Online Scam Payment via Seabank to PayMaya Complaint Philippines

Online Scam Payments Routed from SeaBank to PayMaya:

A Philippine Legal Primer and Practical Guide

1. Introduction

Digital-only banks such as SeaBank Philippines Inc. and e-money issuers like PayMaya Philippines, Inc. (now branded simply as Maya) have brought real-time fund transfers to the fingertips of Filipinos. Unfortunately, the same convenience is being exploited by scammers who persuade, manipulate, or coerce users to move money from a SeaBank account to a PayMaya wallet—often the last irreversible hop before cash-out. This article explains how the fraud usually happens, the laws it violates, and every remedial track a victim can take under Philippine law and regulation as of 30 April 2025.

2. The Actors and the Rails

Entity Regulator Licence & Key Rules
SeaBank Bangko Sentral ng Pilipinas (BSP) Digital Bank licence under M-2021-046 series; governed by BSP Circular 1105 (Digital Bank Framework), 980 (IT Risk Management), 1140 (Consumer Protection).
PayMaya / Maya BSP E-money issuer (EMI) and Virtual Asset Service Provider under Circular 649 and 1108; also covered by PESONet/InstaPay rules.
Pesonet / InstaPay BSP-regulated Automated Clearing Houses under the National Retail Payment System (NRPS).

3. Typical Scam Flow (“SeaBank → PayMaya”)

  1. Social Engineering / Phishing – The fraudster pretends to be an online seller, an HR recruiter, a crypto-investor, or even SeaBank/Maya support.
  2. Account Takeover or Induced Transfer – Victim is tricked into:
    • revealing OTPs; or
    • sending money voluntarily from their own SeaBank app to a PayMaya number controlled by the scammer.
  3. Rapid Dissipation – Funds in the PayMaya wallet are:
    • withdrawn through kiosks/ATMs,
    • moved to multiple wallets (“peeling”), or
    • converted to crypto via Maya’s built-in exchange.
  4. Money Mule Layering – Fake-KYCed wallets or recruited “money mules” launder proceeds, frustrating charge-backs.

4. Violated Statutes and Their Elements

Law Core Provisions Triggered in a SeaBank-to-PayMaya Scam
Republic Act (RA) 8484 – Access Devices Regulation Act §9(c) penalises fraudulent use or transfer of an access device; OTP/phishing qualifies. Penalty: up to 20 years if amount ≥ P50 M; otherwise graduated.
RA 10175 – Cybercrime Prevention Act §4(a)(1) (illegal access), §4(b)(1) (computer-related fraud); aggravating because committed through ICT.
RA 11765 – Financial Products and Services Consumer Protection Act (FPSCPA) Gives victims an administrative cause of action before the BSP Consumer Protection and Market Conduct Office (CPMCO) for up to ₱2 million claims.
RA 9160 / 10927 – Anti-Money Laundering Act (AMLA) Obligates SeaBank and PayMaya to file Suspicious Transaction Reports (STR) and perform Enhanced Due Diligence if they detect mule activity.
Data Privacy Act (RA 10173) Phishing and identity theft involve unauthorised processing of personal information.
Revised Penal Code (Art. 315) Traditional estafa may still apply if deceit led to the transfer.

Important: Under Art. 90 RPC and §5 RA 10175, cyber-fraud prescribes in 12 years; RA 8484 offenses in 10.

5. Complaint and Enforcement Options

5.1 Immediate Steps

  1. Freeze Request

    • Call SeaBank’s hotline and email support@seabank.com.ph.
    • File a Transaction Dispute Form with PayMaya within 24 hours.
    • Ask both to tag the transaction as contested and generate an Incident Reference Number.

  2. Prepare Evidence

    • Screenshots of chats, emails, webpages, caller IDs.
    • Device logs, SMS/OTP messages, banking transaction history.
    • Affidavit narrating timeline (notarised).

5.2 Parallel Fora

Forum Jurisdiction How to File Possible Relief
BSP CPMCO (administrative) Consumer disputes < ₱2 M (FPSCPA) Online via CAMS or letter-complaint Mandatory mediation; BSP may order restitution, fines on the bank.
PNP-ACG / NBI-CCD (criminal) Cybercrime Sworn Complaint-Affidavit + annexes Arrest, inquest, search warrant.
Office of the City/Provincial Prosecutor Estafa, RA 8484, RA 10175 File complaint after police blotter Information filed with trial court.
National Privacy Commission Data-privacy breach Online complaint form Compliance orders, administrative fines.
Civil Action (RTC or MTC) Restitution, damages Verified complaint, docket fees Monetary award; garnishment of mule assets.

Tip: File administrative and criminal cases simultaneously; the administrative track is faster (30-45 days average).

6. Duties of SeaBank and PayMaya

  1. Know-Your-Customer (KYC) – BSP Circular 1108 and AMLC 2021 New Rules require face-liveness checks and device binding; failure can be cited as negligence.
  2. Real-Time Anti-Fraud Monitoring – Circular 1140 obliges both institutions to implement AI-based anomaly detection and to auto-pause unusual first-time transfers.
  3. Dispute Timeframes – Under the InstaPay/PESONet Memorandum of Agreement (2024 update), recipient institutions must return funds within 2 hours of a valid Recall Request if balance remains.
  4. Consumer Redress Mechanism – FPSCPA and Circular 1169 mandate a single touch-point complaint desk and resolution within 15 business days.

Failure to comply exposes the institution to administrative fines up to ₱200,000 per transaction and revocation of licence for habitual non-compliance.

7. Litigation Strategy Checklist

Stage Key Deliverables
Demand Letter Cite RA 11765, require refund under operational liability within 5 days.
Temporary Restraining Order (TRO) Possible if funds still traceable; file with RTC to stop withdrawal.
Motion to Preserve Computer Data (Rule on Cybercrime Warrants) Let investigators compel PayMaya to keep logs beyond 6 months retention.
Civil Action for Damages Include moral and exemplary damages if emotional distress, plus attorney’s fees (Art. 2208 NCC).
Settlement Banks often offer ex-gratia 20-50 % refund to avoid precedent—negotiate.

8. Best Practices for Victims and Counsel

  • Enable biometric and device-binding on SeaBank and PayMaya apps.
  • Never share OTPs; remember banks will never ask for them.
  • Use a distinct email-address-per-bank strategy to limit phishing success.
  • Insist on obtaining the InstaPay Recall Reference ID—it proves the bank sought claw-back.
  • Lawyers should calendar the 10-day period under §4 FPSCPA for a bank’s first reply; silence speeds up escalation to BSP.

9. Regulatory Outlook (2025-2026)

  • BSP Draft Circular on Digital Identity (expected Q3 2025) will require PhilSys-based e-KYC, choking mule creation.
  • AMLC’s 2025 STR API will automate real-time suspicious-transaction flagging between EMIs and law enforcement.
  • A Senate bill proposes mandatory fund-reversal window of 72 hours for scam transfers under ₱20 k—watch this space.

10. Conclusion

SeaBank-to-PayMaya scams thrive on speed and social engineering, but Philippine law arms victims with criminal, civil, and administrative weapons—bolstered by the new Financial Products and Services Consumer Protection Act. Effective redress hinges on rapid evidence preservation, parallel filing, and invoking regulators’ expanded powers to freeze and claw back illicit transfers. With diligent follow-through, many victims have recovered funds or at least secured indictments, sending a clear signal that the convenience of digital finance in the Philippines need not come at the cost of accountability.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login