Unlawful Processing of Personal Data

If the lender processed the victim’s personal information without valid consent, legitimate basis, or adequate safeguards, it may be liable under data privacy principles.

3. Failure to Respond to Data Subject Requests

The victim may request access, correction, deletion, blocking, or information regarding the processing of their personal data. A lender that refuses without valid basis may face regulatory consequences.

4. Abusive Collection Practices

Some collectors shame, threaten, harass, contact employers, message relatives, post on social media, or misuse contact lists. These practices may violate lending, consumer protection, cybercrime, and data privacy rules.

5. Wrongful Credit Reporting

If the lender reports the victim as delinquent despite a valid identity theft dispute, the victim may challenge the report and seek correction.

6. Continuing Collection After Notice of Fraud

Once the victim formally disputes the loan and provides evidence of identity theft, the lender should investigate. Continuing aggressive collection without verification may expose the lender to liability.

---

Online Lending Apps and Identity Theft

Online lending apps are frequent sources of unauthorized loan complaints because they may approve loans quickly based on uploaded IDs, selfies, mobile numbers, contact lists, and automated checks.

Common problems include:

• Weak identity verification.
• Use of stolen IDs.
• Loan approvals without live verification.
• Loan proceeds sent to third-party accounts.
• Access to contact lists.
• Harassing contacts of the alleged borrower.
• Misuse of personal information.
• Threats of public shaming.
• Excessive interest or charges.
• Refusal to provide loan documents.
• Multiple reloan cycles under stolen identity.

Victims should document every message, call, email, app notification, and contact made to third parties.

---

Unauthorized Use as a Loan Reference

A person may be listed as a “reference” without consent. A reference is generally not liable for the borrower’s debt unless they separately agreed to be a guarantor, surety, co-maker, or co-borrower.

Collectors sometimes pressure references by saying:

• “You are responsible because the borrower listed you.”
• “You must pay because you know the borrower.”
• “We will report you.”
• “We will call your employer.”
• “We will visit your house.”
• “You are part of the case.”

These statements may be misleading. A reference is not a debtor merely because their name and number appear in the application.

If the person was falsely listed as a co-borrower, guarantor, or surety, they should demand proof of their signed consent.

---

Unauthorized Co-Borrower, Guarantor, or Surety

Being a co-borrower, guarantor, surety, or co-maker carries legal consequences. But the obligation must be based on valid consent.

A person is not bound if:

• Their signature was forged.
• Their digital consent was fabricated.
• Their ID was uploaded without consent.
• They were listed without knowledge.
• They never agreed to guarantee payment.
• They never received and accepted the loan terms.

The lender must prove the obligation. The alleged co-borrower or guarantor should request a copy of the loan contract and all proof of consent.

---

Unauthorized Salary Loan or Payroll Deduction

Some identity theft cases involve salary loans or payroll deductions. The victim may discover deductions from salary for a loan they did not authorize.

The employee should immediately notify:

• Employer or HR.
• Payroll department.
• Loan provider.
• Bank or payroll account provider.
• Data protection officer, if applicable.

The employee should demand suspension of deductions while the fraud claim is investigated. If deductions continue despite notice, the issue may involve labor, civil, data privacy, and consumer protection concerns.

---

What Should the Victim Do Immediately?

A victim should act quickly and in writing.

Step 1: Do Not Admit the Debt

The victim should avoid statements such as:

• “I will pay later.”
• “Can you reduce the amount?”
• “I borrowed but cannot pay.”
• “I will settle if you stop calling.”

Instead, say clearly:

“I dispute this loan. I did not apply for, authorize, receive, or benefit from this loan. My identity appears to have been used without my consent.”

Step 2: Request Documents

Ask the lender or collector for:

• Name of lender.
• Loan account number.
• Date of application.
• Loan amount.
• Loan agreement.
• Promissory note.
• Documents submitted.
• ID used.
• Selfie or biometric record, if any.
• Mobile number and email used.
• Receiving bank or e-wallet account.
• Proof of release of proceeds.
• Verification logs.
• Consent records.
• Payment history.
• Credit reporting details.
• Name of collection agency, if any.

Step 3: Send a Formal Dispute Letter

The letter should be sent by email, registered mail, courier, app support ticket, or other traceable channel.

