Reporting Scam Lending Apps to SEC or BSP

Online lending has become common in the Philippines because it offers fast approval, minimal documents, and immediate cash disbursement. But the same convenience has also led to abusive and illegal lending practices. Many borrowers have experienced harassment, public shaming, threats, unauthorized access to contacts and photos, inflated charges, hidden fees, identity misuse, and collection tactics that border on extortion.

In the Philippine context, reporting a scam lending app depends on the nature of the lender and the violation. The main agencies usually involved are the Securities and Exchange Commission (SEC) and the Bangko Sentral ng Pilipinas (BSP). Other agencies may also become relevant, such as the National Privacy Commission (NPC), Department of Information and Communications Technology Cybercrime Investigation and Coordinating Center, Philippine National Police Anti-Cybercrime Group, National Bureau of Investigation Cybercrime Division, Department of Trade and Industry, and the courts.

The key is knowing where to report, what evidence to preserve, what violations may have been committed, and what remedies are realistically available.

I. What Is a Scam Lending App?

A “scam lending app” is not a single legal category. It may refer to different types of illegal or abusive online lending operations, such as:

  1. An app lending money without authority to operate;
  2. A registered company using abusive collection methods;
  3. A lending app pretending to be registered with the SEC or BSP;
  4. A fake app created only to steal personal data;
  5. An app that imposes hidden, excessive, or misleading fees;
  6. An app that gives a smaller amount than advertised but collects the full stated principal;
  7. An app that threatens borrowers, relatives, employers, or contact lists;
  8. An app that accesses phone contacts, photos, messages, social media, or location without valid consent;
  9. An app that impersonates government agencies, lawyers, police, prosecutors, or courts;
  10. An app that blackmails borrowers by threatening to post edited photos, private information, or false accusations online.

Not every problematic lending app is fake. Some may be registered companies but still violate lending, financing, consumer protection, data privacy, cybercrime, or criminal laws. Registration is not a license to harass.

II. SEC vs. BSP: Which Agency Should Receive the Complaint?

The proper agency depends on the type of entity involved.

A. Securities and Exchange Commission

The SEC generally regulates lending companies and financing companies. Most online lending apps that are not banks, e-wallets, or BSP-supervised financial institutions usually fall under the SEC’s jurisdiction if they operate as lending or financing companies.

Report to the SEC when the app appears to be:

  • an online lending app;
  • a lending company;
  • a financing company;
  • a company offering personal loans through an app or website;
  • an app using abusive debt collection practices;
  • a lender claiming to be SEC-registered;
  • a lender operating without a Certificate of Authority;
  • a lender using unfair, deceptive, or abusive lending practices;
  • an online lender harassing borrowers through calls, texts, social media, or contacts.

The SEC is usually the first agency to consider for complaints involving non-bank online lending apps.

B. Bangko Sentral ng Pilipinas

The BSP generally supervises banks and BSP-supervised financial institutions.

Report to the BSP when the complaint involves:

  • banks;
  • digital banks;
  • quasi-banks;
  • credit card issuers supervised by BSP;
  • e-money issuers;
  • electronic wallet providers;
  • remittance and transfer companies;
  • pawnshops and money service businesses supervised by BSP;
  • financing or lending products offered by a BSP-supervised institution;
  • abusive collection or consumer protection issues involving a BSP-regulated financial institution.

If the lending app is connected to a bank, digital bank, e-wallet, or other BSP-supervised entity, the BSP may be the appropriate channel.

C. When both SEC and BSP may matter

Some lending arrangements involve multiple players. For example, an app may be owned by a lending company but disburse funds through an e-wallet. A complaint about abusive lending and collection may go to the SEC, while a separate issue about unauthorized e-wallet transactions may go to the BSP-supervised institution and BSP.

The borrower may file with more than one agency if different legal issues are involved.

III. Other Agencies That May Be Relevant

A. National Privacy Commission

The NPC handles complaints involving personal data misuse, such as:

  • unauthorized access to contacts;
  • collection of phonebook data without valid consent;
  • use of photos or personal information for harassment;
  • disclosure of debt to third parties;
  • posting borrower information online;
  • sending messages to relatives, employers, or friends;
  • data retention beyond what is necessary;
  • using private information to shame or threaten the borrower.

Many scam lending app complaints involve data privacy violations, so the NPC is often highly relevant.

B. PNP Anti-Cybercrime Group and NBI Cybercrime Division

Report to cybercrime authorities when there are threats, blackmail, identity theft, hacking, fake accounts, online shaming, extortion, or malicious posts.

Examples include:

  • threats to post nude or edited photos;
  • fake Facebook posts calling the borrower a scammer or criminal;
  • impersonation of lawyers, police, prosecutors, or courts;
  • hacking or unauthorized account access;
  • cyber libel;
  • online harassment;
  • phishing;
  • malware or spyware;
  • identity theft;
  • extortion through digital platforms.

C. Department of Trade and Industry

The DTI may become relevant for unfair or deceptive consumer practices, especially if the issue involves misleading advertising, hidden charges, or consumer transaction abuses. However, lending companies are more commonly handled by the SEC or BSP depending on their nature.

D. Courts and Prosecutors

If the acts amount to crimes, civil wrongs, or contractual disputes, a complaint may be brought before the prosecutor’s office or court. Administrative complaints with SEC, BSP, or NPC do not always substitute for criminal or civil actions.

