NBI Cybercrime Complaint for Loan Identity Theft

I. Introduction

Loan identity theft has become one of the most common digital-age financial abuses in the Philippines. It usually happens when a person’s name, mobile number, identification documents, selfie, address, employment details, or other personal information are used without authority to apply for a loan, cash advance, installment credit, buy-now-pay-later account, e-wallet credit line, online lending app loan, or similar financial product.

The victim often learns about the fraud only after receiving collection calls, threatening messages, demand letters, credit-score damage, workplace harassment, or public shaming by collectors. In worse cases, the victim’s contacts are scraped from a phone, the victim is falsely tagged as a debtor, or the victim’s identity is used repeatedly across different platforms.

In the Philippines, a victim may file a cybercrime complaint with the National Bureau of Investigation Cybercrime Division, commonly referred to as the NBI Cybercrime Division or NBI-CCD. Depending on the facts, the complaint may involve identity theft, computer-related fraud, misuse of personal data, cyber libel, unjust vexation, grave threats, coercion, extortion, harassment by online lending collectors, falsification, estafa, and violations of data privacy rules.

This article explains the legal framework, common scenarios, evidence needed, complaint process, remedies, and practical steps for victims of loan identity theft in the Philippines.

II. What Is Loan Identity Theft?

Loan identity theft occurs when another person uses someone else’s personal information without consent to obtain or attempt to obtain credit, money, goods, or financial services.

In the online lending context, this may include unauthorized use of:

  1. Full name;
  2. Mobile number;
  3. Email address;
  4. Home address;
  5. Date of birth;
  6. Government-issued ID;
  7. Taxpayer Identification Number, Social Security System number, Government Service Insurance System number, PhilHealth number, or Pag-IBIG details;
  8. Selfie or facial image;
  9. Signature;
  10. Employment information;
  11. Bank account or e-wallet account;
  12. Contact list;
  13. Social media profile;
  14. Device, SIM card, or account credentials.

The fraud may be committed by a stranger, a scammer, a rogue lending app agent, a former partner, a relative, a co-worker, a person who previously had access to the victim’s ID, or a syndicate engaged in online loan fraud.

III. Common Forms of Loan Identity Theft

A. Unauthorized Online Loan Application

The most direct form occurs when a fraudster applies for a loan using the victim’s identity. The lender or loan app may later demand payment from the victim even though the victim never borrowed money.

B. Use of Stolen ID or Selfie

Some online lenders require a photograph of a government-issued ID and a selfie. Scammers may obtain these through phishing, fake job applications, fake verification links, bogus raffle forms, SIM registration scams, or previous transactions.

C. SIM or Account Takeover

A criminal may gain control of the victim’s mobile number, email, e-wallet, or social media account and use it to pass verification checks for a loan.

D. Contact-List Harassment

Some lending apps or collectors contact the victim’s family, friends, employer, or co-workers. They may falsely claim that the victim is a delinquent borrower, guarantor, co-maker, or reference.

E. Fake Co-Maker or Reference Listing

A person may be listed as a guarantor, co-maker, emergency contact, or reference without consent. A reference is not automatically liable for a loan. A person becomes legally bound only if there is a valid contract or undertaking showing consent to be liable.

F. Repeated Applications Across Multiple Apps

Identity thieves may submit the same stolen documents to several online lending platforms, resulting in repeated collection attempts and reputational damage.

G. Blackmail or Extortion Disguised as Collection

Some collectors threaten to post the victim’s photo, contact relatives, report the victim to an employer, fabricate criminal accusations, or shame the victim online unless payment is made.

IV. Principal Laws That May Apply

A. Cybercrime Prevention Act of 2012

The Cybercrime Prevention Act penalizes certain offenses committed through or with the use of information and communications technology. Loan identity theft may fall under computer-related identity theft, computer-related fraud, and other cyber-enabled offenses depending on the specific facts.