Step 4: Preserve Evidence

Keep:

• Screenshots of collection messages.
• Call logs.
• Voicemails.
• Emails.
• Demand letters.
• App notifications.
• Social media messages.
• Names of collectors.
• Contact numbers used.
• Dates and times.
• Proof that third parties were contacted.
• Proof of harassment or threats.
• Evidence that the victim was elsewhere.
• Bank and e-wallet statements.
• Police blotter or complaint documents.
• Affidavit of denial, if needed.

Step 5: Secure Accounts

Immediately change passwords and secure:

• Email.
• Banking apps.
• E-wallets.
• Lending apps.
• Social media.
• Cloud storage.
• Mobile number.
• SIM registration details.
• Online shopping accounts.

Enable two-factor authentication where available.

Step 6: Report Lost or Stolen IDs

If an ID was lost or stolen, file a police report or affidavit of loss and notify the issuing agency when appropriate.

Step 7: File Complaints if Needed

Depending on the facts, the victim may file complaints with law enforcement, regulators, the lender’s data protection officer, and credit reporting bodies.

---

Sample Dispute Letter to Lender

Subject: Formal Dispute of Unauthorized Loan Application and Identity Theft

Dear Sir/Madam,

I am writing to formally dispute the loan account being collected from me under the name [Name] with reference number [Account Number, if known].

I did not apply for, authorize, receive, or benefit from this loan. I believe my personal information and/or identification documents were used without my consent. I therefore deny liability for this account and request that all collection activity against me be suspended while this matter is investigated.

Please provide copies of all documents and records relating to the application, approval, release, and collection of this loan, including the loan agreement, submitted IDs, application form, digital consent record, mobile number and email used, verification records, date and time of application, receiving bank or e-wallet account, proof of disbursement, and any credit reporting made under my name.

I also request that you preserve all records relating to this transaction and refrain from reporting or continuing to report this account as my obligation while the identity theft dispute is unresolved.

If my personal data was processed without lawful basis, I request appropriate correction, blocking, or deletion, subject to your legal retention obligations.

Thank you.

Sincerely, [Name]

---

Should the Victim Pay to Stop Harassment?

Generally, a victim should not pay a debt they dispute as fraudulent unless advised after proper review. Payment may be interpreted by the lender as acknowledgment or settlement, depending on the circumstances.

If the victim decides to settle for practical reasons, the settlement should be carefully documented and should not admit that the loan was valid. It should state that payment, if any, is made under protest or solely to mitigate damage, if appropriate.

But the better first step is to dispute in writing, demand proof, and report harassment.

---

What If Collectors Are Harassing the Victim?

Collection must be lawful. Even if a debt exists, collectors should not use harassment, threats, public shaming, obscene language, false legal claims, or abusive practices.

Potentially improper collection acts include:

• Threatening arrest for ordinary debt.
• Threatening public humiliation.
• Contacting the victim’s employer repeatedly.
• Messaging relatives, friends, or co-workers.
• Posting the alleged debt on social media.
• Sending edited photos or defamatory messages.
• Using insults or obscene words.
• Pretending to be police, court, prosecutor, or government officials.
• Threatening violence.
• Calling at unreasonable hours.
• Disclosing personal data to third parties.
• Claiming that a mere reference is legally liable.
• Refusing to identify the lender or collection agency.
• Continuing collection despite a documented identity theft dispute.

The victim should preserve evidence and file appropriate complaints.

---

Can a Person Be Arrested for an Unpaid Unauthorized Loan?

Generally, non-payment of a debt is not by itself a criminal offense. The Philippine Constitution prohibits imprisonment for debt.

However, fraud, falsification, estafa, identity theft, and other crimes may be prosecuted. The person who committed identity theft may face criminal liability. The victim should not be threatened with arrest for a loan they did not obtain.

If collectors threaten immediate arrest, jail, barangay posting, employer blacklisting, or police action without lawful basis, those threats should be documented.

---

Barangay, Police, NBI, and Prosecutor Remedies

Barangay

Barangay assistance may help document the dispute, especially if the fraudster is known and lives in the same area. However, many identity theft and cybercrime issues may require police, NBI, or prosecutor action.

Police

The victim may file a police blotter or complaint, especially for lost ID, harassment, threats, or known suspects.

NBI Cybercrime Division

If the unauthorized loan application involved online platforms, apps, fake accounts, digital documents, emails, phones, hacking, or online harassment, the NBI Cybercrime Division may be relevant.

PNP Anti-Cybercrime Group

The PNP Anti-Cybercrime Group may also investigate online identity theft and digital fraud.