IV. Common Illegal or Abusive Practices of Scam Lending Apps

A. Operating without authority

A company engaged in lending must have the proper registration and authority. It is not enough that the business name exists. A lending or financing company generally needs authority to operate as such.

A scam app may show a fake registration number, expired registration, unrelated company name, or a certificate belonging to another company.

B. Hidden interest, fees, and charges

Some apps advertise a loan amount but release a much smaller amount after deducting service fees, processing fees, platform fees, or insurance charges. Then they demand repayment based on the full amount.

Example:

  • Advertised loan: ₱5,000
  • Amount released: ₱3,200
  • Amount demanded after seven days: ₱6,000

This may be unfair, deceptive, or abusive, especially if the borrower was not clearly informed of the true cost of credit.

C. Extremely short repayment periods

Some apps offer loans payable in seven days or less, then impose large penalties when borrowers cannot pay immediately. Short-term lending is not automatically illegal, but unfair or deceptive terms may be questioned.

D. Threatening or abusive collection

Common abusive collection methods include:

  • calling repeatedly at unreasonable hours;
  • using obscene language;
  • threatening bodily harm;
  • threatening arrest;
  • pretending to be police or government agents;
  • threatening cyber libel or estafa cases without basis;
  • threatening to visit the borrower’s workplace;
  • threatening to contact the employer;
  • threatening to shame the borrower online;
  • threatening to post edited images;
  • using insults such as “scammer,” “thief,” or “criminal”;
  • sending messages to the borrower’s entire contact list.

Debt collection is allowed, but harassment is not.

E. Public shaming

Some apps shame borrowers by sending messages to contacts, posting on social media, or creating group chats with relatives and co-workers. This may violate data privacy, cybercrime, civil, and criminal laws.

F. Contact list harassment

Many lending apps require access to the phone’s contact list. Some then message the borrower’s family, friends, employer, clients, or co-workers.

This is one of the most common and serious complaints. A borrower’s debt is generally not a license to disclose private financial information to third parties.

G. Fake legal threats

Some collectors claim:

  • “You will be arrested today.”
  • “Police are on the way.”
  • “A warrant has been issued.”
  • “You are charged with estafa.”
  • “You are already on the immigration blacklist.”
  • “Your barangay clearance will be blocked.”
  • “We will send a subpoena tomorrow.”
  • “Your employer will be ordered to terminate you.”

These statements are often false or misleading. In the Philippines, nonpayment of an ordinary debt does not automatically result in imprisonment. Criminal liability may arise only if there are separate criminal acts, such as fraud, falsification, or deceit from the beginning.

H. Impersonation

Collectors sometimes pretend to be:

  • lawyers;
  • law firms;
  • police officers;
  • court sheriffs;
  • prosecutors;
  • barangay officials;
  • NBI agents;
  • SEC or BSP personnel;
  • immigration officers.

Impersonation may create separate criminal liability.

I. Unauthorized use of photos

Some apps access photos and use them for threats, memes, edited images, or public shaming. This may involve privacy violations, cybercrime, unjust vexation, grave coercion, libel, or other offenses depending on the facts.

J. Re-loaning or automatic loan renewal

Some borrowers report that an app disburses another loan without clear consent, then demands repayment again. Unauthorized disbursement or forced renewal may be reported.

K. Multiple app harassment by same operator

Some operators use several app names. Even if one app is removed, another appears. The complaint should list all app names, company names, phone numbers, bank accounts, e-wallet accounts, and collector identities involved.

V. Legal Framework

A. Lending Company Regulation

Lending companies are regulated under laws and SEC rules governing lending operations. A lending company generally must be properly registered and authorized. It must also comply with disclosure, collection, and consumer protection requirements.

Operating a lending business without proper authority may expose the persons involved to administrative and legal consequences.

B. Financing Company Regulation

Financing companies are separately regulated and must also have the proper authority. Some online loan products may be structured as financing arrangements rather than simple lending.

C. Truth in Lending

Borrowers are entitled to clear disclosure of the true cost of credit. This includes interest, fees, finance charges, penalties, and the effective cost of borrowing.

A lender should not hide the true cost of the loan through confusing charges or misleading presentation.

D. Financial Consumer Protection

Financial service providers must observe fair, reasonable, transparent, and responsible treatment of consumers. Misleading advertising, abusive collection, unfair terms, and lack of proper disclosure may violate consumer protection principles.

E. Data Privacy Act

The Data Privacy Act protects personal information. Lending apps must collect and process personal data lawfully, fairly, and only for legitimate purposes.

Important data privacy principles include:

  • transparency;
  • legitimate purpose;
  • proportionality;
  • security;
  • limited retention;
  • respect for data subject rights.

Accessing all phone contacts, messaging third parties, publicizing debt, and using personal information for harassment may violate data privacy rights.

F. Cybercrime Prevention Act

Online threats, identity theft, unauthorized access, cyber libel, and computer-related offenses may fall under cybercrime law.

G. Revised Penal Code

Depending on the conduct, collectors or operators may commit offenses such as:

  • unjust vexation;
  • grave threats;
  • light threats;
  • grave coercion;
  • slander;
  • libel;
  • alarm and scandal;
  • incriminating innocent persons;
  • usurpation of authority;
  • falsification;
  • estafa, if the app itself is fraudulent.

