I. Introduction
In the Philippines, “unauthorized charges” typically refer to transactions debited from a consumer’s bank account, credit card, debit card, e-wallet (GCash, Maya, etc.), or prepaid load without the consumer did not make, did not authorize, or were the result of fraud, error, or merchant abuse. Philippine law and Bangko Sentral ng Pilipinas (BSP) regulations provide strong consumer protection in these cases, and the cardholder or account holder is almost always entitled to a full refund plus interest or damages when applicable.
II. Governing Laws and Regulations
Republic Act No. 10870 – Philippine Credit Card Industry Regulation Law (2016)
- Section 9: Liability of Cardholders for Unauthorized Transactions
→ Cardholder liability is limited to ₱0 if the unauthorized transaction is reported within the prescribed period and there is no gross negligence on the part of the cardholder. - Section 10: Zero Liability Rule
→ Cardholder shall have zero liability if:
(a) the unauthorized transaction was reported promptly;
(b) the card was not lost or stolen or stolen (or if lost/stolen, was reported immediately); and
(c) the cardholder did not contribute to the unauthorized use through gross negligence or fraud.
- Section 9: Liability of Cardholders for Unauthorized Transactions
Republic Act No. 8792 – Electronic Commerce Act of 2000
- Recognizes electronic transactions and digital signatures; provides the legal backbone for e-wallet and online banking disputes.
Republic Act No. 10175 – Cybercrime Prevention Act of 2012
- Computer-related identity theft and fraud are criminal offenses.
Bangko Sentral ng Pilipinas Circulars (most important ones as of 2025):
- BSP Circular No. 808 (2013) – Credit Card Operations
- BSP Circular No. 1098 (2020) – Electronic Payment and Financial Services (EPFS) Consumer Protection
- BSP Circular No. 1161 (2023) – Amendments strengthening consumer protection for digital payments
- BSP Circular No. 1191 (2024) – Revised guidelines on unauthorized electronic fund transfers
Key provisions:
• Banks and EMI (Electronic Money Issuers such as GCash, Maya, GrabPay, Starpay, etc.) must refund unauthorized transactions within prescribed timelines.
• Maximum resolution period: 10 banking days from receipt of written complaint (or 45 days in exceptional cases).
• Re-crediting must include interest earned (for savings/current accounts) or finance charges reversed (for credit cards).
Republic Act No. 7394 – Consumer Act of the Philippines
- Articles 50–67 on deceptive sales acts and practices, product/service standards, and consumer redress.
Republic Act No. 11055 – Philippine Identification System Act and Data Privacy Act (RA 10173)
- Relevant when identity theft cases.
III. Types of Unauthorized Charges Commonly Encountered
| Type | Common Examples | Typical Liability of Consumer |
|---|---|---|
| Card-not-present fraud | Online shopping using stolen card details | Zero |
| Counterfeit card fraud | Skimming, cloned cards | Zero |
| Lost/stolen card | Physical card used after loss/theft | Zero if reported promptly |
| Account takeover | Hacking of internet banking / e-wallet | Zero if no gross negligence |
| Merchant abuse / double charge | Merchant charges twice or more than agreed | Zero |
| Billing error | Wrong amount posted by bank or merchant | Zero |
| Phishing / social engineering | Victim tricked into giving OTP or credentials | Usually zero unless gross negligence proven |
IV. Step-by-Step Procedure to Get a Refund
Immediate Notification (Critical)
- Credit/Debit Cards: Call the 24/7 hotline of the issuing bank immediately (within minutes or hours if possible).
- E-wallets (GCash, Maya, etc.): Use the in-app “Report a Problem” or call customer service hotline.
- Banks: Report the unauthorized transaction within 24–48 hours if possible. The sooner, the stronger your position.
Block / Freeze the Account or Card
- Request immediate blocking to prevent further unauthorized transactions.
File a Formal Written Dispute
- Submit a written dispute letter or accomplished Dispute Form (most banks have downloadable forms).
- Include:
• Full name, card/account number
• Date and amount of unauthorized transaction(s)
• Merchant name (if shown)
• Statement that the transaction was unauthorized
• Affidavit of Unauthorized Transaction (notarized in some banks now require a notarized affidavit) - Mode of submission: email, in-app, branch visit, or registered mail.
Bank / EMI Investigation
- Maximum 10 banking days to resolve (BSP Circular 1191).
- If the transaction is proven unauthorized → automatic refund + interest/finance charge reversal.
- If disputed → provisional credit within 3 banking days while investigation continues (for amounts ≥₱5,000 in many banks).
Escalation if Denied
- File a formal complaint with BSP Consumer Protection Department (consumer@bsp.gov.ph or online portal).
- BSP can impose fines up to ₱1 million per day of delay on non-compliant institutions.
- File a case with the Department of Trade and Industry (DTI) for violation of Consumer Act.
- Small claims court (up to ₱1,000,000 as of 2025) – no lawyer needed.
- Regular civil case for moral/exemplary damages.
V. Timelines You Must Remember
| Action | Deadline |
|---|---|
| Report lost/stolen card | Immediately (within 24 hrs ideal) |
| Report unauthorized transaction to bank/EMI | As soon as discovered (no strict statutory deadline but affects liability) |
| Bank/EMI to resolve dispute | 10 banking days (45 days max in exceptional cases) |
| File BSP complaint if bank refuses | No deadline but best within 30 days of bank decision |
| File small claims | Within 5 years (prescriptive period for quasi-delict) |
VI. Special Cases
A. GCash / Maya / Other E-Wallets
- Treated as Electronic Money Issuers (EMI) under BSP.
- Same 10-banking-day resolution rule applies.
- GCash introduced “GCash Protect” insurance (optional) that covers up to ₱100,000 for unauthorized transactions even if negligence is present.
B. Buy Now, Pay Later (BNPL) Platforms (BillEase, Atome, etc.)
- If the underlying payment was made via card or e-wallet, the same rules apply. BNPL providers themselves are usually not liable if the payment gateway was hacked.
C. International Transactions
Visa/Mastercard/JCB/UnionPay rules give additional zero-liability protection that supersedes local law if more favorable.
D. ATM Withdrawals
BSP Circular 808 and 1161 also cover unauthorized ATM withdrawals; same 10-day rule.
VII. Criminal Liability of the Perpetrator
- Estafa through computer-related fraud (RA 10175) – up to 20 years imprisonment
- Identity theft – up to 12 years
Victims should also file a police blotter and NBI/Anti-Cybercrime complaint.
VIII. Preventive Measures (Legally Recommended)
- Enable transaction alerts (SMS/email/app push).
- Never share OTP, CVV, or card details.
- Use virtual cards for online shopping (BPI, UnionBank, Security Bank offer this).
- Regularly change PINs and passwords.
- Enroll in 3D-Secure / OTP for online transactions.
IX. Conclusion
Under current Philippine law and BSP regulations (as of December 2025), consumers enjoy one of the strongest zero-liability regimes in Southeast Asia for unauthorized electronic transactions. As long as the consumer reports promptly and did not act with gross negligence, the bank, credit-card issuer, or e-money issuer is legally obligated to refund the full amount, reverse finance charges, and pay earned interest within 10 banking days. Failure to do so exposes the financial institution to heavy BSP sanctions and possible civil damages.
If your bank or e-wallet provider refuses or delays your legitimate refund, escalate immediately to the Bangko Sentral ng Pilipinas Consumer Protection Department — they have a near-perfect track record of compelling institutions to comply.