Prosecutor’s Office

Criminal complaints for identity theft, falsification, estafa, or related offenses may be filed for preliminary investigation.

The victim should bring evidence, including screenshots, loan documents, dispute letters, IDs, proof of non-receipt, and communication records.

---

Data Privacy Remedies

Identity theft through loan applications almost always involves personal information. A victim has data privacy rights, including rights to be informed, access, object, correct, and seek remedies for unauthorized processing.

The victim may write to the lender’s Data Protection Officer and request:

• Confirmation whether personal data was processed.
• Source of the personal data.
• Copies of data submitted.
• Purpose of processing.
• Recipients or disclosures.
• Identity of processors or collection agencies.
• Correction of inaccurate records.
• Blocking or deletion of unlawfully processed data, where proper.
• Suspension of disclosure to collectors or credit bureaus during investigation.
• Incident report or fraud investigation result.

If the lender mishandled personal data, refused to respond, or allowed abusive disclosure, a complaint may be filed with the National Privacy Commission.

---

Credit Reporting Issues

Unauthorized loans can damage the victim’s credit record. This may affect future applications for:

• Housing loans.
• Car loans.
• Credit cards.
• Personal loans.
• Business loans.
• Postpaid plans.
• Installment purchases.
• Employment or background checks, in some cases.

The victim should ask the lender whether the account was reported to a credit bureau or credit information system. If reported, the victim should request correction, dispute annotation, or deletion if the account is proven fraudulent.

A victim should also keep written proof that the account is disputed due to identity theft.

---

What If a Small Claims Case Is Filed Against the Victim?

Some lenders may file a small claims case for unpaid loans. If the victim receives summons, they should not ignore it.

The victim should file a verified response and state that:

• They did not apply for the loan.
• Their identity was used without consent.
• The signature or digital consent is not theirs.
• They did not receive the proceeds.
• The receiving account is not theirs, if true.
• They reported the identity theft.
• The lender failed to verify identity.
• The lender should produce all application and disbursement records.

Evidence should be attached.

Small claims procedure is simplified, but the victim must still attend and defend. Ignoring the case may result in an adverse judgment.

---

What If the Lender Claims There Was Digital Consent?

Digital lending often relies on electronic consent, OTP, app clicks, selfies, and uploaded IDs.

A victim may challenge digital consent by asking:

• What device was used?
• What IP address was used?
• What mobile number received OTP?
• Was the mobile number registered to the victim?
• Was the email verified?
• Was a liveness check conducted?
• Was the selfie genuine or edited?
• Was the bank or e-wallet account in the victim’s name?
• Was the loan released to the same verified borrower?
• Was there a mismatch in information?
• Were there failed verification attempts?
• Was the application made from a suspicious location?
• Did the lender use reasonable fraud controls?

Digital records can support either side. The victim should demand preservation of logs.

---

Electronic Signatures and Unauthorized Loans

Electronic signatures may be valid in the Philippines, but only if properly attributable to the person and made with consent. A typed name, checkbox, OTP, or app click should not bind a person if it was made by an impostor.

The lender must show that the electronic act was attributable to the alleged borrower. If identity theft occurred, the victim can dispute the attribution and consent.

---

Forged Signatures

If the loan involves a handwritten or scanned signature, the victim may deny the signature and request document examination.

Evidence may include:

• Specimen signatures.
• Government ID signatures.
• Bank signature cards.
• Employment records.
• Notarized documents.
• Handwriting expert report.
• Testimony of the victim.
• Proof that the victim was elsewhere.
• Lack of receipt of proceeds.

A forged signature does not create consent.

---

Use of Stolen ID and Selfie

A stolen ID alone should not be enough to prove that the victim borrowed money. Lenders should verify identity, not merely collect documents.

If a selfie was used, issues may include:

• Was it a real-time selfie or uploaded old photo?
• Was liveness detection used?
• Was the photo edited?
• Was the ID held by the person in the selfie?
• Was the face matched to the ID?
• Was the applicant required to speak or move?
• Was there manual review?
• Were there signs of deepfake or image manipulation?

Victims should ask for copies of all images used.

---

Unauthorized Use of Contact List

Some lending apps access contact lists and message contacts during collection. If the victim never authorized the loan, the use of their contact list or disclosure of alleged debt to contacts may be especially problematic.

Even for valid borrowers, collection through public shaming or excessive contact of third parties may violate privacy and consumer protection standards.