H. Civil Code

Victims may also consider civil remedies for damages if the acts cause injury, humiliation, anxiety, reputational harm, or financial loss.

Civil liability may arise from abuse of rights, acts contrary to morals, bad faith, unfair conduct, or violation of privacy and dignity.

VI. Is Nonpayment of an Online Loan a Crime?

As a general rule, nonpayment of debt is not by itself a crime. The Philippine Constitution prohibits imprisonment for debt.

However, a borrower may face legal consequences if there are separate wrongful acts, such as:

  • using fake identity documents;
  • falsifying employment or income documents;
  • obtaining a loan through deceit from the beginning;
  • issuing a bouncing check;
  • committing fraud;
  • misusing another person’s identity;
  • participating in a scam.

Collectors often threaten borrowers with estafa. But ordinary inability or failure to pay a loan is generally a civil or collection matter, not automatic estafa.

This distinction is important because scam apps often use fear of arrest as a collection tactic.

VII. What the SEC Can Do

When a complaint is filed with the SEC, the agency may evaluate whether the lending app or company:

  • is registered;
  • has authority to operate as a lending or financing company;
  • violates SEC rules;
  • uses abusive collection practices;
  • operates under an unregistered or revoked entity;
  • misrepresents its authority;
  • violates disclosure requirements;
  • should be investigated or sanctioned.

Possible SEC actions may include:

  • issuing advisories;
  • ordering app removal or takedown coordination;
  • imposing fines;
  • suspending or revoking authority;
  • directing the company to stop abusive practices;
  • referring matters for prosecution where appropriate;
  • coordinating with other agencies.

The SEC complaint is especially useful where the issue involves an online lending company or financing company.

VIII. What the BSP Can Do

The BSP handles complaints against BSP-supervised financial institutions. If the entity is a bank, digital bank, e-money issuer, remittance company, or other BSP-supervised institution, the BSP may:

  • require the institution to answer the complaint;
  • direct corrective action;
  • monitor compliance with consumer protection rules;
  • evaluate unfair collection or disclosure practices;
  • impose sanctions where appropriate;
  • refer matters to other agencies if outside its jurisdiction.

The BSP generally expects consumers to first contact the financial institution’s consumer assistance channel. If unresolved, the matter may be escalated to the BSP.

IX. Before Filing: Identify the Entity Behind the App

A strong complaint should identify who is behind the app. Many scam lending apps use confusing names.

Try to gather:

  1. App name;
  2. Developer name in the app store;
  3. Company name appearing in the app;
  4. SEC registration number, if shown;
  5. Certificate of Authority number, if shown;
  6. Business address;
  7. Website;
  8. Email address;
  9. Hotline or phone numbers;
  10. Collector numbers;
  11. E-wallet, bank, or payment account names;
  12. Names used by collectors;
  13. Screenshots of app permissions;
  14. Screenshots of loan terms;
  15. Privacy policy;
  16. Terms and conditions;
  17. Loan agreement;
  18. Payment instructions;
  19. Collection messages.

If the app uses multiple names, include all names.

X. Evidence to Preserve

Evidence is critical. Do not rely only on memory.

Preserve:

  • screenshots of the app page;
  • screenshots of the app profile from the app store;
  • screenshots of app permissions requested;
  • screenshots of the loan offer;
  • screenshots of the amount approved;
  • screenshots of the amount actually received;
  • loan agreement;
  • disclosure statement;
  • repayment schedule;
  • proof of disbursement;
  • proof of payments;
  • bank or e-wallet receipts;
  • text messages;
  • call logs;
  • voicemail recordings, if lawfully obtained;
  • chat messages;
  • emails;
  • social media posts;
  • group chats created by collectors;
  • messages sent to contacts;
  • statements from relatives or co-workers contacted;
  • names and numbers of collectors;
  • threats or abusive language;
  • fake legal notices;
  • demand letters;
  • edited photos or defamatory posts;
  • evidence of unauthorized re-loaning;
  • evidence that the app accessed contacts or photos;
  • dates and times of harassment.

For each screenshot, try to include:

  • date;
  • time;
  • phone number or account name;
  • full message thread;
  • app name;
  • URL or profile link where available.

Back up the evidence in more than one place.

XI. How to Report to the SEC

A complaint to the SEC should be clear, factual, and evidence-based.

A. Contents of the complaint

The complaint should include:

  1. Complainant’s full name and contact details;
  2. Name of the lending app;
  3. Name of the company, if known;
  4. App store link or website;
  5. Loan account number, if any;
  6. Amount borrowed;
  7. Amount received;
  8. Amount being collected;
  9. Interest, fees, and penalties charged;
  10. Dates of loan, disbursement, due date, and collection;
  11. Description of abusive practices;
  12. Names and contact numbers of collectors;
  13. Payment accounts used by the lender;
  14. Evidence attached;
  15. Specific request for investigation and appropriate action.

B. Issues to emphasize

For SEC complaints, emphasize:

  • lack of authority to operate, if suspected;
  • misleading loan terms;
  • abusive collection practices;
  • harassment;
  • public shaming;
  • false legal threats;
  • unauthorized contact with third parties;
  • excessive or hidden charges;
  • use of multiple app names;
  • failure to provide proper disclosure.

