Unauthorized Credit Card Transaction Dispute Philippines

Unauthorized Credit Card Transaction Disputes in the Philippines

A practical legal guide (education-only; not a substitute for advice from your own counsel).

1) What counts as an “unauthorized” credit card transaction?

An unauthorized transaction is a charge you did not make, consent to, benefit from, or authorize someone else to make—with or without your physical card. Typical scenarios:

  • Card-not-present fraud: online/app/phone purchases using your number/OTP without your authority.
  • Skimming/clone fraud: your magstripe chip data was copied, then used.
  • Lost/stolen card use: tap/payments or POS transactions before you reported loss.
  • Account takeover: someone reset your credentials or intercepted OTPs and added cards to wallets (Apple/Google/Samsung Pay).
  • Merchant error: duplicate billing, wrong amount, or billing after cancellation/refund.
  • Subscription traps: “free trial” that becomes a recurring charge you didn’t clearly agree to.

Key distinction: fraud (no cardholder participation) vs merchant dispute (you authorized a transaction but there’s a problem with the goods/services). Both are disputable, but documentation differs.

2) Legal & regulatory backbone

  • RA 11765 — Financial Consumer Protection Act (FCPA). Sets duties on banks/issuers to have robust complaint handling, fair disclosure, and redress. Regulators (e.g., Bangko Sentral ng Pilipinas – BSP) can order restitution and impose sanctions for unfair practices or security lapses.

  • RA 10870 — Philippine Credit Card Industry Regulation Law (CCIRL). Governs credit card issuers (licensing, disclosures, billing, collection practices). Requires complaints mechanisms and responsible conduct (e.g., on chargebacks, billing errors, and collection).

  • BSP consumer protection & credit card regulations (issued under RA 7653 as amended and RA 11765). These require 24/7 loss reporting, timely dispute resolution, clear liability allocation, and fair collections. (Exact timeframes and workflows can vary by issuer/network; your card’s T&Cs and BSP rules apply.)

  • RA 10175 — Cybercrime Prevention Act & RA 8792 — E-Commerce Act. Provide criminal angles for hacking, illegal access, computer-related fraud/identity theft—useful when you escalate to law enforcement.

  • RA 10173 — Data Privacy Act. If your personal data was compromised (e.g., via a merchant/platform breach), controllers may have breach notification duties and you can complain to the National Privacy Commission (NPC).

  • Truth in Lending (RA 3765) and Civil Code principles on damages/interest. Help frame billing error corrections, interest/fee reversals, and civil claims for loss.

3) Your immediate action plan (first 24–48 hours)

  1. Secure & report, in this order:

    • Call the issuer’s 24/7 hotline (on the card/app/website). Ask to block the card, replace it, and disable tokenized wallets (Apple/Google/Samsung).
    • Freeze online channels: change app password/PIN; revoke compromised devices; enable stronger 2FA (prefer app-based/hardware keys over SMS).
    • Document everything: note date/time of your call, case/ticket number, names of officers.

  2. List the suspicious charges. Pull the latest e-statement, in-app ledger, and SMS/email alerts. Capture screenshots (with timestamps), amounts, merchant names, approval codes, and locations.

  3. File a formal dispute with the issuer (within the period in your T&Cs—commonly within 30 days from statement date; earlier is better).

    • Use the issuer’s dispute form (online branch/app/email).
    • Attach evidence (see §7).
    • Request chargeback and fee/interest reversal pending investigation.
    • Ask about provisional credit (some issuers give this while investigating).

  4. If there’s identity theft or account takeover:

    • File a police report with PNP Anti-Cybercrime Group (ACG) or NBI Cybercrime Division.
    • Keep the blotter/case number and officer details; share with your bank.

4) How liability usually gets allocated

  • Transactions after you report loss/compromise: generally issuer’s risk. You should not be liable for charges after you requested blocking.
  • Card-present fraud before report: issuers often assess whether chip & PIN/contactless security controls were bypassed and whether there was cardholder negligence (e.g., PIN on card, sharing OTP).
  • Card-not-present (online) fraud: many issuers adopt “zero-liability” policies where the cardholder did not share OTPs or act with gross negligence.
  • Account-takeover via OTP interception/SIM swap: issuers evaluate KYC, device binding, OTP trails; if you diligently protected credentials and promptly reported, you can argue no liability.
  • Merchant disputes (not fraud): you authorized the transaction but seek reversal/chargeback for non-delivery/defective goods/refund not honored—documentation of your communications with the merchant is key.

Important: Exact allocation turns on issuer T&Cs, network rules (Visa/Mastercard/JCB/Amex), and BSP consumer protection standards. Always insist on a written decision that cites those rules.

5) The dispute/chargeback lifecycle (what to expect)

  1. Acknowledgment from the issuer with a reference number and request for documents.
  2. Provisional measures: card block, reissuance, monitoring; sometimes provisional credit for clear fraud claims.
  3. Investigation by issuer/acquirer and chargeback filing (if applicable) to the card network.
  4. Merchant response: acquirer may submit evidence (e.g., AVS/3-D Secure, IP/device logs, signed charge slip, delivery proof).
  5. Representment/Arbitration (network rules): if evidence conflicts, the case may escalate.
  6. Resolution: credit posted or denial explained. Interest/fees arising from the disputed amount should be reversed if your claim is upheld.