Victims should document:

• Who was contacted.
• What was said.
• Screenshots of messages.
• Whether debt details were disclosed.
• Whether threats or defamatory statements were made.
• Whether the contacts were told the victim committed a crime.

---

Employer Contact and Workplace Harassment

Collectors may call the victim’s employer, HR department, supervisor, or co-workers. This can cause embarrassment and reputational damage.

If the loan is disputed as identity theft, the victim should send written notice to the lender and collection agency prohibiting unnecessary third-party disclosure. The victim may also inform HR that the debt is disputed and unauthorized.

Collectors should not use the workplace as a pressure point.

---

Family Member as Fraudster

When the fraudster is a family member, victims often hesitate to report. But failure to act may leave the victim with a damaged credit record and continuing collection.

Options include:

• Demand that the family member pay and assume the debt.
• Execute a written acknowledgment by the actual borrower.
• Submit the acknowledgment to the lender.
• File a barangay complaint, if applicable.
• File criminal or civil action for serious cases.
• Request the lender to transfer liability if the true borrower admits.
• Dispute the account formally.

A lender is not required to release the victim merely because a relative verbally admits the loan. Written proof and proper settlement are important.

---

When the Victim Previously Shared IDs Voluntarily

Many victims shared IDs for legitimate reasons, such as employment, rental, online selling, travel booking, school enrollment, remittance, or account verification. Later, those IDs are misused.

Voluntary sharing for one purpose does not authorize use for a loan. Personal data should be used only for legitimate and declared purposes. Reuse for unauthorized lending may be unlawful.

The victim should identify where the compromised documents may have come from and notify relevant entities if a data leak is suspected.

---

What If the Lender Refuses to Give Documents?

A lender may cite privacy, confidentiality, internal policy, or security. But the alleged borrower has a legitimate right to know what personal data and documents are being used against them.

The victim should make a written request and specify that the documents are needed to dispute identity theft.

If the lender still refuses, the victim may escalate to:

• The lender’s Data Protection Officer.
• Regulatory authority supervising the lender.
• National Privacy Commission.
• Law enforcement, if criminal fraud is involved.
• Court, if litigation arises.

---

What If the Collector Is Not the Original Lender?

Many loans are collected by third-party agencies or sold to debt buyers. The victim should demand:

• Name of original lender.
• Authority of the collection agency.
• Copy of assignment or endorsement, if relevant.
• Loan documents.
• Basis for collection.
• Contact details of the lender’s dispute department.
• Data source.
• Proof that the victim consented.

A collector cannot avoid proof by saying, “We only collect.” If they are collecting from the victim, they must be able to identify the obligation and the authority to collect.

---

What If the Victim Is Only a Reference?

A reference should send a short written notice:

• They are only a reference.
• They did not borrow.
• They did not guarantee the loan.
• They do not consent to repeated collection calls.
• They demand deletion or restriction of their number if unlawfully used.
• They will report harassment if it continues.

References should not pay unless they actually signed as guarantor, surety, co-maker, or co-borrower.

---

What If the Victim Is Listed as Guarantor Without Signature?

A guaranty or suretyship must be based on consent. If the alleged guarantor never signed or digitally agreed, they should dispute liability.

The victim should ask for:

• Guaranty agreement.
• Signature or digital acceptance.
• ID used.
• Verification record.
• Date and time of consent.
• OTP or confirmation log.
• Copy of terms accepted.

Without proof of consent, collection against the alleged guarantor may be improper.

---

What If the Victim’s PhilID, Passport, or Driver’s License Was Used?

Government IDs are often used for KYC. If a government ID was misused, the victim should:

• File a police report or affidavit if lost or stolen.
• Notify the lender.
• Request a copy of the submitted ID image.
• Check whether the ID copy was altered.
• Notify the issuing agency if appropriate.
• Monitor future unauthorized applications.
• Avoid posting ID photos online.
• Watermark ID copies when sending them for limited purposes.

For future transactions, victims may mark photocopies or scans with the purpose and date, such as: “For lease application only, submitted to [name], [date].”

---

What If the Victim’s Phone Number Was Used?

The victim should check:

• Was the SIM lost?
• Was there SIM swap or replacement?
• Did someone have access to the phone?
• Were OTPs received?
• Were text messages deleted?
• Was the number recycled?
• Was the number registered under the victim’s name?
• Did the lender verify only by OTP?

The victim may request records from the telco where appropriate and report suspected SIM fraud.