C. Attachments

Attach organized evidence. Label each file clearly, for example:

  • “Annex A – App Store Page”
  • “Annex B – Loan Disclosure”
  • “Annex C – Disbursement Receipt”
  • “Annex D – Collection Threats”
  • “Annex E – Messages to Contacts”
  • “Annex F – Payment Receipts”

A complaint that is organized is easier to act on.

XII. How to Report to the BSP

Report to the BSP when the entity is BSP-supervised or the issue involves a BSP-regulated financial institution.

A. First contact the institution

For banks, e-wallets, and other BSP-supervised entities, it is usually best to first file a complaint with the institution’s customer assistance channel. Keep the reference number.

B. Escalate to the BSP

If the institution does not respond properly, refuses to act, or the issue remains unresolved, escalate to the BSP.

C. Contents of the BSP complaint

Include:

  • name of the bank, e-wallet, or financial institution;
  • account number or reference number, if safe and necessary;
  • transaction dates;
  • complaint reference number from the institution;
  • description of the issue;
  • amount involved;
  • evidence of unauthorized or abusive conduct;
  • desired resolution.

D. If the lending app used an e-wallet

If the lending app merely used an e-wallet as a payment channel, the main lending complaint may still belong with the SEC. But the e-wallet provider may need to be informed if its platform is being used for fraud, harassment, or suspicious transactions.

XIII. Reporting to the National Privacy Commission

If the lending app accessed or misused personal data, file or consider filing a complaint with the NPC.

A. Common privacy violations

Examples include:

  • accessing contacts without valid consent;
  • using contacts for collection;
  • texting relatives or employers about the debt;
  • posting the borrower’s information online;
  • using borrower photos;
  • retaining personal data after loan closure;
  • sharing information with unknown collectors;
  • exposing personal data in group chats;
  • requiring excessive permissions unrelated to lending.

B. Evidence for NPC complaint

Attach:

  • screenshots of app permissions;
  • privacy policy;
  • consent screen;
  • messages sent to third parties;
  • statements from contacted persons;
  • screenshots of public posts;
  • evidence of unauthorized data use;
  • loan agreement showing data clauses;
  • messages from collectors admitting they accessed contacts.

C. Why NPC complaints matter

Even if the borrower owes money, the lender must still process personal data lawfully. A debt does not justify public shaming or uncontrolled disclosure of personal information.

XIV. Reporting to Cybercrime Authorities

Report to the PNP Anti-Cybercrime Group or NBI Cybercrime Division if there are criminal cyber elements.

A. Examples of cybercrime-related acts

  • online threats;
  • extortion;
  • blackmail;
  • identity theft;
  • fake accounts;
  • hacking;
  • malicious posting;
  • cyber libel;
  • unauthorized access;
  • phishing;
  • spyware;
  • use of edited photos;
  • impersonation through digital platforms.

B. What to bring

Prepare:

  • printed screenshots;
  • digital copies;
  • phone used to receive messages;
  • SIM details;
  • URLs;
  • usernames;
  • phone numbers;
  • payment account details;
  • timeline of events;
  • witness information;
  • IDs.

Cybercrime cases are evidence-sensitive. Do not delete messages, uninstall the app before documenting it, or lose access to the phone if the evidence is stored there.

XV. Can the Borrower Stop Paying?

This is a delicate issue.

A borrower’s complaint against a scam lending app does not automatically erase a valid debt. If the loan was actually received, there may still be a civil obligation to pay the legitimate principal and lawful charges.

However, the borrower may dispute:

  • illegal charges;
  • hidden fees;
  • usurious or unconscionable charges;
  • penalties not disclosed;
  • unauthorized loans;
  • amounts never received;
  • fraudulent account balances;
  • duplicate charges;
  • harassment-based collection costs.

The safer approach is to separate two issues:

  1. Debt validity and correct amount;
  2. Illegal or abusive collection practices.

Even if money is owed, the lender cannot harass, shame, threaten, or misuse personal data.

XVI. What to Do When Harassment Starts

A. Do not panic

Collectors often rely on fear. Many threats of immediate arrest, court filing, police action, or public posting are meant to pressure payment.

B. Stop giving unnecessary personal information

Do not send more IDs, photos, passwords, OTPs, contact lists, employment documents, or private information unless legally necessary and verified.

C. Revoke app permissions

If safe and after preserving evidence, revoke permissions such as contacts, camera, photos, location, microphone, and storage.

D. Preserve evidence before uninstalling

Before uninstalling, capture:

  • loan details;
  • app name;
  • payment instructions;
  • privacy policy;
  • collector messages;
  • permissions;
  • transaction records.

E. Notify contacts

If contacts are being harassed, tell them not to engage and to preserve screenshots. They may also be victims of privacy violations.

F. Send a written demand to stop harassment

A borrower may send a message stating that:

  • they dispute abusive collection practices;
  • they demand that collectors stop contacting third parties;
  • they request a written statement of account;
  • they will communicate only through proper official channels;
  • they reserve the right to file complaints with SEC, BSP, NPC, and law enforcement.

Keep the message professional and non-threatening.

XVII. Sample Complaint Structure

A complaint may be written as follows:

Subject: Complaint Against [App Name / Company Name] for Abusive Online Lending and Collection Practices

Complainant: Name: Address: Mobile Number: Email:

Respondent: App Name: Company Name, if known: App Store Link / Website: Collector Numbers: Payment Account Names / Numbers:

Facts: State when the loan was applied for, how much was advertised, how much was received, what charges were imposed, when collection started, and what abusive acts occurred.

