Remedies for Unauthorized Use of Personal Information in a Loan Application

Introduction

Unauthorized use of personal information in a loan application is a serious legal issue in the Philippines. It may involve identity theft, fraud, data privacy violations, cybercrime, falsification, harassment, unfair debt collection, and civil liability. The problem often arises when a person discovers that their name, mobile number, address, identification card, employment details, contact list, photograph, signature, or other personal information was used to apply for a loan without consent.

This may happen through online lending apps, informal lenders, financing companies, banks, cooperatives, microfinance institutions, payroll loan providers, credit card issuers, buy-now-pay-later platforms, pawnshops, or private individuals. Sometimes the victim’s information is used as the supposed borrower. In other cases, the person is listed as a co-borrower, guarantor, reference, emergency contact, employer, spouse, relative, or character reference without consent.

The legal remedies depend on what information was used, who used it, whether money was actually released, whether signatures or IDs were falsified, whether the loan provider failed to verify identity, whether collectors are harassing the victim, and whether the incident happened online.

This article explains the Philippine legal context, possible violations, immediate steps, complaints, evidence, remedies, and preventive measures when personal information is used without authority in a loan application.

1. What Is Unauthorized Use of Personal Information?

Unauthorized use of personal information occurs when another person, company, lender, agent, collector, employee, scammer, or online platform uses someone’s personal data without a lawful basis, consent, authority, or legitimate purpose.

In a loan application, this may include unauthorized use of:

  • full name;
  • address;
  • mobile number;
  • email address;
  • birth date;
  • place of birth;
  • civil status;
  • photograph;
  • selfie;
  • signature;
  • government-issued ID;
  • TIN, SSS, GSIS, Pag-IBIG, PhilHealth, passport, driver’s license, or national ID details;
  • employment information;
  • salary information;
  • bank account details;
  • credit card details;
  • utility bills;
  • payslips;
  • contact list;
  • social media account;
  • spouse or family details;
  • emergency contact information;
  • biometric information;
  • electronic signature;
  • screenshots or uploaded documents.

The unauthorized use may be committed by a stranger, a relative, a spouse, an ex-partner, a co-worker, a former employer, a lending agent, a loan applicant, an online app, a collector, or an insider from a company that had access to the victim’s records.

2. Common Situations

A. Someone Used Your Identity as the Borrower

This is one of the most serious scenarios. The person’s name, ID, signature, and details are used to apply for a loan, and the lender later demands payment from the person.

Examples:

  • a loan was approved under your name without your knowledge;
  • your ID and photo were used by another person;
  • your e-signature was forged;
  • you receive collection notices for a loan you never applied for;
  • the loan appears in your credit record;
  • collectors call you as if you are the borrower.

This may involve identity theft, fraud, falsification, cybercrime, and data privacy violations.

B. You Were Listed as a Co-Borrower Without Consent

A co-borrower is usually directly liable for the loan. If your name was used as a co-borrower without your consent, you should dispute it immediately.

The lender should be asked to produce the loan application, signed documents, consent records, identity verification logs, and proof that you agreed to become a co-borrower.

C. You Were Listed as a Guarantor Without Consent

A guarantor or surety may be asked to pay if the borrower defaults, depending on the contract. No person should be made a guarantor without consent.

If you did not sign, authorize, or agree, you should deny liability in writing and demand proof.

D. You Were Listed as a Reference or Emergency Contact Without Consent

Many lenders ask borrowers to provide references. Being listed as a reference does not automatically make you liable for the debt.

However, it may still be a privacy concern if your name and number were submitted without permission. It becomes more serious if collectors harass you, disclose the borrower’s debt, threaten you, or falsely claim that you must pay.

E. Your Contact List Was Accessed by a Loan App

Some online lending apps have historically collected contact lists and used them for debt collection. If an app accessed your contacts without valid consent, or used your number to shame or pressure a borrower, this may be a data privacy issue.

F. Your ID Was Uploaded Without Permission

A copy of your ID may be misused to apply for loans. This is especially dangerous because IDs contain sensitive personal information and can be used repeatedly.

G. Your Signature Was Forged

If your handwritten or electronic signature was forged on loan documents, the matter may involve falsification, fraud, and civil invalidity of the supposed obligation.

H. Your Employer or Payroll Information Was Misused

If employment or salary data was used without authority, the incident may involve both the lender and the source of the leaked data.

3. Why This Is Serious

Unauthorized use of personal information in a loan application can cause:

  • collection harassment;
  • damage to credit standing;
  • inclusion in negative databases;
  • denial of future loans;
  • reputational harm;
  • emotional distress;
  • identity theft risk;
  • financial loss;
  • threats from collectors;
  • exposure of private information;
  • legal disputes;
  • misuse of government IDs;
  • repeated fraudulent loan applications.

The victim should act quickly because loan records, app logs, messages, and account access may disappear or change.

4. Legal Issues Involved

Depending on the facts, several areas of Philippine law may apply:

  1. Data Privacy Act violations;
  2. Cybercrime-related offenses;
  3. Identity theft or computer-related identity misuse;
  4. Estafa or fraud;
  5. Falsification of documents;
  6. Civil liability for damages;
  7. Unfair debt collection practices;
  8. Consumer protection violations;
  9. Banking or financing regulatory violations;
  10. Harassment, threats, coercion, or unjust vexation;
  11. Violation of confidentiality obligations;
  12. Employment or professional misconduct, if an insider misused data.

A single incident may support several remedies at the same time.

5. Data Privacy Act Perspective

The Data Privacy Act protects personal information and sensitive personal information. A name, address, contact number, photograph, ID, signature, financial information, employment details, and loan data may be personal data. Government ID numbers, financial information, and some other details may be sensitive personal information.

A lender, financing company, online lending platform, collection agency, employer, or other organization that collects or processes personal data must generally have a lawful basis, provide proper notice, use the data only for legitimate purposes, protect it with reasonable security, and respect the rights of data subjects.

Unauthorized use in a loan application may involve:

  • processing without consent or lawful basis;
  • failure to verify identity;
  • excessive data collection;
  • unauthorized disclosure;
  • negligent data handling;
  • failure to secure uploaded documents;
  • use of contact lists for harassment;
  • retention of data beyond legitimate purpose;
  • disclosure of debt to third parties;
  • refusal to correct or delete inaccurate data;
  • failure to act on a data subject request.

The victim may file a complaint with the National Privacy Commission when personal data was improperly processed or disclosed.

6. Personal Information and Sensitive Personal Information

Personal information includes data that identifies a person or can reasonably identify them. A name with mobile number, photograph, or address is usually personal information.

Sensitive personal information may include information about:

  • age;
  • marital status;
  • health;
  • education;
  • government-issued identifiers;
  • financial information;
  • offenses or alleged offenses;
  • data specifically classified as confidential by law.

Loan applications commonly involve sensitive data because they often require IDs, income information, financial capacity, employment details, and credit-related information.

The more sensitive the information, the stronger the obligation to protect it.

7. Consent in Loan Applications

Consent must be specific, informed, and freely given. A lender cannot simply rely on another person’s act of typing your name and number into a loan form as proof that you consented to become a borrower, co-borrower, guarantor, or data subject.

For serious roles such as borrower, co-borrower, guarantor, or surety, the lender should have stronger proof of consent, identity verification, signature, authentication, or personal confirmation.

For references or emergency contacts, the lender should still handle the data responsibly. Being listed as a reference does not give the lender unlimited authority to call, harass, shame, or disclose loan details to that person.

8. Lawful Basis Other Than Consent

In some cases, personal data may be processed based on contract, legal obligation, legitimate interest, or other lawful grounds. However, these grounds do not justify identity fraud, fake loan applications, or making a non-consenting person liable for a debt.

A lender may have a legitimate interest in contacting a reference to verify a borrower’s identity, but that does not mean it may disclose the full debt, threaten the reference, or demand payment from someone who is not liable.

9. Identity Theft and Cybercrime

When the unauthorized use happens through a computer system, online platform, mobile app, website, digital form, email, or electronic document, cybercrime-related laws may apply.