---

What If the Victim’s Email Was Used?

The victim should:

• Change email password.
• Check login history.
• Check forwarding rules.
• Check recovery email and phone.
• Review deleted messages.
• Search for loan confirmations.
• Enable two-factor authentication.
• Notify the lender that email use was unauthorized.
• Preserve suspicious messages.

Compromised email can be used to receive loan approvals, OTPs, and documents.

---

What If the Victim’s Bank or E-Wallet Was Used?

If an account was compromised, the victim should immediately notify the bank or e-wallet provider and request:

• Account freeze, if necessary.
• Transaction investigation.
• Device and login records.
• Transfer details.
• Recipient account details, where legally available.
• Chargeback or reversal review, if possible.
• Incident reference number.

Time is critical in digital financial fraud.

---

Evidence Checklist for Victims

A victim should collect:

• Valid IDs.
• Proof of lost or stolen ID, if applicable.
• Police report or blotter.
• Affidavit of denial.
• Screenshots of collection messages.
• Call logs.
• Demand letters.
• Emails from lender or collector.
• Loan account number.
• Copy of loan documents, if obtained.
• Proof of non-receipt of proceeds.
• Bank and e-wallet statements.
• Employment certificate or time records, if relevant.
• Travel records, if application was made while away.
• Proof of compromised email or phone.
• Reports to bank, telco, or e-wallet.
• Data privacy requests.
• Credit report dispute documents.
• Names and numbers of collectors.
• Proof that third parties were contacted.

Documentation makes the dispute stronger.

---

Affidavit of Denial

An affidavit of denial may help support a dispute. It usually states that the victim:

• Did not apply for the loan.
• Did not sign the loan documents.
• Did not authorize anyone to apply.
• Did not receive proceeds.
• Did not benefit from the loan.
• Discovered the account only through collection.
• Reported the incident.
• Requests investigation and correction.

The affidavit should be truthful and specific.

---

Should the Victim File a Police Report?

Yes, in many cases. A police report or blotter helps establish that the victim promptly denied the transaction.

It may be useful for:

• Lender dispute.
• Credit report correction.
• Bank or e-wallet investigation.
• Regulatory complaint.
• Criminal complaint.
• Defense in collection case.

A police report alone may not erase the debt record, but it supports the victim’s position.

---

Regulatory Complaints

Depending on the lender, complaints may be brought before appropriate regulators or agencies.

Possible channels include:

• The lender’s internal complaints unit.
• Data Protection Officer.
• National Privacy Commission for data privacy issues.
• Securities and Exchange Commission for lending or financing company issues.
• Bangko Sentral ng Pilipinas for banks, quasi-banks, supervised financial institutions, and certain digital financial services.
• Department of Trade and Industry for consumer issues, depending on the nature of the transaction.
• Law enforcement for criminal acts.
• Courts for civil liability or defense against collection.

The proper forum depends on the type of lender and the acts complained of.

---

When to File a National Privacy Commission Complaint

A privacy complaint may be appropriate when:

• Personal data was processed without consent or lawful basis.
• The lender refuses to provide access to data.
• The lender refuses to correct or block fraudulent information.
• The lender disclosed alleged debt to contacts or employer.
• Collectors used contact lists unlawfully.
• Personal information was posted or threatened to be posted online.
• The lender mishandled sensitive personal information.
• A data breach caused the fraudulent loan.
• The lender continued to process the victim’s data after notice of fraud without proper investigation.

The victim should first document communications and, when possible, send a written request or complaint to the entity’s Data Protection Officer.

---

When to File a Complaint with the SEC

A complaint may be relevant if the lender is a lending company, financing company, or online lending platform under SEC supervision.

Issues may include:

• Harassment.
• Abusive collection.
• Misleading or unfair practices.
• Unauthorized loan processing.
• Failure to disclose lender identity.
• Use of unregistered or abusive online lending apps.
• Data privacy violations connected with lending.
• Excessive or unclear charges.
• Failure to investigate identity theft.

The victim should include screenshots, account details, collection messages, and dispute letters.

---

When to File a Complaint with the BSP

A complaint may be relevant if the transaction involves a bank, e-wallet provider, digital bank, credit card issuer, payment system participant, or BSP-supervised financial institution.

Issues may include:

• Unauthorized account opening.
• Unauthorized loan or credit line.
• Account takeover.
• Unauthorized fund transfers.
• Failure to investigate fraud.
• Improper credit reporting.
• Mishandling of complaints.
• Weak identity verification.