Violations: Mention unauthorized lending, misleading charges, abusive collection, harassment, false legal threats, disclosure to third parties, unauthorized access or misuse of personal data, or other relevant acts.

Evidence: List attached screenshots, receipts, messages, app permissions, loan terms, payment records, and witness statements.

Request: Request investigation, appropriate sanctions, order to stop abusive collection, correction of account records, protection of personal data, and referral to proper authorities if warranted.

XVIII. Sample Message to Collector

A borrower may send a calm written response such as:

I am requesting a complete written statement of account showing the principal, interest, fees, penalties, payments, and legal basis for the amount you are collecting.

I also demand that you stop contacting my relatives, friends, employer, and other third parties regarding this alleged debt. I do not consent to the disclosure of my personal information or loan details to unauthorized persons.

All communications should be sent only through official channels. I am preserving your messages and will file complaints with the proper government agencies for harassment, unauthorized disclosure, and abusive collection practices.

Avoid insults, threats, or admissions that may be misused.

XIX. What If the Collector Contacts Your Employer?

A collector should not casually disclose a borrower’s debt to an employer. If this happens:

  1. Save screenshots or recordings where lawful;
  2. Ask the employer or HR to preserve the message;
  3. Request the sender’s number, name, and message details;
  4. Include the incident in SEC and NPC complaints;
  5. Consider cybercrime or civil remedies if reputational harm occurs.

If the collector falsely accuses the borrower of being a criminal, scammer, or thief, there may be additional remedies.

XX. What If the Collector Contacts Relatives and Friends?

Relatives and friends should:

  • avoid arguing with collectors;
  • take screenshots;
  • save phone numbers;
  • avoid confirming personal information;
  • block abusive numbers after preserving evidence;
  • provide copies to the borrower for complaints.

The borrower should include these third-party messages in the complaint because they show unauthorized disclosure and harassment.

XXI. What If the App Posts Your Photo or Name Online?

If the app or collector posts defamatory or humiliating content:

  1. Screenshot the post with URL, date, and account name;
  2. Ask trusted persons to screenshot from their own accounts;
  3. Do not engage publicly;
  4. Report the post to the platform;
  5. File complaints with SEC and NPC;
  6. Consider PNP or NBI cybercrime complaint;
  7. Consult counsel regarding cyber libel, damages, or protective remedies.

Do not retaliate by posting the collector’s private details online. That may create separate legal problems.

XXII. What If the App Threatens Arrest?

For ordinary unpaid debt, immediate arrest is generally not how the process works. A person is not arrested merely because a collector sends a text claiming a case has been filed.

A valid criminal case requires proper complaint, investigation or court process, and legal procedure. Warrants are issued by courts, not by private collectors.

If collectors claim to be police, prosecutors, courts, or government officers, preserve the messages. That may be impersonation or a deceptive collection tactic.

XXIII. What If the App Claims It Will File Estafa?

A lender may threaten estafa, but not every unpaid loan is estafa. Estafa generally requires deceit, fraud, or abuse of confidence. Mere failure to pay due to inability, financial hardship, or dispute over charges is not automatically estafa.

However, borrowers should not use fake documents or identities. If a loan was obtained through falsified information, the situation becomes more serious.

XXIV. What If the App Is Not Registered?

If the app is not registered or has no authority, report it to the SEC and include evidence of its operation. But lack of registration does not always mean the borrower may automatically keep money without consequence. It may affect enforceability, regulatory sanctions, and legality of charges, but the facts should be reviewed carefully.

XXV. What If the App Is Registered?

A registered lender can still violate the law. Registration only shows legal existence or authority; it does not allow:

  • harassment;
  • threats;
  • shaming;
  • unauthorized data use;
  • hidden charges;
  • false legal claims;
  • unfair collection;
  • abusive interest and penalties;
  • contacting third parties without valid basis.

Report the specific misconduct.

XXVI. What If the App Was Removed from the App Store?

App removal does not automatically resolve the complaint. Preserve evidence and continue reporting if harassment continues.

Include:

  • previous app link;
  • screenshots before removal;
  • app name;
  • developer name;
  • collector numbers;
  • payment accounts;
  • company name;
  • messages after removal.

Scam operators may relaunch under another app name.

XXVII. What If the Borrower Already Paid More Than the Principal?

The borrower may request a statement of account and dispute excessive charges. If payments exceed the legitimate obligation, the borrower may raise the issue in a complaint or legal action.

Evidence should include:

  • amount received;
  • all payment receipts;
  • amount demanded;
  • computation from the app;
  • screenshots of fees and penalties;
  • proof of repeated collection despite payment.

XXVIII. Can a Borrower Demand Deletion of Personal Data?

A borrower may assert data subject rights under privacy law, including access, correction, objection, and erasure or blocking in proper cases.

However, deletion may not be absolute if the lender has a lawful basis to retain records for legitimate legal, regulatory, or accounting purposes. Still, the lender should not retain or use data for harassment, shaming, or unauthorized disclosure.

A borrower may demand that the lender stop using contacts, photos, and unrelated personal data.

XXIX. Responsibilities of Borrowers

Borrowers should also act responsibly.

They should:

  • borrow only from legitimate providers;
  • read loan terms;
  • check the amount actually received;
  • avoid using fake information;
  • pay legitimate obligations when able;
  • communicate in writing;
  • avoid abusive replies;
  • avoid public accusations without evidence;
  • preserve records;
  • report illegal conduct promptly.