Computer-related identity theft generally involves the intentional acquisition, use, misuse, transfer, possession, alteration, or deletion of identifying information belonging to another person, whether natural or juridical, without right.

Computer-related fraud may be involved where a person uses unauthorized data, false information, or computer systems to obtain money, credit, or financial benefit.

If threats, libelous posts, extortion messages, or defamatory statements are made online, other cybercrime provisions may also become relevant.

B. Revised Penal Code

Depending on the conduct, the Revised Penal Code may apply to:

  1. Estafa, if deceit is used to obtain money or property;
  2. Falsification, if documents, signatures, IDs, or electronic records are falsified;
  3. Grave threats, if the victim is threatened with harm;
  4. Grave coercion, if the victim is forced to pay or do something against their will;
  5. Unjust vexation, if harassment causes annoyance, distress, or disturbance;
  6. Slander or libel, if defamatory statements are made;
  7. Other fraud-related offenses depending on the evidence.

C. Data Privacy Act of 2012

The Data Privacy Act protects personal information and sensitive personal information. Loan identity theft often involves unauthorized processing, use, disclosure, or retention of personal data.

Victims may consider filing a complaint with the National Privacy Commission if their personal data was misused by a company, online lending app, collector, employer, platform, or data handler.

Sensitive personal information includes government identifiers, health information, biometrics, and other protected data. Unauthorized use of a victim’s ID, selfie, financial details, or contact list may raise data privacy issues.

D. Lending Company Regulation Act, Financing Company Rules, and SEC Regulations

Many online lending apps and financing companies are regulated by the Securities and Exchange Commission. The SEC has issued rules and advisories addressing abusive debt collection, unfair practices, disclosure obligations, and registration requirements for lending and financing companies.

If the complaint involves a lending company, financing company, or online lending app, a victim may file a separate complaint with the SEC, especially where there are abusive collection practices, privacy violations, threats, shaming, or operation without proper authority.

E. Consumer Protection and Financial Regulations

If the loan involves banks, financing companies, credit cards, e-wallets, payment platforms, or financial service providers, additional remedies may exist through the Bangko Sentral ng Pilipinas, the financial institution’s dispute resolution process, or consumer assistance channels.

V. Why File with the NBI Cybercrime Division?

The NBI Cybercrime Division is a law enforcement unit that investigates cybercrime and technology-enabled offenses. A victim may approach the NBI when the identity theft, loan fraud, harassment, or extortion involves digital systems, online lending platforms, mobile applications, electronic messages, fake accounts, emails, or online posts.

Filing with the NBI may help the victim:

  1. Create an official law enforcement record;
  2. Preserve and present evidence;
  3. Request investigation of unknown perpetrators;
  4. Identify account owners, phone numbers, IP logs, email addresses, platform accounts, or digital traces where legally obtainable;
  5. Support disputes with lenders, collectors, banks, and credit bureaus;
  6. Support later prosecution before the prosecutor’s office;
  7. Show that the victim is disputing the loan as fraudulent and unauthorized.

VI. When Should a Victim File an NBI Cybercrime Complaint?

A victim should consider filing promptly if:

  1. A loan was opened without consent;
  2. The victim is being asked to pay a loan they did not obtain;
  3. The victim’s ID, selfie, or personal information was used without permission;
  4. Collectors are harassing the victim or their contacts;
  5. Threatening, defamatory, or humiliating messages were sent online;
  6. The victim’s employer, relatives, or friends were contacted;
  7. The victim’s name appears in lending app records despite no transaction;
  8. The victim suspects account takeover, SIM takeover, or phishing;
  9. The victim’s credit standing has been affected;
  10. There is a risk of repeated misuse of the victim’s identity.

Delay can make digital evidence harder to preserve. Screenshots may be deleted, accounts may disappear, SIM cards may be abandoned, and apps may change records.

VII. Evidence Needed for an NBI Cybercrime Complaint

A strong complaint depends on organized evidence. Victims should preserve both digital and printed copies.