The misuse of identity information to apply for an online loan may involve computer-related identity misuse, fraud, or other cybercrime-related offenses depending on the facts.

Examples:

  • another person uses your ID and selfie to open a loan account;
  • a scammer creates an online lending profile under your name;
  • your phone number or email is used for loan verification;
  • your digital signature is copied;
  • fake documents are uploaded through an app;
  • collectors use hacked or scraped contacts;
  • your online account is taken over to apply for credit.

A cybercrime complaint may be considered, especially when the loan was applied for online.

10. Estafa or Fraud

If someone used your identity or personal information to obtain money from a lender, the act may amount to fraud or estafa depending on the circumstances.

The victim of the fraud may include both:

  • the lender that released money based on false representations; and
  • the person whose identity or personal data was misused.

If the lender demands payment from the identity theft victim, the victim should clearly state that the loan was fraudulent and unauthorized.

11. Falsification

If the loan documents contain forged signatures, fake IDs, altered documents, false certifications, or fabricated personal details, falsification may be involved.

Examples:

  • your signature appears on a loan agreement you never signed;
  • your ID was edited;
  • your payslip was fabricated;
  • your employment certificate was forged;
  • your address was falsely declared;
  • your electronic consent was simulated;
  • someone used a fake authorization letter.

The victim should request copies of all documents allegedly signed or submitted and preserve evidence for handwriting, digital, or forensic review if necessary.

12. Civil Liability and Damages

Unauthorized use of personal information may result in civil liability. A victim may claim damages when the unauthorized use causes harm.

Possible harm includes:

  • emotional distress;
  • anxiety caused by collection demands;
  • reputational damage;
  • denial of credit;
  • business loss;
  • employment consequences;
  • family conflict;
  • expenses for legal assistance;
  • time and cost of clearing records;
  • actual monetary loss.

Depending on the facts, the victim may claim actual damages, moral damages, exemplary damages, attorney’s fees, and other relief.

13. Unfair Debt Collection Practices

If collectors contact the victim, relatives, employer, friends, or contacts to shame, threaten, or pressure payment, unfair debt collection issues may arise.

Unlawful or abusive collection practices may include:

  • threatening violence or criminal cases without basis;
  • using insults or obscene language;
  • calling repeatedly at unreasonable hours;
  • contacting third parties to disclose the debt;
  • posting the borrower’s or reference’s information online;
  • sending messages to the victim’s employer;
  • falsely claiming that a reference is legally liable;
  • using fake legal documents;
  • pretending to be a government officer;
  • threatening arrest;
  • accessing and messaging the victim’s contacts;
  • public shaming through social media.

Even if a debt is real, collection must be lawful. If the debt is not yours, collection demands should be disputed immediately.

14. Being a Reference Does Not Mean Being Liable

Many people panic when collectors say, “You were listed as a reference, so you must pay.” That is generally false.

A reference is not automatically a borrower, co-borrower, guarantor, or surety. A reference is usually only a contact person for verification.

Unless you signed or validly agreed to be legally bound, you should not be treated as liable for the loan.

A reference may tell the collector:

“I did not borrow money, I did not guarantee this loan, and I do not consent to further collection calls. Please remove my number from your collection records and communicate only with the borrower through lawful means.”

15. Co-Borrower, Guarantor, Surety, and Reference: Differences

Borrower

The borrower is the person who received or is legally responsible for the loan.

Co-Borrower

A co-borrower is usually jointly liable with the main borrower, depending on the contract.

Guarantor

A guarantor agrees to answer for the debt if the borrower fails to pay, subject to the terms of the guarantee.

Surety

A surety may be directly and solidarily liable with the borrower, depending on the contract.

Reference

A reference is usually only a person who can confirm identity or contact information. A reference is not automatically liable.

If your personal information was used, determine which role the lender claims you had. The remedy depends heavily on this classification.

16. Immediate Steps for the Victim

Step 1: Do Not Admit Liability

Do not say or write anything that may be interpreted as admitting the debt.

Avoid statements like:

  • “I will try to pay.”
  • “Give me time.”
  • “I know the borrower, so I will settle.”
  • “I will talk to my family and pay something.”

Instead, clearly state:

“I did not apply for this loan. I did not authorize the use of my personal information. I deny liability.”

Step 2: Ask for Loan Details

Request the lender or collector to provide:

  • loan account number;
  • date of application;
  • application channel;
  • copy of loan application;
  • copy of loan agreement;
  • proof of identity verification;
  • uploaded ID;
  • selfie or photo used;
  • mobile number and email used;
  • bank account or e-wallet where proceeds were released;
  • IP address or device information, if applicable;
  • signed consent forms;
  • proof that you agreed to be borrower, co-borrower, guarantor, or reference;
  • name of lending company and registration details;
  • collection agency details.

Step 3: Send a Written Dispute

Send a formal written dispute to the lender, platform, or collection agency.

Step 4: Demand Suspension of Collection

Ask them to suspend collection activity against you while the dispute is investigated.

Step 5: Demand Correction or Deletion of Inaccurate Records

If the loan is not yours, demand correction, deletion, blocking, or restriction of unauthorized personal data.

Step 6: Preserve Evidence

Save messages, calls, screenshots, emails, documents, links, app notifications, and names of collectors.

Step 7: File Complaints If Necessary

Depending on the facts, complain to the National Privacy Commission, police cybercrime unit, prosecutor, Securities and Exchange Commission, Bangko Sentral ng Pilipinas, Credit Information Corporation-related channels, or other appropriate bodies.

17. Evidence to Preserve

The victim should keep:

  • screenshots of collection messages;
  • call logs;
  • voice recordings, where lawfully obtained;
  • emails;
  • demand letters;
  • app notifications;
  • loan account details;
  • names and numbers of collectors;
  • social media posts;
  • messages sent to relatives or employer;
  • copies of IDs allegedly used;
  • fake signatures;
  • proof of location or non-involvement;
  • police blotter or incident report;
  • written dispute letter;
  • proof of delivery of dispute;
  • lender’s replies;
  • credit report showing the loan;
  • proof of financial harm;
  • medical or psychological records, if emotional harm is claimed;
  • affidavits from witnesses.

Evidence should show both unauthorized use and resulting harm.

18. Written Dispute Letter to Lender

A written dispute is important because it creates a formal record that the victim denies the debt and challenges the processing of personal information.

[Date]

[Name of Lending Company / Financing Company / Bank / Collection Agency] [Address / Email]

Subject: Formal Dispute of Unauthorized Loan Application and Unauthorized Use of Personal Information

Dear Sir/Madam:

I am writing to formally dispute the loan account allegedly under my name or involving my personal information.

I did not apply for any loan with your company. I did not authorize any person to use my name, identification documents, mobile number, address, signature, photograph, employment information, or other personal data for any loan application. I also did not consent to be treated as a borrower, co-borrower, guarantor, surety, reference, or emergency contact for the alleged loan.

I demand that you provide the following:

  1. copy of the loan application;
  2. copy of the loan agreement;
  3. date, time, and method of application;
  4. documents, ID, selfie, signature, or electronic records allegedly submitted;
  5. proof of consent and identity verification;
  6. name and account details where the loan proceeds were released;
  7. basis for processing my personal information;
  8. name and contact details of your Data Protection Officer or responsible privacy officer;
  9. name and authority of any collection agency handling the account.

Pending investigation, I demand that you immediately stop all collection activity against me, stop contacting my relatives, employer, friends, or other third parties, and prevent further disclosure or misuse of my personal information.

I further demand correction, blocking, deletion, or restriction of any inaccurate or unauthorized personal data associated with me, and written confirmation that I am not liable for any loan I did not apply for or authorize.

This letter is sent without waiver of my rights and remedies under Philippine law, including remedies under data privacy, cybercrime, consumer protection, civil, criminal, and regulatory laws.

Sincerely,

[Name] [Address] [Email / Contact Number]

19. Demand to Stop Harassment by Collectors

If collectors are calling or messaging repeatedly, use a separate notice.