Responsible borrowing does not mean tolerating abuse. It means asserting rights while avoiding conduct that creates additional legal exposure.

XXX. How to Check a Lending App Before Borrowing

Before using a lending app, check:

  1. Company name, not just app name;
  2. SEC registration;
  3. Certificate of Authority to operate as lending or financing company;
  4. Business address;
  5. Official website;
  6. Contact details;
  7. Privacy policy;
  8. Loan disclosure;
  9. Interest and fees;
  10. Repayment term;
  11. App permissions;
  12. Reviews mentioning harassment;
  13. Whether the app has been subject of warnings or complaints;
  14. Whether it asks for excessive permissions;
  15. Whether the lender’s name matches payment account names.

Avoid apps that require unnecessary access to contacts, photos, microphone, messages, or social media.

XXXI. Red Flags of Scam Lending Apps

Be cautious if the app:

  • has no clear company name;
  • uses only a mobile number or messaging app;
  • has no valid address;
  • has no clear loan agreement;
  • deducts large fees upfront;
  • charges daily penalties;
  • requires access to all contacts;
  • asks for passwords or OTPs;
  • threatens borrowers in reviews;
  • has many similar clone apps;
  • uses fake legal notices;
  • refuses to give a statement of account;
  • demands payment to personal e-wallet accounts;
  • changes collector numbers repeatedly;
  • offers instant loans without proper disclosure;
  • pressures the borrower to pay before explaining charges.

XXXII. Remedies Available to Victims

Depending on the facts, a victim may seek:

  • SEC investigation;
  • BSP consumer assistance;
  • NPC privacy complaint;
  • cybercrime complaint;
  • criminal complaint for threats, coercion, unjust vexation, libel, identity theft, or impersonation;
  • civil damages;
  • correction of account records;
  • cessation of abusive collection;
  • takedown of defamatory posts;
  • platform reporting;
  • blocking or deactivation of abusive accounts;
  • refund or adjustment of unlawful charges, where legally justified.

The best remedy depends on the primary harm: illegal lending, financial dispute, privacy violation, cyber harassment, or criminal threat.

XXXIII. Practical Filing Strategy

A good strategy is to organize the complaint by issue.

A. If the issue is illegal or abusive lending

File with SEC.

B. If the issue involves a bank, e-wallet, or BSP-supervised institution

File with the institution first, then BSP if unresolved.

C. If the issue is misuse of contacts, photos, or personal data

File with NPC.

D. If the issue is online threats, fake accounts, blackmail, or identity theft

File with PNP or NBI cybercrime.

E. If the issue is reputational damage or financial injury

Consult counsel regarding civil or criminal remedies.

Multiple complaints may be appropriate when the conduct crosses several legal areas.

XXXIV. Common Mistakes to Avoid

A. Deleting the app too early

Preserve evidence first.

B. Paying without asking for computation

Always ask for a statement of account.

C. Sending more IDs or selfies

Scam apps may misuse them.

D. Arguing emotionally with collectors

Collectors may screenshot and twist statements.

E. Posting accusations online

This may expose the borrower to cyber libel or privacy complaints.

F. Ignoring legitimate obligations

Even abusive collection does not automatically erase a lawful debt.

G. Using fixers

Do not pay people who claim they can erase online loans or “clear” records through government insiders.

H. Sharing OTPs or passwords

Never share OTPs, passwords, or account recovery codes.

XXXV. Rights of Borrowers

Borrowers have the right to:

  • clear disclosure of loan terms;
  • fair and respectful collection;
  • privacy of personal data;
  • protection from harassment;
  • protection from threats and coercion;
  • accurate statement of account;
  • dispute incorrect charges;
  • file complaints with regulators;
  • seek legal remedies;
  • be free from public shaming;
  • be free from false threats of arrest;
  • be protected against unauthorized data disclosure.

A borrower’s obligation to pay does not eliminate these rights.

XXXVI. Duties of Lending Companies

Lending companies should:

  • operate only with proper authority;
  • disclose true loan costs;
  • use fair collection practices;
  • train collectors;
  • protect borrower data;
  • avoid excessive app permissions;
  • avoid contacting unauthorized third parties;
  • avoid false legal threats;
  • maintain accurate accounts;
  • provide official receipts;
  • respond to complaints;
  • comply with SEC, BSP, NPC, and other applicable rules.

A lender that outsources collection remains responsible for ensuring lawful collection conduct.

XXXVII. Sample Evidence Checklist

Before filing, prepare a folder with:

  1. Valid ID of complainant;
  2. App name and screenshots;
  3. Company name and registration details, if shown;
  4. App store page;
  5. App permissions;
  6. Loan application screenshots;
  7. Loan agreement;
  8. Disclosure statement;
  9. Amount approved;
  10. Amount received;
  11. Due date;
  12. Statement of account;
  13. Payment receipts;
  14. Collection messages;
  15. Call logs;
  16. Messages sent to contacts;
  17. Screenshots of defamatory posts;
  18. Collector numbers and names;
  19. Payment account names;
  20. Timeline of events;
  21. Witness statements from contacted relatives or employer;
  22. Prior complaint reference numbers, if any.