A. Proof of Identity

Prepare:

  1. Government-issued ID;
  2. Proof of address, if relevant;
  3. Contact details;
  4. Any proof that the ID used in the fraudulent loan belongs to the victim.

B. Proof That the Loan Was Unauthorized

Useful evidence includes:

  1. Written denial or affidavit stating that the victim did not apply for the loan;
  2. Screenshots of loan demands;
  3. Loan account numbers, reference numbers, or app names;
  4. Messages from collectors;
  5. Emails from lenders;
  6. Demand letters;
  7. Credit report entries, if available;
  8. Records showing the victim did not receive the loan proceeds;
  9. Bank or e-wallet statements showing no disbursement to the victim;
  10. Proof that the mobile number, email, or bank account used was not controlled by the victim, if applicable.

C. Screenshots and Digital Records

Screenshots should show:

  1. Sender name or number;
  2. Date and time;
  3. Full message content;
  4. App or platform used;
  5. Profile name and profile URL if from social media;
  6. Phone number or email address;
  7. Group chat name, if applicable;
  8. Threats, defamatory statements, or payment demands.

Do not crop out dates, phone numbers, URLs, account names, or context.

D. Call Logs and Voice Records

If collectors called the victim or their contacts, preserve:

  1. Call logs;
  2. Phone numbers;
  3. Date and time of calls;
  4. Recordings, if legally and safely obtained;
  5. Transcripts or notes of what was said;
  6. Names used by the caller.

E. Evidence from Contacts

If relatives, friends, or co-workers were contacted, ask them to preserve:

  1. Screenshots of messages;
  2. Caller numbers;
  3. Voice recordings, if available;
  4. Written statements;
  5. Their own account of what happened.

F. App and Website Information

Collect:

  1. Name of lending app;
  2. App store link;
  3. Website;
  4. Company name;
  5. SEC registration details, if known;
  6. Email address or hotline;
  7. Privacy policy;
  8. Terms and conditions;
  9. Collection agency name, if disclosed.

G. Evidence of Data Breach or Phishing

If the identity theft began from a scam, preserve:

  1. Phishing links;
  2. Fake forms;
  3. Emails or SMS messages;
  4. Transaction history;
  5. Fake job posts;
  6. Chat with scammers;
  7. Account login alerts;
  8. SIM replacement notices;
  9. OTP messages.

H. Financial Records

Prepare:

  1. Bank statements;
  2. E-wallet transaction history;
  3. Loan disbursement records;
  4. Proof that the victim did not receive proceeds;
  5. Proof of unauthorized deductions, if any.

VIII. How to Preserve Digital Evidence

Digital evidence must be preserved carefully because it can be challenged.

A victim should:

  1. Take screenshots immediately;
  2. Export conversations where possible;
  3. Save original messages and avoid deleting them;
  4. Back up evidence to cloud storage or external drive;
  5. Record URLs, usernames, phone numbers, dates, and times;
  6. Print copies for filing;
  7. Keep the original device if possible;
  8. Avoid editing screenshots;
  9. Avoid engaging in unnecessary arguments with collectors or scammers;
  10. Keep a chronological incident log.

For serious cases, a victim may request assistance from the NBI or another qualified authority in preserving digital evidence.

IX. Preparing the Complaint-Affidavit

The complaint-affidavit is the victim’s sworn narrative. It should be clear, factual, chronological, and supported by attachments.

A. Basic Contents

A complaint-affidavit should generally include:

  1. Full name, age, citizenship, civil status, address, and contact details of the complainant;
  2. Statement that the complainant is the victim of loan identity theft;
  3. Description of how the victim discovered the fraudulent loan;
  4. Statement that the victim did not apply for, authorize, receive, benefit from, or consent to the loan;
  5. Details of the lending app, collector, account, phone numbers, emails, and persons involved;
  6. Description of harassment, threats, defamatory posts, or contact-list abuse, if any;
  7. Explanation of damage suffered;
  8. List of evidence attached;
  9. Request for investigation and prosecution;
  10. Signature and jurat before an authorized officer.