[Date]

[Name of Collection Agency / Lender] [Address / Email]

Subject: Demand to Cease Unauthorized and Harassing Collection Communications

Dear Sir/Madam:

I am not the borrower of the loan you are attempting to collect. I did not apply for, receive, guarantee, or consent to be liable for the alleged loan. If my name or contact information appears in your records, it was used without my authority.

I demand that you immediately stop calling, texting, messaging, threatening, or harassing me regarding this loan. I also demand that you stop contacting my family, employer, friends, co-workers, or other third parties about this alleged debt.

Any further unauthorized processing, disclosure, or use of my personal information, and any further harassment or false representation that I am liable for the loan, will be treated as additional evidence for appropriate complaints before the proper authorities.

Please confirm in writing that my number and personal information have been removed or restricted from your collection records.

Sincerely,

[Name]

20. Data Subject Rights

Under Philippine data privacy principles, a data subject may assert rights concerning their personal data.

These may include the right to:

  • be informed;
  • access personal data;
  • object to processing;
  • correct inaccurate data;
  • erase or block data in proper cases;
  • damages;
  • data portability in applicable situations;
  • file a complaint.

In the loan context, the victim may demand access to the records showing how their data was obtained, used, shared, and stored.

21. Right to Access

A victim may ask the lender or platform:

  • What personal data do you have about me?
  • Where did you get it?
  • Who submitted it?
  • When was it submitted?
  • What purpose was stated?
  • Who accessed it?
  • Who received it?
  • Was it shared with collectors or credit bureaus?
  • What documents are linked to my name?
  • What verification was performed?

The lender may redact information that lawfully belongs to another person, but it should not use privacy as a blanket excuse to hide unauthorized processing of the victim’s own personal data.

22. Right to Correction

If the lender’s records falsely show the victim as borrower, guarantor, or contact, the victim may demand correction.

The correction should include:

  • removal of unauthorized role;
  • correction of credit records;
  • correction of internal loan records;
  • removal from collection lists;
  • correction of data shared with affiliates, collectors, and credit information systems.

Correction should be confirmed in writing.

23. Right to Erasure or Blocking

If personal data was unlawfully obtained or used, the victim may request erasure, blocking, or restriction, subject to lawful retention requirements.

A lender may need to retain certain records for investigation, legal compliance, fraud prevention, or regulatory reasons. However, retention does not mean the lender may continue collection or disclosure against the victim.

24. Right to Object

The victim may object to continued processing of personal information when there is no lawful basis.

For example:

  • continued collection calls;
  • continued reporting to credit databases;
  • continued sharing with collectors;
  • continued use as reference;
  • continued automated reminders;
  • continued posting or disclosure.

25. Complaint with the National Privacy Commission

A complaint with the National Privacy Commission may be appropriate when:

  • personal data was used without consent or lawful basis;
  • a lender failed to verify identity;
  • a company disclosed the debt to third parties;
  • collectors contacted the victim’s contacts;
  • the victim was falsely linked to a loan;
  • a loan app accessed contact lists improperly;
  • the lender refused to provide access or correction;
  • the lender failed to secure uploaded documents;
  • the victim’s data was leaked, sold, or shared;
  • harassment involved personal data misuse.

Before filing, it is often helpful to send a written complaint or dispute to the lender and preserve proof of the lender’s response or failure to respond.

26. What to Include in a Privacy Complaint

A privacy complaint should include:

  • name and contact details of complainant;
  • name of lender, platform, collector, or respondent;
  • facts of unauthorized use;
  • personal data involved;
  • how the complainant discovered the misuse;
  • collection messages or demands;
  • copies of loan records, if available;
  • proof of denial of consent;
  • written dispute sent to respondent;
  • respondent’s response or failure to respond;
  • harm suffered;
  • relief requested.

Relief may include investigation, order to stop processing, correction, deletion, damages where available, penalties, and other appropriate action.

27. Complaint with Police or Cybercrime Authorities

A police or cybercrime complaint may be appropriate if:

  • the loan was applied for online using your identity;
  • your ID or selfie was used fraudulently;
  • your account was hacked;
  • someone impersonated you;
  • forged documents were submitted electronically;
  • collectors threaten, harass, or extort you online;
  • intimate or private information is threatened for exposure;
  • the incident involves phishing, scams, or digital fraud.

Bring printed and digital evidence. Ask for an incident report or complaint record.

28. Complaint with the Prosecutor

If there is sufficient evidence of fraud, falsification, cybercrime, threats, coercion, harassment, or other offenses, a criminal complaint may be filed with the prosecutor.

A complaint-affidavit should narrate:

  • how the victim discovered the unauthorized loan;
  • why the victim did not authorize it;
  • what documents were falsified or misused;
  • who may be responsible;
  • how the lender or collector responded;
  • what harm resulted;
  • what evidence supports the allegations.

If the perpetrator is unknown, a complaint may initially be filed against identified persons and John/Jane Does, depending on legal advice and investigation.

29. Complaint with the Securities and Exchange Commission

Financing companies, lending companies, and online lending platforms may be subject to regulation by the Securities and Exchange Commission.

A complaint may be appropriate when:

  • the lender or financing company engages in abusive collection;
  • an online lending app misuses personal information;
  • collectors shame or threaten people;
  • the company uses unfair or deceptive practices;
  • the company operates without proper authority;
  • the company refuses to address identity theft;
  • the company violates lending or financing rules.

The complainant should attach messages, screenshots, loan records, names of apps, company names, registration details, and collection communications.

30. Complaint with the Bangko Sentral ng Pilipinas

If the entity involved is a bank, quasi-bank, electronic money issuer, credit card issuer, or other BSP-supervised financial institution, the victim may use the institution’s customer assistance mechanism and, if unresolved, escalate to the appropriate BSP consumer assistance channel.

This may be relevant for:

  • unauthorized bank loans;
  • credit card applications;
  • digital bank loans;
  • e-wallet-linked credit;
  • bank-reported credit records;
  • unauthorized use of bank customer data;
  • failure to investigate identity theft.

The victim should first file a formal complaint with the institution and keep the reference number.

31. Credit Reporting and Credit Records

If the fraudulent loan appears in a credit report, the victim should dispute it.

A false loan record can affect:

  • bank loan approval;
  • credit card applications;
  • housing loans;
  • car loans;
  • employment background checks in some industries;
  • business financing;
  • insurance or financial evaluations.

The victim should request correction from the lender and any credit information entity where the record appears.

A written confirmation that the loan was fraudulent or not attributable to the victim is important.

32. Demand for Credit Record Correction

[Date]

[Name of Lender / Credit Information Entity] [Address / Email]

Subject: Demand for Correction of Unauthorized Loan Record

Dear Sir/Madam:

I recently discovered that a loan account was reported or recorded under my name or linked to my personal information. I did not apply for, authorize, receive, guarantee, or consent to this loan.

I formally dispute the accuracy of this record and demand immediate investigation, correction, and removal or appropriate annotation of the disputed account from your records and from any credit reporting system to which it was submitted.

Please provide written confirmation of the correction and identify all entities to whom the inaccurate loan record was disclosed.

This demand is made without waiver of my legal rights and remedies.

Sincerely,

[Name]

33. When the Perpetrator Is a Relative

Sometimes a family member uses another person’s ID, name, or phone number to apply for a loan. This can be emotionally difficult, but the legal issues remain serious.

Common cases include:

  • sibling uses your ID;
  • spouse applies using your information;
  • parent lists adult child as co-borrower;
  • child uses parent’s ID;
  • relative lists your number as guarantor;
  • ex-partner uses your details after separation.

The victim must decide whether to pursue formal complaints. At minimum, send a written dispute to the lender. Otherwise, silence may be misinterpreted as acceptance.

Family relationship does not automatically authorize use of personal information or signature.

34. When the Perpetrator Is a Spouse

Marriage does not give one spouse unlimited authority to use the other spouse’s personal information for loans.

A spouse generally cannot forge the other spouse’s signature, submit their ID without consent, or make them co-borrower or guarantor without authority.

However, property relations, family expenses, and marital obligations may complicate the analysis. Legal advice is recommended if the loan was allegedly for family benefit, business, household expenses, or conjugal obligations.

Even then, unauthorized use of identity and falsification remain serious issues.

