Laws on Fraud and Scams in the Philippines

(A practical, lawyerly overview — Philippine context; current as of mid-2025. This is general information, not legal advice.)

1) Big picture: how Philippine law treats “fraud” and “scams”

“Fraud” is not a single, catch-all offense. Philippine law addresses deceitful schemes through:

Criminal statutes (punishing deceit, misappropriation, falsification, cyber-fraud, investment scams, credit-card fraud, bad checks, illegal recruitment, etc.).
Civil law (voiding contracts vitiated by fraud and awarding damages).
Regulatory/administrative regimes (consumer protection, data privacy, AML/CFT, securities, e-commerce). A single incident can trigger criminal, civil, and regulatory consequences at once.

2) Core criminal offenses under the Revised Penal Code (RPC)

A. Estafa (Swindling) – Article 315

The workhorse fraud crime. Three broad modes:

Abuse of confidence / misappropriation – You receive money/property in trust, on commission, for administration, or by any other obligation to deliver or return, then misappropriate/convert it. – Classic cases: unremitted sales proceeds; “paluwagan” treasurer absconds; agent pockets client’s funds.
False pretenses or fraudulent acts (committed before or at the time of the transaction) – Examples: pretending to have power, property, credit, qualifications; passing off counterfeit documents; postdating or issuing a check in payment knowing funds are insufficient; using a fictitious name to induce delivery of money or property.
Other fraudulent means – Catch-all for crafty stratagems not precisely listed above, so long as deceit and damage or prejudice result (actual loss or disturbance of property rights suffices).

Elements (typical): (i) deceit or abuse of confidence; (ii) victim relies and parts with money/property; (iii) damage results. Penalties: Graduated by the amount defrauded (values and penalties were updated by R.A. 10951). If done through ICT/computers, penalty is one degree higher (see Cybercrime Act, below). Notes: Payment or novation after the crime does not erase criminal liability (though it can mitigate civil liability).

B. “Other swindling/deceits” (Articles 316–318)

These penalize, among others, selling or encumbering property as if free when it’s actually mortgaged, disposing of property one does not own, and miscellaneous deceits not covered by Art. 315.

C. Falsification & use of falsified documents (Arts. 171–172)

Forging or falsifying public/private documents (e.g., spurious land titles, altered IDs, fabricated receipts) and using them can stand alone or be complexed with estafa.

D. Syndicated/large-scale swindling

P.D. 1689 increases penalties when swindling/estafa is committed by a syndicate (traditionally five or more acting together) and often where the public is defrauded (e.g., “investment houses” posing as cooperatives). Death penalty is abolished; the maximum is reclusion perpetua where elements fit.

3) Key special penal laws that frequently apply to scams

A. Cybercrime Prevention Act of 2012 (R.A. 10175)

Creates computer-related offenses including computer-related fraud and identity theft.
Section 6: If an RPC or special-law crime is committed by/through/with the use of ICT, the penalty is one degree higher. This is why online estafa hurts more.
Provides real-world + online jurisdiction, specialized warrants, and takedowns.

B. Electronic Commerce Act of 2000 (R.A. 8792)

Recognizes electronic data messages and electronic signatures.
Penalizes hacking and system interference; complements the Cybercrime Act.

C. Access Devices Regulation Act (R.A. 8484)

Targets credit/debit card and access-device fraud: skimming, counterfeit cards, using lost/stolen cards, trafficking in card data, etc.

D. Bouncing Checks Law (B.P. 22)

Penalizes making/issuing a check that is later dishonored for insufficient funds or closed account.
Distinct from estafa under Art. 315(2)(d); both may be prosecuted because they have different elements.
Paying within the statutory window after notice of dishonor can defeat the presumption of knowledge of insufficiency.

E. Securities Regulation Code (R.A. 8799)

Outlaws unregistered securities and fraudulent sales practices (Ponzi/pyramids, misrepresentations, insider fraud).
The SEC can issue advisories, cease-and-desist orders, and penalties; criminal prosecution is possible.

F. Financial Products and Services Consumer Protection Act (R.A. 11765)

Empowers BSP, SEC, and Insurance Commission against unfair, abusive, or fraudulent acts or practices (UAFAPs) by banks, lenders, e-wallets, insurers, and other providers; sets conduct standards and redress mechanisms.