The victim should first report to the institution and obtain a complaint reference number.

---

When to File a Criminal Complaint

A criminal complaint may be appropriate when:

• The fraudster is known.
• There is a forged signature.
• A fake ID was used.
• A loan was obtained through deceit.
• The victim’s account was hacked.
• A SIM or email was compromised.
• The fraud involved online platforms.
• The victim suffered financial or reputational harm.
• The lender or collector used threats, extortion, or public shaming.

The complaint should include documentary and digital evidence.

---

The Role of the Lender’s Investigation

After receiving a fraud dispute, a responsible lender should investigate:

• Whether the application was authentic.
• Whether the ID matched the applicant.
• Whether liveness checks were performed.
• Whether the mobile number and email were verified.
• Whether the receiving account belonged to the victim.
• Whether the same device applied for multiple loans.
• Whether there were suspicious patterns.
• Whether the loan proceeds were immediately transferred.
• Whether collectors complied with rules.
• Whether credit reporting should be paused or corrected.

The lender should communicate the result in writing.

---

Can the Lender Continue Charging Interest During the Dispute?

The lender may claim that interest continues under the loan contract. But if the account is fraudulent and the victim did not consent, the victim should dispute not only principal but also interest, penalties, collection fees, and credit reporting.

The victim should state that all charges are denied because the underlying obligation is unauthorized.

If the lender later confirms identity theft, it should reverse charges against the victim.

---

Can the Victim Demand Deletion of the Account?

The victim may request correction, blocking, or deletion of personal data unlawfully processed, subject to legal retention requirements. The lender may need to retain certain records for legal, audit, regulatory, or law enforcement purposes. But it should not continue treating the victim as liable if the account is confirmed fraudulent.

The victim may request:

• Mark account as disputed.
• Stop collection.
• Correct borrower record.
• Remove or correct credit reporting.
• Restrict processing.
• Preserve evidence for investigation.
• Delete or block unlawfully processed data where legally allowed.

---

Unauthorized Loan and Credit Score Damage

If the victim’s credit score or record is affected, the victim should:

• Obtain a credit report where available.
• Dispute the inaccurate account.
• Send the lender proof of identity theft.
• Ask for written confirmation of correction.
• Follow up with credit reporting entities.
• Keep all correspondence.

Wrongful credit reporting may cause real financial harm and may support damages in proper cases.

---

Defamation and Public Shaming

If collectors tell third parties that the victim is a scammer, criminal, or delinquent borrower, especially when the loan is disputed as identity theft, there may be possible claims for defamation, privacy violation, or damages.

Evidence should be preserved through screenshots, witness statements, recordings where lawful, and written accounts from recipients.

---

Threats and Extortion

Some collectors demand payment while threatening shame, exposure, false charges, or harm. Depending on the facts, this may involve grave threats, unjust vexation, coercion, extortion, cybercrime, or other offenses.

The victim should not engage emotionally. Preserve evidence and report.

---

What If the Lender Is Unregistered or Cannot Be Identified?

Some loan apps operate under unclear names, multiple app names, foreign operators, or hidden collection agencies.

The victim should document:

• App name.
• Developer name.
• Website.
• Phone numbers.
• Emails.
• Bank or e-wallet accounts used for payment.
• Collection messages.
• Screenshots from app store listing.
• Privacy policy.
• Loan agreement, if visible.
• Names used by collectors.

Complaints may be filed with regulators and app platforms where appropriate.

---

Does a Victim Need a Lawyer?

Not always, but legal assistance is helpful when:

• The amount is large.
• A court case is filed.
• The lender refuses to stop collection.
• Credit record is damaged.
• Harassment is severe.
• The fraudster is known.
• The victim’s employer is involved.
• There are multiple lenders.
• The victim’s bank or e-wallet was compromised.
• The dispute involves forged documents.
• The victim wants to file criminal or civil cases.

For simple cases, a written dispute with supporting evidence may be enough. For serious cases, counsel can help structure complaints and preserve claims.

---

Preventive Measures

Protect IDs

• Do not send IDs casually.
• Watermark ID copies with the recipient, purpose, and date.
• Avoid posting IDs online.
• Store scans securely.
• Report lost IDs promptly.
• Avoid giving IDs to unverified recruiters, buyers, sellers, or agents.

Protect Mobile Number

• Secure SIM.
• Avoid sharing OTPs.
• Set SIM PIN where available.
• Report lost phone or SIM immediately.
• Beware of SIM swap attempts.