35. When the Perpetrator Is an Employee or Insider

If the unauthorized use was committed by someone who had access to personal data through work, the employer or institution may also face responsibility.

Examples:

  • HR staff uses employee IDs for loans;
  • lending agent submits fake applications;
  • bank employee misuses client data;
  • school staff leaks parent information;
  • clinic employee uses patient ID;
  • collector reuses old borrower records;
  • company staff sells customer data.

The victim may complain against both the individual wrongdoer and the organization if there was poor security, lack of controls, or negligent supervision.

36. Responsibility of Lenders to Verify Identity

Lenders should conduct reasonable identity verification before approving loans. The required level of verification depends on the type of loan, risk, channel, and regulatory obligations.

For online loans, reasonable safeguards may include:

  • ID validation;
  • selfie verification;
  • liveness checks;
  • OTP verification;
  • mobile number ownership checks;
  • bank or e-wallet name matching;
  • employment verification;
  • fraud detection;
  • manual review of suspicious applications;
  • confirmation of co-borrower or guarantor consent;
  • audit logs.

If a lender approved a loan using obviously suspicious, inconsistent, or unauthorized data, it may face regulatory, privacy, or civil liability.

37. Online Lending Apps and Contact List Abuse

Online lending apps have been controversial when they collect contact lists and use them to pressure borrowers.

Potential abuses include:

  • accessing all phone contacts when not necessary;
  • sending collection messages to contacts;
  • telling contacts about the borrower’s debt;
  • threatening references;
  • shaming the borrower through group messages;
  • using defamatory labels;
  • extracting photos or social media data;
  • harassing employers or relatives.

Such conduct may support complaints for data privacy violations, unfair collection, harassment, or other legal remedies.

38. If You Are Only an Emergency Contact

If you are only an emergency contact, the lender may contact you to locate the borrower or verify limited information, but should not:

  • demand payment from you;
  • disclose unnecessary debt details;
  • threaten legal action against you;
  • call repeatedly after you object;
  • shame you;
  • contact your employer;
  • post your information;
  • imply that you are liable.

You may demand deletion or restriction of your contact information if you did not consent and there is no lawful basis to continue contacting you.

39. If You Are Listed as Employer or HR Contact

Collectors sometimes call employers to shame borrowers or verify employment. Employers should be careful not to disclose employee personal information without lawful basis.

If your name or HR details were used in a loan application without authority, you may tell the lender:

  • you do not consent to further contact;
  • you are not liable;
  • employment information should not be discussed without proper authorization;
  • any verification should follow company procedures.

Employers should have policies on employment verification and debt collection calls.

40. If Your Phone Number Was Recycled

Sometimes a person receives collection calls because a mobile number previously belonged to a borrower.

In that case:

  • inform the collector that the number has been reassigned;
  • request removal from records;
  • send screenshots or telco proof if available;
  • block persistent collectors;
  • file complaints if harassment continues.

Collectors should update records after notice.

41. If Your SIM Was Registered Under Your Name and Used by Someone Else

If a SIM registered under your name was used in fraudulent loan applications, act quickly.

Steps may include:

  • report unauthorized SIM use to the telco;
  • request SIM deactivation or investigation;
  • file police or cybercrime report;
  • notify lenders;
  • secure your IDs and accounts;
  • check whether other loans or accounts were opened.

SIM-related misuse can create identity theft and fraud risks.

42. If Your Lost ID Was Used

If a lost ID was used in a loan application:

  1. file a police report or affidavit of loss;
  2. notify the issuing agency if needed;
  3. inform the lender that the ID was lost and misused;
  4. request copies of the documents submitted;
  5. check for other accounts opened using the ID;
  6. consider replacing the ID;
  7. monitor credit records.

The timing of the loss report may matter. But even if you reported the loss later, you may still dispute unauthorized use.

43. If Your Signature Was Copied From Another Document

A signature can be copied from IDs, contracts, forms, delivery receipts, or scanned documents.

If you suspect signature copying:

  • request the original document or digital file;
  • compare signatures;
  • check dates and context;
  • deny signing in writing;
  • preserve examples of your genuine signature;
  • consider handwriting examination if litigation arises;
  • file complaints for falsification if supported.

Electronic signatures should also be examined for authentication logs.

44. If a Selfie Was Used

Online lenders often require selfie verification. If a selfie was used without your consent, ask:

  • when was the selfie uploaded?
  • what device was used?
  • was liveness detection used?
  • does the selfie show you or an imposter?
  • was it taken from social media?
  • was it edited?
  • was your ID held beside your face?
  • what verification did the lender perform?

If the selfie is yours but taken from another source, there may be data misuse. If the selfie is fake or edited, fraud may be involved.

45. If Loan Proceeds Went to Another Account

A key fact is where the money went.

Ask the lender to identify the bank account, e-wallet, remittance account, or disbursement channel used.

If the account is not yours, that supports your denial. It may also help identify the perpetrator.

If the lender released funds to an account under a different name, the lender’s verification process may be questioned.

46. If the Loan Was Applied Through Your Own Phone

If the application came from your phone or device, the issue becomes more complicated.

Possibilities include:

  • someone borrowed your phone;
  • a family member used it without permission;
  • malware or account compromise occurred;
  • you clicked a phishing link;
  • your app account was taken over;
  • OTP was intercepted or shared;
  • you authorized one thing but not the loan.

You should preserve device evidence, app logs, SMS messages, emails, and account access records.

47. OTP and Consent Issues

Many lenders rely on OTP verification. But OTP use alone may not always prove informed consent to a loan, especially if:

  • the OTP was obtained by deception;
  • the phone was stolen;
  • the borrower was impersonated;
  • the OTP was for account verification, not loan consent;
  • the user did not understand the transaction;
  • another person had access to the phone;
  • the lender failed to verify other required details.

Do not ignore an OTP issue. Explain clearly why the OTP does not establish your authorization.

48. Loan Apps Installed by Another Person

If someone installed a loan app on your phone or used your phone to apply, identify:

  • who had access;
  • when the app was installed;
  • what permissions were granted;
  • whether contacts, photos, SMS, or files were accessed;
  • whether loan proceeds went to your account or another account;
  • whether you received any benefit.

Uninstalling the app may stop access, but preserve screenshots and records first if evidence is needed.

49. If the Lender Refuses to Give Documents

A lender may refuse to give full documents by claiming confidentiality or privacy of the borrower. But if your personal information was used, you have a legitimate basis to request records involving your own data.

If the lender refuses, respond in writing:

  • state that the request concerns your own personal data;
  • ask for redacted copies if needed;
  • ask for the legal basis of refusal;
  • ask for the Data Protection Officer;
  • state that refusal will be included in regulatory complaints.

Persistent refusal may strengthen a complaint.

50. If the Lender Says “Settle First Before We Investigate”

A lender should not require payment from a person who denies applying for the loan as a condition for investigating identity theft.

Paying may be interpreted as acknowledgment, though payment under protest can be documented in some cases. As a rule, do not pay a debt you deny without legal advice.

Instead, demand investigation and suspension of collection.

51. If the Lender Reports You to a Credit Database

If the loan is not yours, this is a major issue.

Demand that the lender:

  • mark the account as disputed;
  • stop adverse reporting during investigation;
  • correct or delete inaccurate data;
  • notify all recipients of the correction;
  • provide written confirmation;
  • compensate for damage where appropriate.

A false negative credit record can support claims for damages.

52. If Collectors Contact Your Relatives

Collectors may not use relatives to shame, threaten, or pressure payment. If relatives are contacted:

  • ask relatives to screenshot and save messages;
  • tell them not to admit liability;
  • ask them to state they are not liable and do not consent to further contact;
  • include the messages in your complaint;
  • demand that the lender stop third-party contact.

Disclosure of alleged debt to third parties may be a privacy and collection abuse issue.

53. If Collectors Contact Your Employer

Contacting an employer can cause reputational and employment harm.

If this happens:

  • ask HR to document the call or message;
  • request copies of messages;
  • inform the employer that you dispute the loan as unauthorized;
  • ask the lender to stop contacting your workplace;
  • include the incident in complaints.