XXXVIII. Sample Timeline Format

A timeline may look like this:

  • January 5: Downloaded app and applied for ₱5,000 loan.
  • January 5: Only ₱3,200 was credited to my e-wallet.
  • January 5: App showed repayment amount of ₱5,800 due January 12.
  • January 10: Collector began calling repeatedly.
  • January 11: Collector threatened to message my employer.
  • January 12: Collector sent messages to my mother and co-worker.
  • January 12: Collector called me a scammer and threatened online posting.
  • January 13: I requested statement of account but received no reply.
  • January 14: I filed complaint with the appropriate agency.

A clear timeline helps investigators understand the case quickly.

XXXIX. Employer and Workplace Issues

Many scam lending apps weaponize employment information. They may call HR, supervisors, or office numbers to embarrass the borrower.

If this happens, the borrower may:

  • inform HR that the messages are part of harassment;
  • ask HR to preserve evidence;
  • request that workplace personnel not disclose employee information;
  • include the employer contact incident in complaints;
  • consider legal action if the collector caused reputational or employment harm.

Employers should be cautious about acting against an employee merely because of collector calls. Debt issues are generally private unless they directly affect work, involve fraud, or violate company policy.

XL. Family and Household Issues

Collectors often pressure family members. Relatives should know that they are generally not liable for the borrower’s personal loan unless they signed as co-maker, guarantor, or surety.

A collector cannot force relatives to pay merely because their number appears in the borrower’s contact list.

If relatives are harassed, their evidence may support the borrower’s complaint.

XLI. When the Borrower Used Another Person’s Phone or Contact List

If a borrower used another person’s phone to install the app, the app may access that person’s contacts. This can create serious privacy consequences. The phone owner may also complain if their data was accessed or misused without proper authority.

Borrowers should avoid installing lending apps on phones that contain other people’s private contacts or business information.

XLII. What If the App Uses Foreign Numbers or Foreign Operators?

Some scam lending operations may use foreign numbers, offshore servers, or foreign-controlled entities. This complicates enforcement, but complaints are still useful because Philippine agencies may act against local operators, payment channels, local agents, registered companies, app availability, and domestic collection activity.

Include all local payment accounts and Philippine phone numbers because these may help trace the operation.

XLIII. What If the App Uses a Registered Company but Different App Names?

List all app names. Many operators run multiple apps under one company or use shell names.

The complaint should say:

  • the app name used by the borrower;
  • the company name shown in the app;
  • other app names mentioned by collectors;
  • payment account names;
  • whether the same collectors contacted the borrower for different apps.

This helps regulators identify patterns.

XLIV. What If the App Gives No Contract?

Failure to provide a clear contract or disclosure is a serious red flag. The borrower should screenshot the absence of disclosure where possible and demand a written statement of account.

The complaint should state that the borrower was not given a proper loan agreement, disclosure statement, computation, or official receipt.

XLV. What If the App Changes the Amount Due Daily?

The borrower should screenshot the balance daily and compare it with the original disclosure. Sudden unexplained increases may support a complaint for unfair, deceptive, or abusive charges.

Ask for:

  • principal;
  • interest;
  • processing fee;
  • service fee;
  • penalty;
  • collection fee;
  • total payments;
  • remaining balance;
  • legal basis of each charge.

XLVI. Should the Borrower Go to the Barangay?

Barangay assistance may help if the collector or local agent is known and located in the same area. But many online lending cases involve companies, cyber harassment, privacy violations, and regulators. Barangay proceedings may not be enough.

For threats, privacy violations, and online harassment, SEC, NPC, cybercrime authorities, or counsel may be more appropriate.

XLVII. Can the App Be Removed from Google Play or Apple App Store?

A borrower may report the app to the app platform for abusive practices, privacy violations, impersonation, or fraud. Platform reports can help reduce further victims.

However, app store removal does not replace complaints with Philippine authorities.

XLVIII. Can a Complaint Be Filed Anonymously?

Some agencies may receive tips or reports, but formal complaints usually require identification and evidence. Anonymous reports may be less effective because investigators may need to verify facts, contact the complainant, and examine evidence.

If the borrower fears retaliation, they should mention this in the complaint and request confidentiality where available.

XLIX. Can Class or Group Complaints Be Filed?

Victims may coordinate and file separate or joint complaints if they experienced similar harassment from the same app or company. Group complaints can show a pattern, but each complainant should still provide individual evidence.

A group complaint may include:

  • common app name;
  • company name;
  • similar threats;
  • similar collection numbers;
  • similar payment accounts;
  • individual loan details;
  • individual screenshots.

L. Liability of Collection Agencies

If the lender uses third-party collectors, both the collector and the lender may face consequences depending on their roles.

A lender cannot always escape liability by saying the harassment was done by an outsourced collection agency. If the collector acted on the lender’s behalf, the lender may still be accountable under regulatory, privacy, civil, or contractual principles.

LI. Liability of App Developers and Operators

The app developer, platform operator, company officers, agents, and beneficial owners may be investigated depending on the facts. If the app is only a front for illegal lending, regulators may look beyond the app name.

Evidence such as payment accounts, company names, privacy policies, collector numbers, and app developer identities may help identify responsible persons.

LII. How to Write an Effective Complaint

An effective complaint is:

  • factual, not emotional;
  • chronological;
  • supported by evidence;
  • specific about dates and amounts;
  • clear about the agency’s jurisdiction;
  • organized with annexes;
  • concise but complete;
  • focused on violations.