B. Important Statements to Include

The victim should clearly state:

  1. “I did not apply for the loan.”
  2. “I did not authorize anyone to use my identity or personal information.”
  3. “I did not receive the proceeds of the loan.”
  4. “I did not consent to be a borrower, co-maker, guarantor, or reference.”
  5. “I dispute the alleged debt as fraudulent.”
  6. “I request investigation for identity theft, cybercrime, fraud, harassment, threats, and other offenses supported by the evidence.”

The wording must match the facts. False statements in an affidavit may create legal exposure.

X. Filing Procedure with the NBI Cybercrime Division

The exact procedure may vary depending on the NBI office, but the usual steps are:

  1. Prepare a written complaint-affidavit;
  2. Organize all evidence and attachments;
  3. Bring valid identification;
  4. Visit or contact the NBI Cybercrime Division or the nearest NBI office handling cybercrime complaints;
  5. Submit the complaint and evidence;
  6. Give a sworn statement or supplemental statement if required;
  7. Allow the investigating agent to review the case;
  8. Provide devices, screenshots, links, phone numbers, or accounts for technical evaluation if requested;
  9. Cooperate with follow-up questions;
  10. Obtain receiving copies, reference numbers, or proof of filing.

In some cases, the NBI may refer the complainant to another agency, coordinate with platforms, or advise filing a complaint with the prosecutor’s office after investigation.

XI. Can a Victim File Against an Unknown Person?

Yes. Many cybercrime complaints begin against an unknown person, often described as “John Doe,” “Jane Doe,” unknown account user, unknown mobile number owner, unknown online lending app agent, or unknown collector.

The complaint should identify all available digital traces, such as:

  1. Phone numbers;
  2. Email addresses;
  3. Usernames;
  4. Profile URLs;
  5. App names;
  6. Transaction references;
  7. Bank or e-wallet accounts;
  8. IP-related records, if known;
  9. Device or login alerts;
  10. Names used in messages.

Law enforcement may investigate further and identify responsible persons if sufficient leads exist.

XII. Potential Respondents

Depending on the evidence, possible respondents may include:

  1. The person who used the victim’s identity;
  2. The person who submitted the loan application;
  3. The holder of the receiving bank or e-wallet account;
  4. The collector who made threats or defamatory statements;
  5. The operator of the lending app;
  6. The collection agency;
  7. Officers, employees, or agents who participated in unlawful conduct;
  8. Unknown persons behind fake accounts, SIM numbers, or fraudulent applications.

Not every company is automatically criminally liable simply because fraud occurred through its platform. Liability depends on participation, negligence, knowledge, authorization, benefit, or specific legal duties.

XIII. Remedies Against the Lending Company or Online Lending App

A victim should separately notify the lender in writing that the loan is fraudulent and disputed.

The notice should demand:

  1. Immediate suspension of collection activity;
  2. Investigation of the fraudulent account;
  3. Copies of the alleged loan documents;
  4. Proof of application, consent, disbursement, and identity verification;
  5. Deletion or correction of inaccurate data;
  6. Removal of the victim from borrower, guarantor, co-maker, or reference records;
  7. Cessation of contact with the victim’s relatives, employer, or contacts;
  8. Written confirmation that the victim is not liable;
  9. Correction of any credit reporting entry;
  10. Preservation of records for investigation.

The victim should send the notice through traceable means, such as email, registered mail, customer support ticket, or official complaint channel.

XIV. Are Victims Required to Pay the Fraudulent Loan?

A person is generally not liable for a loan they did not apply for, authorize, receive, sign, accept, or benefit from.

However, the victim should not ignore the matter. The victim must actively dispute the account and document the dispute. Silence may allow the lender or collector to continue collection efforts, report the account, or pressure the victim.