A collector falsely claiming you owe a loan may expose the lender or agency to liability.

54. If Collectors Post Your Name or Photo Online

This may create additional liability for privacy violation, cyberlibel, harassment, or unfair collection.

Preserve:

  • screenshots of the post;
  • comments;
  • shares;
  • page name;
  • URL;
  • date and time;
  • any captions calling you a scammer or debtor;
  • messages encouraging others to shame you.

Demand immediate takedown and file appropriate complaints.

55. If Collectors Threaten Arrest

Failure to pay a debt is generally a civil matter, although fraud may be criminal if present. Collectors often misuse threats of arrest to scare people.

If you did not apply for the loan, the threat is even more abusive.

Save the message and include it in a complaint.

56. If Collectors Pretend to Be Lawyers or Police

Collectors may use fake legal notices, fake court documents, or pretend to be police or government officials.

This may involve additional violations.

Check whether:

  • the sender is a real lawyer;
  • the document has a real case number;
  • the court exists;
  • the prosecutor complaint is real;
  • the police officer is real;
  • the demand letter is from a legitimate law office.

Do not panic. Verify before responding.

57. If the Loan Provider Is Unregistered

If the lender is not properly registered or licensed, the matter may involve illegal lending or unauthorized financing activity.

Still, even an unregistered lender may harass victims, so evidence preservation and complaints remain important.

Report the entity to the appropriate regulator and law enforcement if needed.

58. If the Loan Is From an Informal Private Lender

Private lenders may also misuse personal information. If a person privately used your name, ID, or signature, possible remedies include:

  • written denial;
  • barangay complaint, if applicable;
  • police report;
  • criminal complaint for falsification or fraud;
  • civil action for damages;
  • demand to stop using your information;
  • complaint if harassment occurs.

The lack of a formal company does not make the conduct lawful.

59. If Your Information Was Used as Collateral or Security

Sometimes personal documents are used as supposed security for loans. Examples include IDs, ATM cards, payroll cards, land documents, or vehicle documents.

If your documents were used without authority, demand their return or deletion and file appropriate complaints.

If original documents are missing, consider notifying relevant agencies or institutions.

60. If Your Bank Account Was Used

If loan proceeds entered your bank account without your knowledge or through suspicious transactions, act immediately.

Possible steps:

  • notify the bank;
  • do not withdraw or spend disputed funds;
  • ask the bank to freeze or investigate suspicious transactions;
  • file a police report;
  • inform the lender;
  • preserve transaction records.

Spending proceeds may complicate your denial.

61. If You Received the Money but Did Not Apply

This can happen if someone used your details but directed proceeds to your account, or if a lender mistakenly credited you.

Do not treat the money as free. Notify the lender and bank in writing. Ask for instructions. Preserve records.

If you keep or use the funds, the dispute may become more complicated.

62. If You Benefited From the Loan

If a relative used your information without permission but the money was used for your benefit or household, legal analysis becomes more complex.

You may still dispute unauthorized use, forgery, or privacy violations, but the lender may argue unjust enrichment, agency, ratification, or benefit received.

Legal advice is recommended before making statements.

63. Ratification Risk

Ratification means later conduct that may be interpreted as accepting or confirming an unauthorized transaction.

Avoid actions that may look like ratification, such as:

  • making partial payments without written protest;
  • asking for restructuring;
  • promising to settle;
  • signing acknowledgment forms;
  • accepting loan proceeds;
  • using loan proceeds;
  • negotiating as if the loan is yours;
  • telling collectors “I will pay later.”

If you need to communicate, always state that you dispute the loan and do not admit liability.

64. Payment Under Protest

In rare cases, a person may pay under protest to stop urgent harm, such as severe harassment or credit damage, while reserving rights. This should be done carefully and preferably with legal advice.

The payment communication should state clearly that:

  • payment is not admission of liability;
  • the loan is disputed;
  • payment is made under protest;
  • the victim reserves the right to recover the amount and pursue remedies.

65. Small Claims

If the financial loss is within the proper threshold and the case is for recovery of money, small claims may be an option against the person who misused the data or received the loan proceeds.

However, small claims may not be suitable for complex privacy, cybercrime, or falsification issues. It is mainly for monetary claims.

66. Civil Action Against the Perpetrator

A civil case may be considered against the person who used the victim’s personal information.

Claims may include:

  • damages;
  • reimbursement;
  • injunction;
  • declaration of non-liability;
  • correction of records;
  • attorney’s fees.

The proper action depends on the amount, evidence, identity of the wrongdoer, and relief needed.

67. Civil Action Against the Lender

A lender may be liable if it negligently processed the loan, failed to verify identity, ignored the dispute, continued collection despite clear evidence, disclosed personal information, or caused credit damage.

Possible claims may involve:

  • negligence;
  • violation of privacy rights;
  • abuse of rights;
  • damages;
  • unfair collection;
  • inaccurate reporting;
  • breach of statutory obligations.

The strength of the claim depends on proof that the lender failed to act reasonably.

68. Injunction or Court Relief

If unauthorized use continues, or if collectors continue to disclose information, a victim may seek court relief in appropriate cases.

Possible relief may include orders to stop collection, stop disclosure, correct records, or refrain from using personal data.

Court relief is more formal and may require legal assistance.

69. Barangay Remedies

If the wrongdoer is known and lives in the same city or municipality, barangay conciliation may be required for certain civil disputes before court filing, subject to legal exceptions.

Barangay proceedings may help when:

  • a neighbor or relative used your information;
  • a private lender is harassing you;
  • a local dispute needs documentation;
  • a settlement is possible.

However, serious criminal, cybercrime, privacy, or urgent cases may require direct action with proper authorities.

70. Affidavit of Denial

An affidavit of denial may be useful when disputing a fraudulent loan.

It may state:

  • you did not apply;
  • you did not sign;
  • you did not authorize anyone;
  • you did not receive proceeds;
  • you did not consent to data use;
  • you deny liability;
  • you discovered the misuse on a specific date;
  • you demand correction and investigation.

This may be submitted to the lender, police, prosecutor, regulator, or credit reporting entity.

71. Sample Affidavit of Denial

AFFIDAVIT OF DENIAL OF LOAN APPLICATION AND UNAUTHORIZED USE OF PERSONAL INFORMATION

I, [Name], of legal age, Filipino, and residing at [Address], after being duly sworn, state:

  1. I recently discovered that my personal information was allegedly used in connection with a loan application or loan account with [Name of Lender], identified as [Loan Account Number, if known].

  2. I did not apply for the said loan.

  3. I did not authorize any person to use my name, address, mobile number, identification documents, photograph, signature, employment information, financial information, or any other personal data for the said loan application.

  4. I did not sign any loan agreement, promissory note, guarantee, suretyship, authorization, or consent form in favor of [Name of Lender] in relation to the said loan.

  5. I did not receive the proceeds of the said loan and did not benefit from the same.

  6. I deny any liability for the said loan and request that the matter be investigated as an unauthorized and fraudulent use of my personal information.

  7. I execute this affidavit to attest to the truth of the foregoing and to support my complaints, disputes, and requests for correction, deletion, blocking, or restriction of unauthorized personal data.

IN WITNESS WHEREOF, I have signed this affidavit on [Date] at [Place].

[Signature] [Name]

SUBSCRIBED AND SWORN to before me this [Date] at [Place], affiant exhibiting competent proof of identity: [ID details].

72. Police Blotter or Incident Report

A police blotter or incident report may help document the event, especially when the perpetrator is unknown or when the lender asks for proof of identity theft.

The blotter is not a final finding of guilt, but it establishes that the victim reported the incident.

Bring:

  • ID;
  • screenshots;
  • collection messages;
  • loan details;
  • disputed documents;
  • written denial;
  • names of suspected persons, if any.

73. Cybercrime Evidence

For online applications, preserve digital evidence properly.

Useful details include:

  • app name;
  • website URL;
  • account profile;
  • registered email or number;
  • OTP messages;
  • timestamps;
  • IP or device data, if provided;
  • transaction logs;
  • e-wallet or bank destination;
  • screenshots of app permissions;
  • messages from collectors;
  • links to social media posts.