Protect Email

• Use strong passwords.
• Enable two-factor authentication.
• Check login alerts.
• Do not reuse passwords.
• Watch for phishing links.

Protect E-Wallet and Bank Accounts

• Enable security features.
• Do not share passwords or OTPs.
• Review transactions regularly.
• Report unauthorized activity immediately.

Limit Social Media Exposure

Fraudsters can use public information such as birthday, address, employer, family names, and photos to answer verification questions or create convincing applications.

Monitor Credit and Loan Messages

Unexpected OTPs, loan confirmations, app messages, or collection texts should be investigated immediately.

---

Employer Issues

Employers may become involved if:

• The fraudster used a fake certificate of employment.
• The lender contacts HR.
• Salary deduction is attempted.
• The loan is a payroll-linked product.
• The employee’s company ID was used.

The employee should notify HR in writing that the loan is disputed as identity theft. Employers should be cautious about disclosing employee information to collectors without proper authority.

---

Unauthorized Loan Using Fake Certificate of Employment

If a fake certificate of employment, payslip, or HR contact was used, the employer may also be a victim. The employer may issue a certification that:

• It did not issue the submitted document.
• The employee did not authorize the loan.
• The salary or employment details are false.
• The company does not have a salary deduction arrangement for the loan.

This can help the victim dispute the account.

---

Unauthorized Loan in the Name of a Deceased Person

Identity theft may also involve deceased persons. A loan supposedly obtained after death is fraudulent because a deceased person cannot consent.

Heirs or family members may dispute the debt by presenting:

• Death certificate.
• Proof of date of death.
• Loan application date.
• Demand letters.
• IDs used.
• Proof that the proceeds were released to another account.

The estate should not be made liable for a fraudulent post-death loan unless there are unusual facts.

---

Unauthorized Loan in the Name of a Minor

If a minor’s identity is used to obtain a loan, the transaction is highly suspect. Minors generally have limited capacity to contract. The parent or guardian should dispute the loan, report identity theft, and demand deletion or correction of the minor’s data where appropriate.

---

Unauthorized Loan by Spouse or Partner

Marriage or relationship does not automatically authorize one spouse or partner to borrow in the other’s name. If one spouse forges the other’s consent, the innocent spouse may dispute liability.

However, issues may become complex if the loan benefited the family, was deposited into a joint account, or was used for household expenses. The facts matter.

---

Unauthorized Loan and Data Breach

If several people suddenly receive loan demands after submitting IDs to the same company, recruiter, platform, or service provider, there may be a data breach or insider misuse.

Victims should coordinate, preserve evidence, and file complaints. The entity that lost or mishandled the data may have obligations to investigate and notify affected individuals and regulators.

---

Multiple Unauthorized Loans

Identity theft victims may face multiple loans from different platforms. In that case, the victim should:

• Create a master list of all lenders.
• Send separate dispute letters.
• File a police or cybercrime report covering all accounts.
• Preserve all collection messages.
• Check credit reports.
• Report compromised IDs and accounts.
• Consider a consolidated complaint to regulators.
• Secure all digital accounts.

Multiple loans suggest organized misuse of personal data.

---

What If the Victim Previously Borrowed from the Same App?

If the victim previously had a legitimate account with the same lending app, a later unauthorized loan may result from account takeover or unauthorized reloan.

The victim should check:

• Was the reloan initiated from the same device?
• Was OTP required?
• Was the bank account changed?
• Was the amount disbursed to the same account?
• Were there unusual logins?
• Did the app verify the reloan?
• Was consent clearly obtained?

A prior legitimate loan does not authorize future loans without consent.

---

Unauthorized Loan Through Buy-Now-Pay-Later or Installment Apps

Identity theft can also happen when a fraudster uses the victim’s identity to buy goods on installment.

The victim should request:

• Merchant name.
• Item purchased.
• Delivery address.
• Recipient name.
• Proof of delivery.
• Device used.
• ID and selfie submitted.
• Payment account used.

Delivery address and recipient records may identify the fraudster.

---

Unauthorized Credit Card or Credit Line

If identity theft results in a credit card or credit line, the victim should dispute immediately and request:

• Application documents.
• Delivery address of card.
• Activation records.
• Transaction history.
• Merchant details.
• Device or phone used for activation.
• Statements.
• Credit bureau reporting status.