The victim should never pay merely to stop harassment unless advised by counsel after reviewing the consequences. Payment may be misinterpreted as acknowledgment of the debt, depending on the circumstances.

XV. What If the Victim Was Listed Only as a Reference?

A reference is not the same as a borrower, co-maker, or guarantor. A reference is usually a person listed for contact or verification. Being named as a reference does not automatically create liability.

If a collector demands payment from a mere reference, the reference may respond that:

  1. They did not borrow money;
  2. They did not sign as guarantor or co-maker;
  3. They did not consent to be contacted for collection;
  4. They demand removal of their personal information;
  5. Further harassment may be reported to authorities.

XVI. What If the Victim’s Contacts Are Being Harassed?

Contact-list harassment is common in abusive online lending cases. Collectors may message relatives, friends, co-workers, or employers with accusations such as “scammer,” “runaway debtor,” “fraudster,” or “wanted.”

This may raise issues involving:

  1. Data privacy violations;
  2. Cyber libel;
  3. Grave threats;
  4. Unjust vexation;
  5. Coercion;
  6. Harassment;
  7. Unfair debt collection practices.

Victims should collect screenshots from all contacted persons and include them in the NBI complaint and any complaint to the National Privacy Commission or SEC.

XVII. Cyber Libel in Loan Collection Cases

Cyber libel may arise when a collector or other person publicly posts or sends defamatory statements through online channels. For example, if a collector posts the victim’s photo on social media and falsely calls the victim a criminal, scammer, or thief, this may support a cyber libel complaint.

Private messages can also be relevant, but whether they constitute libel depends on publication to a third person and the surrounding facts. If defamatory statements are sent to the victim’s relatives, employer, group chats, or social media contacts, the publication element may be easier to establish.

XVIII. Threats, Coercion, and Extortion

Some collectors threaten to:

  1. Post the victim’s face online;
  2. Contact the victim’s employer;
  3. Shame the victim’s family;
  4. Fabricate a criminal case;
  5. Visit the victim’s home;
  6. Harm the victim;
  7. Expose private information;
  8. Send edited photos or defamatory notices.

These may support complaints for threats, coercion, unjust vexation, extortion-related conduct, or other offenses depending on the wording and proof.

A victim should preserve the exact words used. The difference between a lawful demand and an unlawful threat often depends on the content, tone, frequency, and method of communication.

XIX. Data Privacy Remedies

The victim may file or consider filing a complaint with the National Privacy Commission where personal data was unlawfully collected, used, shared, retained, accessed, or disclosed.

Possible data privacy issues include:

  1. Use of a victim’s ID without consent;
  2. Unauthorized processing of sensitive personal information;
  3. Scraping and contacting the victim’s phone contacts;
  4. Disclosure of alleged debt to third parties;
  5. Public shaming;
  6. Refusal to correct inaccurate personal data;
  7. Refusal to delete unauthorized records;
  8. Failure to secure personal information;
  9. Processing data beyond legitimate purpose.

The victim may also exercise data subject rights, including the right to access, correction, objection, erasure or blocking, and damages where applicable.

XX. SEC Complaints Against Online Lending Apps

If the case involves an online lending app, lending company, or financing company, the victim may consider filing a complaint with the SEC.

The complaint may involve:

  1. Abusive collection practices;
  2. Misleading or unfair loan terms;
  3. Unauthorized disclosure of borrower or non-borrower information;
  4. Harassment of contacts;
  5. Threats and shaming;
  6. Unregistered or unauthorized lending activity;
  7. False representation by collectors;
  8. Failure to act on identity theft reports.

The SEC complaint is administrative or regulatory in nature. It may complement, but does not necessarily replace, criminal complaints with law enforcement.

XXI. Complaints with Banks, E-Wallets, and Financial Platforms

If the fraudulent loan proceeds were sent to a bank or e-wallet account, the victim may report the receiving account to the bank, e-wallet provider, or financial institution. The victim should request account freezing or investigation where appropriate, subject to the institution’s rules and applicable law.