G. Internet Transactions Act of 2023

Builds platform and merchant duties in e-commerce (e.g., know-your-merchant, notice-and-takedown, local representative for cross-border sellers, disclosure and refund standards).
Targets online deceptive, unfair, or unconscionable sales acts; strengthens DTI’s hand against e-marketplace scams.

H. Anti-Financial Account Scamming Act (2023)

Criminalizes selling/buying/using “mule” bank or e-wallet accounts, account-farming, and facilitating fund flows from scams (including phishing, SIM-swap, social-engineering pay-offs).
Empowers rapid account freezes/holds and inter-FI cooperation to trace and claw back proceeds.

I. SIM Registration Act (R.A. 11934)

Requires SIM registration/verification, penalizes false information and the sale of registered SIMs—meant to curb smishing/vishing.

J. Anti-Money Laundering Act (R.A. 9160, as amended)

Estafa/swindling and related frauds are predicate crimes.
The AMLC can seek ex parte freeze orders, require reporting of suspicious transactions, and pursue civil forfeiture of scam proceeds.

K. Illegal Recruitment / Trafficking (R.A. 8042 as amended; R.A. 9208 as amended)

“Jobs abroad” rackets often fall here (besides estafa), with stiffer penalties for large-scale or syndicated recruitment.

L. Other useful statutes

Consumer Act (R.A. 7394): deceptive sales acts, warranty/returns, mail-order/door-to-door sales.
Anti-Fencing (P.D. 1612): buying/selling property knowing or should know it’s stolen (typical in gadget scams).
Anti-Graft (R.A. 3019): when public officers are involved in fraudulent schemes.

4) Civil law remedies (even without criminal conviction)

A. Fraud (dolo) vitiates consent

Civil Code treats contracts induced by fraud as voidable; the deceived party can annul and recover what was given, plus damages.
Prescription: action for annulment based on fraud generally within 4 years from discovery.

B. Damages

Possible claims under Arts. 19–21 (abuse of rights), 20 (acts contra law), 21 (willful acts contra morals), 22 (unjust enrichment), and quasi-delict (Art. 2176).
Moral, exemplary, and attorney’s fees may be awarded in proper cases.

C. Rescission / restitution / constructive trusts

Courts can unwind transactions, order restitution, and impose constructive trusts on ill-gotten assets.

D. Small Claims

For pure money claims without criminal angles, Small Claims Procedure (no lawyers required) is available up to the current monetary threshold set by the Supreme Court (raised in 2023). Check the latest threshold before filing.

5) Procedure & jurisdiction: how cases run

Where to complain (criminal): NBI (regular or Cybercrime Div.), PNP Anti-Cybercrime Group/CIDG, or the City/Provincial Prosecutor (for preliminary investigation).
Venue: typically where any element occurred (e.g., place of deceit, delivery of money, or where the victim suffered damage). Cybercrimes have expanded/extraterritorial venue rules.
Evidence: Philippine Rules on Electronic Evidence allow screenshots, emails, chats, logs, metadata, and digital signatures—with proof of authenticity and integrity (hashes/forensic process or witness with knowledge). Preserve original devices or exact forensic images where possible.
Parallel tracks: You may simultaneously (a) pursue criminal action, (b) file a civil case to recover money, and (c) trigger regulatory complaints (DTI/SEC/BSP/IC/NPC/AMLC).

Prescription (time limits):

RPC crimes: generally 15 years for afflictive, 10 years for correctional, 5 years for arresto; specialized rules apply to complex crimes.
Special laws: Act No. 3326 applies by default (4/8/12-year periods depending on maximum penalty), unless the special law states otherwise (many do).

6) Typical scam scenarios — what law usually applies

Online marketplace “ghost seller” / fake courier → Estafa; Cybercrime Act (penalty one degree higher); Internet Transactions Act duties for platforms; Consumer Act for unfair/deceptive acts.
Phishing / account takeover; SIM-swap → Computer-related fraud/identity theft (Cybercrime Act); AFASA for mule accounts; Access Devices Act if cards used; SIM Registration Act violations.
Investment/Ponzi → Securities Regulation Code (unregistered securities, fraud), P.D. 1689 (syndicated swindling) + estafa; AMLA for proceeds.
Bounced check “payment” → BP 22 and/or estafa (false pretenses).
Credit card not-present fraud / skimming → R.A. 8484; possibly Cybercrime Act and estafa.
Loan-app harassment / doxxing → Data Privacy Act violations; FCPA (unfair practices) and possibly grave coercion / other crimes.
Fake titles / double sale → Falsification, estafa, or Art. 316; possible Anti-Fencing for buyers who should have known.