Unauthorized credit accounts can cause long-term credit damage.

---

Demand Letters from Law Offices

Some collection demands are sent by law offices or agencies using legal language. The victim should respond in writing and deny the debt clearly.

The response should request proof of authority and loan documents. If the law office threatens criminal prosecution for mere non-payment, that should be documented.

A legitimate law office should be able to provide the basis of the claim.

---

Court Summons Versus Collection Threats

A real court summons is different from a collection threat.

A real summons usually comes from a court and includes:

• Case title.
• Case number.
• Court branch.
• Complaint.
• Summons document.
• Instructions to respond.
• Official service.

The victim must not ignore a real summons. But fake “subpoena,” “warrant,” “final notice,” or “legal arrest notice” messages from collectors should be verified.

---

Can the Victim Sue for Damages?

Yes, in proper cases. A victim may sue the fraudster and possibly others who caused or worsened the harm.

Possible grounds for damages include:

• Unauthorized use of identity.
• Fraud.
• Falsification.
• Harassment.
• Defamation.
• Privacy violations.
• Wrongful credit reporting.
• Negligent verification.
• Failure to investigate.
• Emotional distress.
• Loss of opportunity due to damaged credit.

The victim must prove damage and causation.

---

Practical Defense Against Collection

A strong written defense usually includes:

1. Clear denial of application and consent.
2. Denial of receipt of proceeds.
3. Request for complete documents.
4. Notice to stop collection while under dispute.
5. Request to preserve records.
6. Demand to stop contacting third parties.
7. Request to correct credit reporting.
8. Attached proof, such as police report or affidavit.
9. Reservation of rights to file complaints.

The victim should keep the tone firm and factual.

---

Sample Short Response to Collector

I dispute this account. I did not apply for, authorize, receive, or benefit from this loan. My identity appears to have been used without my consent. Please stop collection activity and provide the loan documents, application records, submitted IDs, consent records, and proof of disbursement. Do not contact my employer, relatives, friends, or other third parties regarding this disputed account.

---

Important Do’s and Don’ts

Do

• Dispute the loan in writing.
• Ask for documents.
• Preserve evidence.
• Report lost IDs.
• Secure accounts.
• File police or cybercrime reports when appropriate.
• Contact the lender’s official channels.
• Report abusive collection.
• Check credit records.
• Respond to court papers.

Don’t

• Ignore formal legal notices.
• Pay without documentation if you dispute the loan.
• Admit the debt casually.
• Share more IDs with unverified collectors.
• Click suspicious links.
• Give OTPs to anyone.
• Delete messages.
• Argue emotionally with collectors.
• Sign settlement documents without reading.
• Assume the issue will disappear.

---

Key Legal Principles

The core principles are:

1. A person is not liable for a loan they did not authorize.
2. A loan requires consent.
3. Forged signatures and fake digital consent do not bind the victim.
4. A reference is not a guarantor.
5. A co-borrower or guarantor must validly consent.
6. Identity theft may create criminal, civil, data privacy, and regulatory liability.
7. Lenders must reasonably verify borrower identity.
8. Collection must be lawful and non-abusive.
9. Personal data cannot be processed or disclosed without lawful basis.
10. Wrongful credit reporting may be challenged.
11. Victims should dispute quickly and preserve evidence.
12. Court summons must be answered even if the debt is fraudulent.

---

Conclusion

Identity theft through an unauthorized loan application is a serious legal problem in the Philippines. It can expose an innocent person to collection harassment, credit damage, employer embarrassment, legal threats, and financial stress. But the legal foundation remains clear: without consent, there is no valid loan obligation against the victim.

The victim should promptly deny the debt in writing, demand the loan documents and verification records, preserve evidence, secure accounts, report the identity theft, and escalate to regulators or law enforcement when needed. If the lender or collector continues abusive collection, discloses the alleged debt to third parties, refuses to investigate, or reports the account as delinquent despite a valid dispute, additional remedies may be available.

For lenders, the lesson is equally important: fast loan approval must not come at the expense of proper identity verification, data protection, and fair collection. A stolen ID, copied selfie, compromised phone number, or forged digital consent should not be treated as proof of a valid debt without careful investigation.

For the public, prevention matters. Protect IDs, secure mobile numbers, avoid sharing OTPs, watermark documents, monitor accounts, and act immediately when suspicious loan messages appear. In identity theft cases, speed, documentation, and written disputes are often the difference between quick correction and prolonged legal trouble.