If the victim’s own bank or e-wallet account was compromised, the victim should immediately:

  1. Change passwords;
  2. Revoke device access;
  3. Report unauthorized transactions;
  4. Request account blocking if needed;
  5. File a dispute;
  6. Preserve transaction history;
  7. Report the incident to law enforcement.

XXII. Credit Reporting Issues

Fraudulent loans can damage a victim’s credit profile. A victim should request correction, deletion, or dispute of inaccurate credit entries.

The victim should submit:

  1. NBI complaint proof or police blotter, if available;
  2. Affidavit of denial;
  3. Government ID;
  4. Written dispute to the lender;
  5. Evidence that the loan was unauthorized;
  6. Any lender acknowledgment or investigation result.

The victim should demand that the lender stop reporting the fraudulent account and correct any adverse entry.

XXIII. Police Blotter Versus NBI Cybercrime Complaint

A police blotter creates a record of an incident at a police station. It may be useful for documentation, immediate threats, or local incidents.

An NBI cybercrime complaint is more appropriate where the case involves digital identity theft, online lending platforms, cyber harassment, fake accounts, electronic evidence, or technical tracing.

A victim may do both. A blotter can support the record, while the NBI complaint can trigger cybercrime investigation.

XXIV. Barangay Proceedings

Barangay conciliation may be relevant for disputes between individuals residing in the same city or municipality, especially if the suspect is known and the matter falls within barangay jurisdiction.

However, cybercrime, serious criminal offenses, unknown online perpetrators, corporate respondents, or cases requiring urgent law enforcement action may not be suitable for barangay settlement. Victims should avoid treating identity theft as a mere personal debt dispute.

XXV. Sample Evidence Checklist

A victim should prepare a folder containing:

  1. Complaint-affidavit;
  2. Valid government ID;
  3. Chronology of events;
  4. Screenshots of all messages;
  5. Call logs;
  6. Phone numbers used by collectors;
  7. Names and profiles of senders;
  8. App name and company information;
  9. Loan reference number;
  10. Demand letters;
  11. Proof of non-receipt of loan proceeds;
  12. Bank and e-wallet statements;
  13. Screenshots from contacted relatives or co-workers;
  14. Social media posts, URLs, and group chat messages;
  15. Proof of account takeover or phishing;
  16. Prior written dispute sent to the lender;
  17. Any response from the lender;
  18. Credit report, if affected;
  19. Police blotter, if already filed;
  20. Other supporting documents.

XXVI. Sample Structure of a Complaint-Affidavit

A complaint-affidavit may follow this structure:

Republic of the Philippines City/Municipality of __________

Affidavit-Complaint

I, [name], of legal age, Filipino, [civil status], and residing at [address], after being duly sworn, state:

  1. I am the complainant in this case.
  2. I recently discovered that my personal information was used in connection with an alleged loan from [name of app/company].
  3. I categorically deny applying for, authorizing, receiving, or benefiting from said loan.
  4. I did not give any person authority to use my name, identification documents, mobile number, image, address, or other personal information for any loan application.
  5. On [date], I received [messages/calls/emails] from [number/person/company] demanding payment.
  6. The messages stated [brief description].
  7. I was also informed that [relatives/friends/employer] received messages about the alleged loan.
  8. Attached are screenshots, call logs, and other evidence showing the unauthorized use of my identity and the harassment committed against me.
  9. Because of these acts, I suffered anxiety, reputational harm, disturbance, and risk of financial and credit damage.
  10. I respectfully request investigation for identity theft, computer-related fraud, cyber harassment, threats, data privacy violations, and such other offenses as the evidence may support.

In witness whereof, I sign this affidavit on [date] at [place].

[Signature] [Name]

Subscribed and sworn to before me on [date] at [place].

This is only a structural sample. A final affidavit should be tailored to the actual facts and reviewed carefully before signing.

