The rapid growth of the Philippine fintech landscape has expanded financial inclusion, but it has also given rise to a sophisticated breed of digital fraud: identity theft for unauthorized online loans.

Countless Filipinos open their phones to discover they are being hounded by aggressive collection agents or Online Lending Apps (OLAs) for loans they never applied for, authorized, or received. Perpetrators use stolen identification cards and leaked personal data to bypass Know-Your-Customer (KYC) protocols, pocketing the proceeds while leaving unsuspecting victims with ruined credit scores and severe psychological distress.

To hold these digital fraudsters criminally liable and clear your financial name, filing a formal complaint with the National Bureau of Investigation Cybercrime Division (NBI-CCD) is the most decisive legal step available.

1. The Legal Framework: Overlapping Criminal Statutes

Under Philippine jurisprudence, identity fraud through online lending is not a simple civil dispute between a debtor and a creditor. It is a multi-layered cybercrime prosecuted under several overlapping criminal and administrative statutes:

• Republic Act No. 10175 (Cybercrime Prevention Act of 2012): Section 4(b)(3) specifically penalizes Computer-related Identity Theft. This constitutes the intentional acquisition, use, misuse, transfer, possession, or alteration of identifying information belonging to another person without right, committed through or against a computer system.
• Revised Penal Code (RPC) – Estafa & Falsification: Perpetrators can be charged with Estafa through False Pretenses (Article 315) for deceiving the lending platform using another person's identity, and Falsification of Commercial or Public Documents (Article 172) if signatures or digital documents were forged to clear KYC checks.
• Republic Act No. 10173 (Data Privacy Act of 2012): If the identity thieves harvested your data via phishing or data breaches, or if the loan app weaponized your contact list to send "text blasts" shaming you, they are liable for Unauthorized Processing (Section 25) and Malicious Disclosure (Section 31).

2. Modus Operandi: How the Fraud Occurs

To build a strong legal case, it is essential to understand how the crime is executed. Typically, the fraud unfolds through the following mechanism:

[Data Harvest: Phishing/Breach] ➔ [Bypassing KYC via Spoofed/Stolen ID] ➔ [Loan Disbursed to Scammer's E-Wallet] ➔ [Collection Harassment Targeted at Victim]

1. Identity Harvesting: Fraudsters acquire copies of valid government IDs (such as UMID, Passport, or Driver’s Licenses) through fake job advertisements, phishing links, or black-market data dumps.
2. Mismatched Disbursements: The criminal applies for a loan using the victim’s credentials but links the disbursement method to a dummy e-wallet (GCash/Maya) or an untraceable bank account under the criminal's control.
3. The Fallout: The lending system approves the loan based on the stolen ID, but the victim never sees a single centavo. Weeks later, the victim is hit with debt collection threats, social media shaming, or unauthorized contact list blasts.

3. Step-by-Step Guide to Filing Your NBI Cybercrime Complaint

Initiating a state-level criminal investigation requires a systematic approach to preserve the digital chain of custody and ensure your evidence is admissible in court.

Step 1: Secure and Preserve Digital Evidence (Forensic Preparation)

Do not delete applications, call logs, or messages out of panic. Law enforcement requires the raw data to trace IP addresses and digital footprints.

• Take Comprehensive Screenshots: Capture the lending app’s interface showing the unauthorized loan balance, transaction reference numbers, application dates, and the specific bank/e-wallet destination where the funds were transferred.
• Log Harassing Communications: Screenshot SMS threats, Viber messages, email collection demands, or social media shaming posts. Ensure the sender’s mobile number, email address, or profile URL is completely visible.
• Secure Financial Clearance: Request an official, certified transaction history or bank statement from your bank and e-wallet providers covering the period of the alleged loan disbursement. This serves as negative evidence, proving you never received the proceeds.

Step 2: Drafting the Complaint-Affidavit

The bedrock of your criminal case is the Complaint-Affidavit. This is a formal, sworn legal statement detailing the facts of the crime. It must be structured with precision:

Essential Structure of the Complaint-Affidavit:

• Heading & Jurisdictional Clauses: "Republic of the Philippines," including the specific municipality or city where the affidavit is executed.
• Party Details: The full name, age, civil status, and residential address of the Complainant (the victim). If the true identity of the fraudster is unknown, they must be legally designated as "John Doe" or "Jane Doe" operating under the specific alias, telephone number, or corporate name of the online lending platform.
• Chronological Narrative: A clear, numbered, factual timeline explaining exactly when and how you discovered the identity theft, confirmation that you never authorized or received the loan, and details of any subsequent harassment or damage caused.
• Legal Assertions: Explicit statements detailing the violation of Section 4(b)(3) of RA 10175 and other pertinent laws.
• Prayer for Relief: A formal request asking the NBI to investigate the cybercrime, trace the dummy accounts, and endorse the case to the Department of Justice (DOJ) for preliminary investigation and prosecution.

Step 3: Formal Submission to the NBI

There are two primary pathways to lodge your formal complaint:

• Printed copies of digital evidence (marked as Annexes)

• Two (2) valid government-issued IDs

• A clean USB flash drive containing soft copies of all evidence and logs. | | Online Initial Escalation | Submit your preliminary report online through the NBI’s official portal (nbi.gov.ph) or via email at ccd@nbi.gov.ph / crd@nbi.gov.ph. | • Soft copy/PDF of the unsigned complaint

• Digital files, screenshots, and logs.

Note: Online submission flags the incident for preliminary review, but the NBI will eventually require your physical presence to swear to the affidavit before an investigating agent to formalize the criminal case. |

4. Complementary Legal Remedies: Inter-Agency Action

While the NBI handles the criminal investigation to track down and penalize the offender, you must simultaneously engage other regulatory agencies to halt the immediate fallout and shield your financial reputation.

National Privacy Commission (NPC)

If your personal data was harvested, leaked, or weaponized to blast your contact list, file an administrative complaint via the NPC’s e-portal (privacy.gov.ph). The NPC has the authority to issue Cease and Desist Orders (CDO) to pull down predatory apps and penalize companies for data security lapses.

Securities and Exchange Commission (SEC)

If the unauthorized loan is being collected by an actual registered lending company or corporation employing abusive, unfair collection practices, lodge an administrative report with the SEC’s Corporate Governance and Finance Department (cgfd_md@sec.gov.ph). The SEC enforces strict regulations against unfair debt collection and can revoke a lending company’s Certificate of Authority (CA).

Credit Information Corporation (CIC)

An unauthorized loan will severely damage your credit rating, blocking you from future legitimate loans or credit card applications. Once your NBI complaint is officially docketed, submit a copy of the report to the CIC. This allows you to officially contest and flag the fraudulent credit record, ensuring your credit history is corrected.

5. Proactive Network Damage Control

While the legal machinery turns, protect your personal network. If an identity thief or an aggressive lending app threatens to defame you to your contacts, preemptively blast a uniform message to your network:

"My identity has been compromised, and a fraudulent loan app is using my stolen credentials to scam and harass individuals. A formal criminal investigation is currently underway with the NBI Cybercrime Division. Please ignore any malicious messages or collection demands sent in my name."