Avoid vague statements like “they are scammers” without details. Instead write:

“On March 3 at 8:12 p.m., collector number 09xx sent a message to my employer stating that I am a scammer and demanding that my employer force me to pay. A screenshot is attached as Annex D.”

Specific facts are more powerful than conclusions.

LIII. What Relief Should Be Requested?

Depending on the agency, the complainant may request:

  • investigation of the app and company;
  • verification of authority to operate;
  • order to stop abusive collection;
  • sanction for unfair collection practices;
  • correction of loan balance;
  • deletion or blocking of unlawfully processed data;
  • cessation of contact with third parties;
  • takedown of defamatory posts;
  • referral for criminal investigation;
  • written explanation from the lender;
  • refund or adjustment where appropriate.

LIV. Possible Defenses of the Lending App

A lending app may claim:

  • the borrower consented to data access;
  • the borrower agreed to the fees;
  • the messages were sent by independent collectors;
  • the borrower gave contact references;
  • the borrower committed fraud;
  • the screenshots are fake;
  • the collector was unauthorized;
  • the company is registered;
  • the borrower is merely avoiding payment.

The borrower should be ready to respond with evidence. Consent to data processing must still comply with law. Registration does not excuse harassment. A debt does not justify public shaming.

LV. Practical Outcome Expectations

Filing a complaint may result in investigation, sanctions, or corrective action, but it may not instantly stop all harassment. Some illegal operators change numbers or app names.

The borrower should combine several steps:

  1. Preserve evidence;
  2. Report to the proper agency;
  3. Block abusive numbers after documenting them;
  4. Warn contacts;
  5. Revoke app permissions;
  6. Secure accounts and passwords;
  7. File cybercrime or privacy complaints if needed;
  8. Seek legal advice for serious threats or reputational harm.

LVI. Data Security Steps After Using a Scam Lending App

After preserving evidence, consider:

  • revoking app permissions;
  • uninstalling the app;
  • changing passwords;
  • enabling two-factor authentication;
  • checking e-wallet and bank activity;
  • replacing compromised SIM if necessary;
  • warning contacts about possible harassment;
  • checking for fake accounts using your name or photo;
  • scanning the device for suspicious apps;
  • avoiding reinstallation;
  • not clicking links from collectors.

If the app asked for ID photos, selfies, or documents, monitor for identity theft.

LVII. Special Concern: Borrowers in Financial Distress

Many victims use multiple lending apps to pay older lending apps, creating a debt spiral. This can become unmanageable.

A borrower should avoid borrowing from one abusive app to pay another. Instead:

  • list all loans;
  • identify legitimate lenders;
  • request statements of account;
  • prioritize lawful obligations;
  • negotiate in writing where possible;
  • stop sharing new personal data;
  • seek help from trusted family or counsel;
  • report abusive apps.

Debt stress is real, but panic borrowing usually worsens the situation.

LVIII. Difference Between Legitimate Collection and Harassment

A lender may:

  • remind the borrower of due dates;
  • send demand letters;
  • call at reasonable times;
  • provide statement of account;
  • offer restructuring;
  • file a lawful civil case;
  • refer the account to a legitimate collection agency.

A lender may not:

  • threaten arrest without basis;
  • disclose debt to unrelated third parties;
  • insult or degrade the borrower;
  • use obscene language;
  • publish personal information;
  • threaten violence;
  • impersonate officials;
  • use fake subpoenas or warrants;
  • access private data unlawfully;
  • contact the entire phonebook;
  • shame the borrower online.

LIX. What If You Are Not the Borrower but You Are Being Harassed?

A person who is not the borrower may still complain if they are being contacted, threatened, or sent private debt information.

They should:

  • preserve messages;
  • tell the collector to stop contacting them;
  • avoid paying unless legally obligated;
  • ask how the collector obtained their number;
  • report to the NPC if their personal data was misused;
  • provide evidence to the borrower for SEC or cybercrime complaints;
  • block the number after preserving proof.

Being listed in someone’s contacts does not automatically make a person liable for that person’s debt.

LX. Conclusion

Reporting scam lending apps in the Philippines requires identifying the correct agency and matching the complaint to the violation.

The SEC is usually the primary agency for complaints against online lending apps, lending companies, and financing companies, especially those involving lack of authority, abusive collection, misleading charges, and unfair lending practices.

The BSP is the proper agency when the complaint involves banks, digital banks, e-wallets, remittance companies, or other BSP-supervised financial institutions.

The National Privacy Commission is crucial when the app misuses contacts, photos, personal information, or discloses debt to third parties.

The PNP Anti-Cybercrime Group or NBI Cybercrime Division should be considered when there are threats, blackmail, identity theft, fake accounts, hacking, cyber libel, or online extortion.

The borrower should remember the core principles:

  • Nonpayment of an ordinary debt is generally not a crime by itself.
  • A lender may collect, but it may not harass.
  • A borrower’s debt does not justify public shaming.
  • Consent to app permissions does not allow unlimited misuse of personal data.
  • Registration does not excuse abusive conduct.
  • Evidence should be preserved before uninstalling or blocking.
  • Complaints should be factual, organized, and supported by screenshots, receipts, messages, and timelines.

The best approach is to document everything, identify the proper agency, file a clear complaint, protect personal data, and seek legal help if the threats, harassment, or financial harm are serious.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login