XXVII. Demand Letter to the Lending Company

A victim may send a dispute letter to the lending company. It may state:

  1. The victim disputes the alleged loan;
  2. The victim denies applying for or receiving the loan;
  3. The victim demands investigation;
  4. The victim demands suspension of collection;
  5. The victim demands cessation of contact with third parties;
  6. The victim demands correction or deletion of records;
  7. The victim demands preservation of all loan application records;
  8. The victim reserves the right to file complaints with the NBI, NPC, SEC, BSP, and other agencies.

A written dispute is important because it creates a paper trail and places the lender on notice.

XXVIII. What Records Should the Victim Demand from the Lender?

The victim may request:

  1. Copy of the loan application;
  2. Date and time of application;
  3. Device, IP, or account logs, if available and legally disclosable;
  4. Mobile number used;
  5. Email address used;
  6. Bank or e-wallet account where proceeds were disbursed;
  7. Uploaded ID;
  8. Uploaded selfie or biometric verification;
  9. E-signature or consent record;
  10. Loan agreement;
  11. Disclosure statement;
  12. Collection notes;
  13. Third-party collection agency details;
  14. Basis for processing the victim’s personal data;
  15. Basis for reporting the account to credit bureaus.

The lender may refuse to disclose some technical or security data directly, but the request still helps preserve issues for investigation.

XXIX. What Not to Do

A victim should avoid:

  1. Paying the loan without written reservation or legal advice;
  2. Deleting messages;
  3. Arguing emotionally with collectors;
  4. Sending more IDs to unverified collectors;
  5. Clicking suspicious links;
  6. Installing unknown apps;
  7. Giving OTPs;
  8. Posting sensitive documents publicly;
  9. Threatening collectors in return;
  10. Signing settlement documents without understanding them;
  11. Ignoring demand letters;
  12. Assuming a reference is automatically liable;
  13. Assuming the matter is only civil when identity theft is involved.

XXX. Immediate Safety Steps for Victims

The victim should:

  1. Change passwords for email, social media, e-wallets, and banking apps;
  2. Enable two-factor authentication;
  3. Check SIM registration and account recovery settings;
  4. Revoke access to unknown devices;
  5. Report compromised accounts;
  6. Notify banks and e-wallets;
  7. Inform close contacts not to entertain collectors or scammers;
  8. Preserve all evidence;
  9. Send a written dispute to the lender;
  10. File with the NBI Cybercrime Division where appropriate.

XXXI. Possible Legal Outcomes

Depending on the evidence, possible outcomes include:

  1. NBI investigation;
  2. Identification of suspects;
  3. Referral for inquest or preliminary investigation;
  4. Filing of criminal complaint before the prosecutor;
  5. Administrative complaint against lending company or collector;
  6. Data privacy investigation;
  7. Correction or cancellation of fraudulent loan record;
  8. Cessation of collection;
  9. Credit record correction;
  10. Settlement or written clearance from lender;
  11. Prosecution of responsible persons.

Not every complaint results in immediate prosecution. Cybercrime cases often require sufficient evidence linking specific persons to the fraudulent act.

XXXII. Defenses and Issues That May Arise

A lender or collector may claim:

  1. The application passed verification;
  2. The victim’s ID and selfie were submitted;
  3. OTP verification was completed;
  4. The loan proceeds were disbursed;
  5. The victim’s phone number or email was used;
  6. The victim benefited from the loan;
  7. The victim is merely avoiding payment.

The victim should counter with evidence showing:

  1. No consent;
  2. No receipt of proceeds;
  3. No control over the account used;
  4. Compromised identity documents;
  5. Prompt dispute;
  6. Inconsistent application details;
  7. Unauthorized use of personal data;
  8. Harassment or unlawful collection conduct.

The central issue is not merely whether the lender has documents, but whether the victim actually consented, applied, received, or benefited from the loan.