Do not rely only on memory.

74. Data Breach Concerns

If your information was leaked from a company database and then used for loans, the incident may involve a data breach.

Signs of a breach include:

  • multiple people from the same company or group receive loan fraud;
  • IDs submitted to one organization later appear in loan applications;
  • personal data appears in scam messages;
  • a lender knows details you gave only to another institution;
  • former employer records are misused;
  • customer records are sold.

Report the suspected source and ask whether a breach investigation has been conducted.

75. Duties of Organizations That Suffer a Breach

Organizations holding personal data should have security measures and breach response procedures.

If a breach compromises sensitive personal information or creates a real risk of serious harm, notification obligations may arise.

A victim may ask:

  • Was my data compromised?
  • What data was affected?
  • When did the breach occur?
  • What measures were taken?
  • Was the National Privacy Commission notified?
  • What assistance will be provided?
  • How will future misuse be prevented?

76. If the Lender Was Also a Victim of Fraud

Sometimes both the lender and the person whose identity was used are victims. The lender lost money to a fraudster; the identity theft victim suffers collection and reputational harm.

Even then, the lender should not collect from the identity theft victim without proof of liability.

The lender should investigate the fraud, trace proceeds, suspend collection against the victim, and correct records.

77. Liability of the Actual Borrower

If the actual borrower used another person’s information, they may face liability for:

  • fraud;
  • falsification;
  • identity misuse;
  • damages;
  • breach of contract with the lender;
  • data privacy-related violations;
  • unjust enrichment.

If the borrower listed you only as reference without permission, the liability may be less severe than identity theft, but still may create privacy and harassment consequences.

78. Unauthorized Use by Lending Agent

Loan agents may commit fraud to meet quotas. Examples:

  • using old customer files for new loans;
  • adding co-borrowers without consent;
  • forging signatures;
  • submitting fake IDs;
  • misrepresenting references as guarantors;
  • retaining copies of IDs and reusing them.

The lending company may still be responsible if the agent acted within apparent authority, used company systems, or if the company failed to supervise properly.

79. Unauthorized Use by Collection Agency

Collection agencies may process borrower and third-party data on behalf of lenders. They must handle data lawfully.

A collection agency may be liable if it:

  • contacts unauthorized third parties;
  • discloses debt details;
  • harasses contacts;
  • posts personal information;
  • refuses deletion after notice;
  • uses threats or false statements;
  • continues processing disputed data without basis.

The lender may also be accountable for its collection agency.

80. Unauthorized Use by Online Platform

Online platforms that facilitate credit may process personal data as personal information controllers or processors depending on their role.

They may be responsible for:

  • privacy notices;
  • app permissions;
  • data minimization;
  • security;
  • user consent;
  • complaint handling;
  • vendor management;
  • deletion or correction;
  • breach response.

If the platform enabled misuse through weak verification or excessive data access, regulatory complaints may be appropriate.

81. What If the Loan Was Denied but Your Data Was Used?

Even if no loan was released, unauthorized use of personal information remains a concern.

Possible remedies include:

  • demand deletion of application data;
  • request access to records;
  • ask how the data was obtained;
  • demand fraud flagging;
  • file privacy complaint;
  • report attempted identity theft;
  • monitor credit records;
  • replace compromised IDs if necessary.

Attempted misuse can still cause harm and future risk.

82. What If the Loan Was Approved but Not Yet Collected?

Act immediately. Written dispute before default and collection may prevent further harm.

Demand:

  • account freeze;
  • investigation;
  • suspension of release if not yet disbursed;
  • cancellation if fraudulent;
  • correction of records;
  • non-reporting to credit systems;
  • deletion or restriction of personal data.

83. What If There Are Multiple Loans?

Multiple unauthorized loans may indicate identity theft or a data leak.

Steps:

  1. make a master list of all lenders and account numbers;
  2. send separate dispute letters;
  3. file police or cybercrime report;
  4. file privacy complaints where appropriate;
  5. check credit reports;
  6. notify banks and telcos;
  7. replace compromised IDs if needed;
  8. monitor future messages and applications.

A single affidavit may be used as base evidence, but each lender should receive a specific dispute.

84. Monitoring for Future Misuse

After an identity misuse incident, monitor:

  • loan messages;
  • credit reports;
  • bank accounts;
  • e-wallets;
  • SIM registration;
  • email security;
  • social media accounts;
  • government ID use;
  • phishing attempts;
  • unknown account notifications.

Change passwords, enable two-factor authentication, and avoid sending IDs casually.

85. Protecting Government IDs

Government IDs are commonly required in loans and are often misused.

Protect IDs by:

  • watermarking copies with purpose and date;
  • covering unnecessary ID numbers where allowed;
  • sending only through secure channels;
  • avoiding uploads to suspicious apps;
  • keeping records of where IDs were submitted;
  • reporting lost IDs;
  • refusing unnecessary ID collection;
  • asking for privacy notices before submission.

A watermark may say: “For [Company] loan verification only, [Date].”

86. Protecting Signatures

To reduce signature misuse:

  • avoid sending blank signed documents;
  • do not post signed IDs online;
  • watermark scanned documents;
  • keep copies of signed forms;
  • ask why a signature is needed;
  • use secure e-signature platforms when possible;
  • avoid letting agents “fill in later.”

Never sign blank loan forms.

87. Protecting Selfies and ID Photos

Online scammers often ask for selfies with IDs. These can be used for loan applications.

Do not send selfies with IDs unless you trust the entity and understand the purpose.

If required, use visible watermarks or hold a paper stating the specific purpose and date, when accepted.

88. Preventing Misuse by Apps

Before installing a loan app, check:

  • app permissions;
  • whether contacts are accessed;
  • privacy policy;
  • company registration;
  • reviews mentioning harassment;
  • collection practices;
  • complaints against the app;
  • whether data deletion is possible;
  • whether the app asks for excessive information.

Do not grant contact, photo, SMS, or file access unless necessary and justified.

89. If You Are the Borrower and Your Contacts Were Misused

If you borrowed from an app and it contacted your friends or relatives without proper authority:

  • document the messages;
  • revoke app permissions;
  • demand cessation of third-party contact;
  • file privacy and regulatory complaints;
  • pay or dispute the debt through lawful channels;
  • do not ignore abusive collection.

Even if you owe money, the lender must collect lawfully.

90. If You Are a Contact of a Borrower

If your number was taken from someone else’s contact list and collectors are contacting you:

  • state that you are not the borrower;
  • state that you do not consent to further contact;
  • demand deletion or restriction;
  • save all messages;
  • ask for the company’s Data Protection Officer;
  • file complaints if harassment continues.

You are not automatically liable for another person’s loan.

91. If Your Personal Information Was Used in a Corporate Loan

If your information was used in a business or corporate loan, determine whether you were listed as:

  • authorized representative;
  • corporate officer;
  • signatory;
  • surety;
  • guarantor;
  • board representative;
  • beneficial owner;
  • contact person.

Corporate roles may carry different responsibilities. If your signature or authorization was forged, dispute immediately and request all documents.

92. If You Are a Company Officer

Company officers should monitor unauthorized use of their names in corporate borrowing.

A company may need board authority for certain loans. If a loan was taken without authority, corporate remedies and criminal complaints may be considered.

Request:

  • board resolution used;
  • secretary’s certificate;
  • loan agreement;
  • suretyship documents;
  • specimen signature cards;
  • disbursement records.

93. If Your Business Information Was Used

Business names, DTI certificates, SEC documents, permits, and invoices can be used in fraudulent loans.

The business owner may file complaints for:

  • fraud;
  • falsification;
  • unauthorized use of trade name;
  • data privacy concerns for sole proprietors;
  • civil damages;
  • regulatory complaints.

Notify banks and lenders that the business identity may have been compromised.

94. If Your Information Was Used by an Online Seller or Buyer

E-commerce transactions often involve IDs, addresses, and payment details. A seller or buyer may misuse the other party’s information for loans.

Preserve:

  • chat history;
  • shipping details;
  • proof of transaction;
  • courier records;
  • payment receipts;
  • account profiles.

Report to the platform and authorities.