7) Penalties, liability, and mitigating issues (high-level)

Amount-based penalties for theft/estafa were recalibrated by R.A. 10951; higher amounts mean higher penalties.
Online commission of any crime (RPC/special laws) typically raises the penalty by one degree (Cybercrime Act).
Restitution: Courts routinely order civil indemnity (return of money + damages).
Corporate liability: Officers/agents who participated or tolerated the fraud can be personally liable; corporations face administrative and civil exposure and, under some laws, criminal liability.
Payment/settlement: May mitigate, but usually does not extinguish criminal liability (BP 22 has its own nuances re notice and payment window).

8) Regulatory & enforcement ecosystem (who can help)

DTI / Fair Trade – deceptive sales, online merchant/platform noncompliance.
SEC Enforcement & Investor Protection – investment scams (advisories, CDOs, cases).
Bangko Sentral (BSP) & Financial Consumer Protection units – bank/e-wallet complaints, UAFAPs.
Insurance Commission (IC) – insurance/health-plan fraud and consumer issues.
AMLC – freezes, forfeiture, tracing of proceeds.
National Privacy Commission (NPC) – doxxing, unlawful processing/processing beyond consent, data breaches.
NBI / PNP-ACG – criminal investigation, cyber forensics.
DOJ-Office of Cybercrime – cyber warrants, international cooperation.

9) Evidence playbook for victims (what to keep)

Transaction records: receipts, order pages, emails, chats, call logs.
Bank/e-wallet traces: account names/numbers, reference IDs, timestamps.
Device evidence: keep the phone/PC; avoid factory resets; preserve screenshots and raw files; export chats with metadata.
Chain of custody: if you submit to law enforcement, ask for receipts and hash values of digital media where feasible.
Notice of dishonor (for BP 22): keep postal receipts/return cards or proof of actual receipt.

10) Rapid response checklist (if you’re scammed)

Call your bank/e-wallet immediately to request transaction recall/hold; provide reference IDs.
File a police/NBI report and obtain a case number.
Notify AMLC via your bank (they escalate STR/CTR as needed); for investment scams, file with the SEC; for online marketplace issues, complain to DTI and the platform.
Preserve evidence (see §9).
Consider criminal complaint (estafa/cybercrime/etc.) and a civil action to recover funds.
If personal data was exposed, report to NPC and enable account security (password resets, MFA, SIM PIN).

11) Compliance & prevention for businesses

KYC / AML: implement risk-based onboarding and monitoring; file STRs when warranted.
Platform obligations (e-commerce): know-your-merchant, takedown workflows, disclosures, refund/return policies, and a Philippine contact point for cross-border sellers.
Data privacy & security: lawful processing, privacy notices, contracts with processors, breach response plans.
Payments: strong customer authentication, velocity/behavioral controls, dispute resolution timelines.
Training: anti-phishing, social-engineering drills, check-handling controls.
Recordkeeping & audit: logs, reconciliations, exception reporting.

12) Quick Q&A

Can I charge both estafa and BP 22? Yes—different elements; not double jeopardy.
No money lost = no estafa? Damage or prejudice is an element, but attempted estafa is chargeable if execution began and failed for reasons independent of the offender’s will.
Is “budol-budol” robbery or estafa? Depends on facts—if property was voluntarily delivered due to deceit, it’s often estafa; if taken by violence/intimidation, it’s robbery.
How long do I have? Varies. As a rule of thumb: RPC crimes typically 10–15 years (depending on penalty); special laws 4/8/12 years under Act 3326 unless otherwise provided. Civil annulment for fraud: 4 years from discovery.

Final notes

Penalties and monetary thresholds (especially those amended by R.A. 10951) are technical; courts apply detailed schedules.
The Cybercrime Act’s “one-degree-higher” rule is a major aggravator for online scams.
Newer statutes (e.g., Internet Transactions Act, Anti-Financial Account Scamming Act, SIM Registration Act, Financial Consumer Protection Act) have teeth: they add platform/financial-sector duties, speed freezes/tracebacks, and create new offenses.

If you want, tell me your exact scenario (who, when, how much, what platform, what documents you have), and I’ll map it to the precise charges, venues, timelines, and next steps.