XXXIII. Civil Liability and Damages

Victims may suffer financial loss, reputational harm, anxiety, emotional distress, business disruption, employment embarrassment, or credit damage. Depending on the facts and applicable law, a victim may pursue damages against responsible persons.

Possible claims may involve:

  1. Actual damages;
  2. Moral damages;
  3. Exemplary damages;
  4. Attorney’s fees;
  5. Costs of suit;
  6. Data privacy-related damages;
  7. Civil liability arising from crime.

Civil remedies require proof of damage and causal connection.

XXXIV. Prescription and Urgency

Victims should act promptly. Different offenses have different prescriptive periods, and delays may weaken evidence. Digital evidence is volatile. SIM cards, fake accounts, app records, and logs may disappear.

Prompt reporting also helps show good faith and supports the victim’s position that the alleged debt is disputed and fraudulent.

XXXV. Practical Complaint Strategy

A strong strategy may involve parallel action:

  1. File an NBI cybercrime complaint;
  2. Send a written dispute to the lender;
  3. File a complaint with the National Privacy Commission if data misuse is involved;
  4. File a complaint with the SEC if an online lending app or financing company is involved;
  5. Notify banks, e-wallets, or payment platforms;
  6. Dispute credit report entries;
  7. Preserve evidence from all contacted third parties;
  8. Consult a lawyer for affidavit preparation, prosecution strategy, or civil claims.

Parallel action is often necessary because one agency may handle criminal investigation, another may handle data privacy, another may handle lending regulation, and another may handle financial consumer complaints.

XXXVI. Frequently Asked Questions

1. Can I file with the NBI even if I do not know who used my identity?

Yes. You may file against unknown persons and provide phone numbers, account names, app names, email addresses, links, and other digital traces.

2. Am I liable if my ID was used but I never applied for the loan?

Generally, no. A person is not bound by a loan they did not authorize, sign, accept, or benefit from. But you should dispute the loan immediately and preserve proof.

3. Is being listed as a reference the same as being a guarantor?

No. A reference is not automatically liable. A guarantor or co-maker obligation requires consent and a valid undertaking.

4. Can collectors message my employer or relatives?

Debt collectors should not harass, shame, threaten, or unlawfully disclose personal information. Contacting third parties in abusive ways may raise legal and regulatory issues.

5. Should I pay to stop the harassment?

Payment may create complications. It is better to dispute the loan in writing, file complaints where appropriate, and seek legal advice before paying a debt you deny.

6. Can I complain to the National Privacy Commission?

Yes, if your personal data was unlawfully used, disclosed, retained, or processed.

7. Can I complain to the SEC?

Yes, if the issue involves a lending company, financing company, or online lending app engaged in abusive or unlawful practices.

8. What if the loan app is not registered?

Report the app to the proper authorities and preserve evidence of its name, website, app store listing, messages, and collection activity.

9. Can I sue for damages?

Possibly, depending on proof of wrongdoing, damage, and the responsible persons. A lawyer can assess whether a civil case, criminal complaint, or administrative complaint is strongest.

10. Is an NBI complaint enough to erase the loan?

Not automatically. You should also directly dispute the loan with the lender and request correction or deletion of records.

XXXVII. Conclusion

Loan identity theft is not merely a debt collection problem. It may involve cybercrime, fraud, falsification, data privacy violations, abusive lending practices, harassment, threats, and reputational injury.

A victim should act quickly, preserve evidence, file a clear complaint-affidavit, dispute the loan in writing, and pursue the appropriate remedies before the NBI Cybercrime Division, National Privacy Commission, Securities and Exchange Commission, financial regulators, credit reporting channels, and courts where necessary.

The most important points are simple: do not admit a loan you did not make, do not delete evidence, do not ignore collection activity, and do not allow unauthorized use of your identity to go unchallenged. Prompt documentation and coordinated complaints can protect the victim’s legal rights, financial standing, privacy, and reputation.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login