95. If Your Data Was Taken From Social Media

Scammers may collect names, photos, birth dates, family names, employer details, and locations from social media to complete loan applications.

Reduce public exposure by limiting visible:

  • birth date;
  • address;
  • phone number;
  • employer;
  • family names;
  • IDs;
  • signatures;
  • travel plans;
  • financial details.

Avoid posting clear images of IDs, documents, or bills.

96. Legal Demand Against the Perpetrator

If you know who used your information, send a demand letter.

[Date]

[Name of Person] [Address, if known]

Subject: Demand to Cease Unauthorized Use of Personal Information and Assume Liability for Unauthorized Loan

Dear [Name]:

It has come to my attention that my personal information was used without my consent in connection with a loan application or loan account with [Name of Lender].

I did not authorize you or any person to use my name, identification documents, contact details, signature, photograph, employment information, or other personal data for any loan application. I also did not authorize you to represent me as borrower, co-borrower, guarantor, surety, reference, or contact person.

I demand that you immediately:

  1. stop using my personal information;
  2. notify the lender that I did not authorize the loan or use of my data;
  3. assume responsibility for any loan you obtained;
  4. provide me with copies of all documents submitted using my information;
  5. indemnify me for any damage, cost, or liability caused by your acts; and
  6. refrain from further misuse, disclosure, or processing of my personal data.

Failure to comply will leave me no choice but to pursue appropriate civil, criminal, privacy, and regulatory remedies.

This demand is made without waiver of any rights and remedies available under Philippine law.

Sincerely,

[Name]

97. If the Lender Insists You Are Liable

If the lender insists on liability, ask for proof.

They must show the legal basis for the claim, such as:

  • signed loan agreement;
  • valid e-signature;
  • identity verification;
  • disbursement to your account;
  • proof of consent;
  • guarantee or surety agreement;
  • authenticated communication;
  • evidence that you benefited.

If they cannot show proof, maintain denial and escalate.

98. If You Actually Signed as Reference Without Understanding

If you signed a document thinking you were only a reference, but the lender claims you are a guarantor, the wording of the document matters.

Possible issues:

  • misrepresentation by agent;
  • lack of informed consent;
  • ambiguous contract;
  • fraud;
  • unfair lending practice;
  • failure to explain suretyship;
  • invalid or defective consent.

Obtain a copy of the signed document and seek legal advice.

99. If You Signed as Guarantor but Want to Withdraw

A guarantor cannot always withdraw unilaterally after the loan is granted, unless the contract allows it or the lender agrees.

However, if your consent was obtained by fraud, mistake, intimidation, or misrepresentation, you may have remedies.

This is different from unauthorized use. In unauthorized use, you never consented at all.

100. If You Were Made a Co-Maker Without Consent

“Co-maker” is commonly used in Philippine lending. It may mean co-borrower, guarantor, surety, or accommodation party depending on the document.

If you did not consent, dispute the obligation.

Ask for:

  • promissory note;
  • co-maker agreement;
  • signed forms;
  • verification record;
  • witness details;
  • disbursement record.

If your signature was forged, state that clearly.

101. If Your Name Was Used in a Salary Loan

Salary loans often require employer verification or payroll deduction. Unauthorized use may involve:

  • fake certificate of employment;
  • fake payslip;
  • unauthorized HR verification;
  • forged payroll deduction authority;
  • misuse of employee data.

Notify HR and the lender. Ask HR to preserve records of any verification request.

102. If Payroll Deduction Was Made Without Authorization

If deductions were made from salary for a loan you did not authorize, act immediately.

Steps:

  • dispute the deduction with HR and payroll;
  • demand copy of deduction authority;
  • demand refund;
  • ask who submitted the authorization;
  • notify the lender;
  • file labor, privacy, civil, or criminal complaints as appropriate.

Salary deductions must have lawful basis.

103. If Your E-Wallet Was Linked

Loan platforms may disburse or collect through e-wallets. If your e-wallet was linked without authority:

  • secure the account;
  • change PIN and password;
  • contact the e-wallet provider;
  • review transaction history;
  • revoke linked apps;
  • file a dispute;
  • report identity theft.

If your e-wallet received or paid loan funds, preserve records.

104. If Your Bank Details Were Used for Auto-Debit

Unauthorized auto-debit arrangements should be disputed with the bank and lender.

Ask for:

  • debit authorization;
  • signature or e-consent;
  • mandate details;
  • transaction records;
  • refund of unauthorized debits.

Consider replacing compromised account details.

105. If Your Email Was Used

If a loan account was opened using your email:

  • reset your email password;
  • enable two-factor authentication;
  • search for loan-related messages;
  • check for suspicious forwarding rules;
  • notify the lender that the email was used without authority;
  • report phishing if applicable.

Email compromise may support cybercrime complaints.

106. If Your Address Was Used

Unauthorized use of your address may result in demand letters, visits, or reputational harm.

Inform the lender in writing that:

  • the borrower does not reside there, if true;
  • your address was used without authority;
  • you do not consent to visits or collection at your address;
  • they must correct their records.

If collectors visit and harass, document the incident.

107. If Collectors Visit Your Home

Collectors must act lawfully. If they visit:

  • do not let them enter without consent;
  • ask for identification;
  • ask for company name;
  • record details where lawful and safe;
  • do not sign documents;
  • do not admit liability;
  • tell them the debt is disputed;
  • ask them to leave if they are harassing you;
  • call barangay or police if threatened.

108. If Collectors Visit Your Workplace

This is often abusive when the debt is disputed or not yours.

Ask the employer to document the visit. Demand that the lender stop workplace visits. Include the incident in regulatory complaints.

109. If There Is a Court Case

If you receive a real court summons involving a loan you did not authorize, do not ignore it.

File the proper answer or response within the deadline. Raise defenses such as:

  • no consent;
  • forged signature;
  • identity theft;
  • no receipt of proceeds;
  • lack of authority;
  • fraud;
  • privacy violation;
  • improper party;
  • no cause of action;
  • payment or liability belongs to another person.

Ignoring a summons can lead to adverse judgment.

110. If You Receive a Demand Letter From a Lawyer

Verify the law office and the debt. Reply in writing denying liability and requesting documents.

Do not ignore legitimate legal correspondence, but do not admit liability without proof.

111. If You Receive a Subpoena

If you receive a subpoena from prosecutor, police, or court, attend or consult counsel. Bring documents showing unauthorized use.

A subpoena is different from a collector’s fake threat.

112. Defenses Against Liability

Possible defenses include:

  • no loan application;
  • no signature;
  • forged signature;
  • no consent;
  • no authority;
  • no receipt of proceeds;
  • identity theft;
  • lender negligence;
  • invalid e-signature;
  • fraud by third party;
  • no valid guarantee;
  • no proof of suretyship;
  • reference only, not borrower;
  • incorrect person;
  • wrong phone number;
  • inaccurate credit reporting;
  • violation of privacy rights.

The strongest defense depends on evidence.

113. Burden of Proof

A lender claiming you owe money must prove the obligation. If you deny signing or authorizing the loan, the lender should produce the contract and supporting verification.

A victim claiming privacy violation or damages should also preserve evidence of unauthorized use, harm, and the lender’s actions.

114. Importance of Written Communication

Use written communication whenever possible.

Written records:

  • prove dispute;
  • show denial of liability;
  • trigger investigation;
  • support privacy complaints;
  • stop claims of implied consent;
  • preserve timelines;
  • support damages.

Avoid purely verbal conversations with collectors.

115. Timeline of Action

A practical timeline may be:

Day 1 to 3

  • preserve evidence;
  • deny liability in writing;
  • request documents;
  • block abusive collectors only after saving evidence;
  • secure accounts and IDs.

Within 1 Week

  • send formal dispute;
  • file police or cybercrime report if fraud is apparent;
  • notify bank, e-wallet, telco, employer if involved;
  • ask for collection suspension.

Within 2 to 4 Weeks

  • follow up with lender;
  • file regulatory or privacy complaint if unresolved;
  • check credit records;
  • prepare affidavit.

After Continued Harassment or Refusal

  • escalate to regulator;
  • file criminal complaint if warranted;
  • consider civil remedies;
  • seek legal assistance.

116. Remedies Against Continued Processing

If the lender continues using your data after notice, request:

  • restriction of processing;
  • deletion where lawful;
  • correction of records;
  • suspension of collection;
  • withdrawal from collectors;
  • notice to affiliates and credit entities;
  • audit of access and disclosure;
  • written certification of compliance.

117. Remedies Against Disclosure to Third Parties

If your data was disclosed to relatives, employer, friends, social media, or public pages, remedies may include:

  • takedown demand;
  • privacy complaint;
  • civil damages;
  • cyberlibel complaint if defamatory;
  • harassment complaint;
  • regulatory complaint;
  • cease and desist demand;
  • platform report.

The disclosure itself may be a separate wrong from the fraudulent loan.

118. Remedies Against False Credit Reporting

If the disputed loan was reported under your name:

  • demand correction from lender;
  • dispute with credit information entity;
  • request written confirmation;
  • ask for notification to all recipients;
  • claim damages if credit denial or harm occurred;
  • preserve loan rejection letters or proof of harm.

119. Remedies Against Falsified Documents

If documents were falsified:

  • request copies;
  • file police report;
  • file criminal complaint if evidence supports it;
  • notify the lender;
  • request internal fraud investigation;
  • demand non-liability;
  • seek correction of records;
  • preserve specimen signatures.

120. Remedies Against Harassment

For harassment:

  • save all messages and call logs;
  • send cease-and-desist notice;
  • complain to lender’s compliance office;
  • report to regulator;
  • file police or barangay complaint if threats occur;
  • block numbers after evidence is saved;
  • inform relatives and employer that the debt is disputed;
  • consider protection remedies if threats are serious.

121. Remedies Against Unauthorized App Permissions

If an app accessed contacts, photos, SMS, or files excessively:

  • revoke app permissions;
  • uninstall after preserving evidence;
  • demand deletion;
  • file privacy complaint;
  • report app to app store;
  • report to regulator;
  • notify contacts if they may be harassed.

122. Remedies Against Data Broker or Lead Generator

Some loan applications are generated through lead brokers or agents who collect personal data.

If a lead generator used your information:

  • ask the lender where the data came from;
  • demand identity of the agent or broker;
  • request deletion from marketing databases;
  • complain for unauthorized processing;
  • report spam or unsolicited loan offers.

123. If You Are Receiving Loan Offers After Misuse

Repeated loan offers may indicate that your data is circulating.

You may:

  • unsubscribe where legitimate;
  • demand source of data;
  • request deletion;
  • block spam;
  • report unsolicited messages;
  • avoid clicking links;
  • monitor for identity theft.

124. If Your National ID or Other Government ID Was Compromised

If a government ID was misused:

  • document the misuse;
  • report to the lender;
  • file police report if needed;
  • ask the issuing authority about replacement or notation if available;
  • monitor for other fraud;
  • avoid sending unwatermarked copies in the future.

Some ID numbers cannot easily be changed, so prevention and documentation are important.

125. If Your Credit Card or Bank Card Was Used

If the incident includes card details, immediately:

  • contact bank hotline;
  • block the card;
  • dispute unauthorized transactions;
  • replace card;
  • change online banking credentials;
  • file fraud report;
  • preserve transaction alerts.

This becomes both a loan fraud and payment fraud issue.

126. If Your Personal Information Was Used Overseas

If the loan provider or scammer is outside the Philippines, remedies may be harder but not impossible.

Possible steps:

  • report to the platform;
  • notify local authorities;
  • file cybercrime report;
  • complain to foreign platform or regulator where possible;
  • secure accounts;
  • request takedown;
  • document identity theft for Philippine institutions.

International enforcement may require specialized legal assistance.

127. If the Loan Is Connected to Gambling, Crypto, or Online Scams

Personal information may be used in fraudulent credit linked to gambling, crypto scams, fake investments, or online tasks.

Do not engage further with scammers. Preserve evidence and report.

If funds passed through your account, legal advice is important because of possible money laundering concerns.

128. Preventive Measures After the Incident

After resolving the immediate problem:

  • change passwords;
  • enable two-factor authentication;
  • secure email and mobile number;
  • report lost IDs;
  • watermark future ID submissions;
  • avoid sending IDs to unknown persons;
  • check credit records periodically;
  • monitor bank and e-wallet accounts;
  • revoke app permissions;
  • limit public personal data online;
  • warn family members not to use your information;
  • keep a file of the incident for future disputes.

129. What Not to Do

Do not ignore collection notices. Do not admit liability. Do not pay without understanding the consequences. Do not threaten collectors. Do not post the collector’s personal information online. Do not send more IDs to suspicious persons. Do not sign settlement or restructuring documents for a loan you dispute. Do not delete evidence before saving it. Do not rely only on phone calls. Do not assume that being a reference makes you liable. Do not panic when collectors threaten arrest.

130. Practical Checklist for Victims

Use this checklist:

  • Identify the lender or collector.
  • Determine your alleged role: borrower, co-borrower, guarantor, reference, or contact.
  • Deny liability in writing.
  • Request loan documents and proof of consent.
  • Demand suspension of collection.
  • Demand correction or deletion of unauthorized data.
  • Preserve screenshots, messages, call logs, and documents.
  • File police or cybercrime report if fraud is involved.
  • File privacy complaint if personal data was misused.
  • File regulatory complaint against abusive lenders or collectors.
  • Check credit records.
  • Notify employer, bank, e-wallet, or telco if affected.
  • Secure IDs and accounts.
  • Seek legal help for court summons, serious threats, or large amounts.

131. Practical Checklist for Lenders

A responsible lender should:

  • verify borrower identity;
  • verify co-borrower and guarantor consent separately;
  • avoid relying only on borrower-submitted contact information;
  • limit access to contacts;
  • avoid excessive app permissions;
  • provide clear privacy notices;
  • train collectors;
  • prohibit third-party shaming;
  • respond promptly to identity theft disputes;
  • suspend collection during investigation;
  • correct credit records;
  • maintain audit logs;
  • secure uploaded IDs;
  • supervise agents and collection agencies;
  • provide accessible Data Protection Officer contact details.

Failure to do these may create liability.

132. Key Legal Principles

The key principles are:

  1. Personal information cannot be freely used in a loan application without lawful basis.
  2. A person is not liable for a loan merely because their name, number, or ID appears in the application.
  3. A reference is not the same as a borrower, co-borrower, guarantor, or surety.
  4. Forged signatures and fake consent may support criminal, civil, privacy, and regulatory remedies.
  5. Lenders must reasonably verify identity and consent.
  6. Collectors must not harass, threaten, shame, or disclose debt to unauthorized third parties.
  7. Victims should dispute the loan in writing and avoid admitting liability.
  8. Unauthorized processing of personal data may be reported to the National Privacy Commission.
  9. Online identity misuse may involve cybercrime remedies.
  10. False credit records should be disputed and corrected immediately.
  11. Evidence preservation is critical.
  12. Family relationship does not automatically authorize use of another person’s identity.
  13. Payment or negotiation without protest may create ratification risks.
  14. Regulatory complaints may be filed against abusive lenders and collectors.
  15. Civil damages may be available when unauthorized use causes harm.

Conclusion

Unauthorized use of personal information in a loan application is not a minor inconvenience. It may expose the victim to collection harassment, credit damage, reputational harm, financial risk, and repeated identity theft. Philippine law provides several possible remedies, including written dispute, data privacy complaint, cybercrime or criminal complaint, regulatory complaint, credit record correction, civil action for damages, and demands to stop collection and unauthorized processing.

The most important first step is to deny liability clearly and in writing. The victim should request all loan documents, demand proof of consent, preserve evidence, and require the lender or collector to stop using and disclosing the disputed personal information. If the lender fails to act or if collectors continue harassment, the matter may be escalated to the proper authorities.

A person’s name, ID, signature, photo, contact number, and financial details are not tools that others may freely use to obtain credit. In the Philippine legal context, consent, lawful basis, verification, fairness, and accountability are central. When those are ignored, the victim has remedies.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login