Typical timeframes:

  • Immediate blocking: same day.
  • Document collection: days to a couple of weeks.
  • Network chargeback windows: commonly up to 120 days from posting (varies by reason code).
  • Final resolution: often 30–90 days, longer if the case goes to representment/arbitration. Issuers must keep you updated and give a clear, written outcome.

6) Parallel routes if the issuer’s decision is unsatisfactory

  • Escalate inside the bank: Consumer Assistance/Customer Experience; then the Chief Compliance Officer.

  • Regulatory complaint:

    • BSP Consumer Assistance (for bank/credit card/e-money issues)—seek restitution under the FCPA framework.
    • SEC (if issuer is under its ambit) or Insurance Commission (for cards issued via insurers—rare).

  • Law enforcement: PNP-ACG/NBI Cybercrime—especially for large losses, organized fraud, or identity theft.

  • Civil action: Claim actual, moral, exemplary damages and attorney’s fees. Consider Small Claims for purely monetary claims up to the prevailing small-claims threshold (no lawyers required).

  • NPC complaint if a data breach by a controller (merchant/platform/telco) enabled the fraud.

7) Evidence checklist (what to gather & preserve)

From you:

  • Government ID and proof of address/contact.
  • Dispute form and detailed narrative (timeline, discovery, actions taken).
  • Screenshots of SMS/email alerts, app push notifications (include timestamps/time zone).
  • Statements/ledgers showing the disputed entries; receipts for legitimate purchases around the time (to show normal patterns).
  • Telco records (for SIM-swap/OTP non-receipt): incident ticket, SIM replacement logs.
  • Any merchant correspondence (emails/chats/tickets) and delivery records.

From issuer/merchant (ask them to produce):

  • Authorization logs (AVS/CVV/3-D Secure results), IP/device fingerprints, geolocation, and time stamps.
  • Charge slips/EMV data or proof of delivery (name/signature/photo).
  • Wallet token provisioning logs (when your card was added to Apple/Google Pay).
  • Call logs and case notes on your prior contacts.

Preservation tip: Export files to PDF and .csv, and keep an indexed folder of annexes for easy submission.

8) Special scenarios & how to argue them

  • Contactless “tap” fraud after your card was lost: Emphasize time of loss report; transactions after that should be issuer risk. Ask if offline tap limits or CVM limits were exceeded without proper checks.
  • 3-D Secure “OTP entered” but not by you: Argue account takeover; request device/IP evidence. If your SMS was never received or your SIM was recently replaced without consent, that supports SIM-swap.
  • Recurring/subscription charges: Provide proof of cancellation and prior emails. Request chargeback on continued billing after cancellation reason codes.
  • Cross-border e-commerce: Stronger need for merchant communications and shipping/tracking discrepancies; ask issuer to scrutinize IP geolocation vs your travel history.
  • Charge posted after refund promise: Attach merchant’s refund commitment; ask issuer to chargeback for credit not processed.

9) Model dispute letter (you can copy-paste)

Subject: Unauthorized Transaction Dispute — [Issuer] Card ending ****[####]; Case Request To: [Issuer’s Consumer Assistance / Disputes Unit Email]

I am disputing unauthorized transactions on my credit card ending ****[####]. I did not authorize, benefit from, or receive the goods/services for the charges listed below.

Cardholder name: [Full Name] Card number (last 4): [####] Mobile/email on file: [### / name@email.com] Disputed items:

  1. [Date] – [Merchant] – [Amount] – [Reference/Approval Code if any]
  2. [Date] – [Merchant] – [Amount] – [Reference]

Facts:

  • On [date/time], I discovered these transactions via [SMS/app/statement].
  • I immediately called your hotline at [time, date] to block the card (Ref No. [####]).
  • I did not share my OTP/PIN/password with anyone. [If applicable: I suspect SIM-swap/account-takeover.]

Requests:

  • File chargebacks for the above and reverse interest/fees arising therefrom.
  • Provide written acknowledgment and keep me updated on progress.
  • Advise if you require additional documentation.

Attached are: my ID, statement extracts, screenshots, and police blotter/NBI report (if any).

Sincerely, [Name, signature, date]

10) Do’s and don’ts (to protect your rights)

Do

  • Report immediately; meet dispute deadlines (often 30 days from statement date).
  • Ask for provisional credit and fee/interest suspension while under review.
  • Keep a case log (dates, names, numbers).
  • Push for a written resolution that cites rules/reason codes.

Don’t

  • Admit fault casually (“I might have clicked a link…”)—stick to facts.
  • Share OTPs/PINs or install remote-control apps at a caller’s request (classic scam).
  • Ignore small test charges; they often precede bigger fraud.
  • Throw away the envelope: keep SIM replacement receipts and telco tickets.

11) Criminal & privacy tracks (when to add them)

  • File with PNP-ACG/NBI if there’s clear fraud, identity theft, or large losses. Bring: dispute packet, logs, telco records.
  • NPC complaint if a merchant/platform/telco breach exposed your data or if your request to access your personal data logs is ignored.
  • These do not replace your issuer dispute; they support it and can increase leverage.

12) Collections, credit reporting, and interest while a dispute is pending

  • Ask your issuer in writing to suspend collections on the disputed amount and to withhold adverse credit reporting while the case is under review.
  • If the case is decided in your favor, the interest/late fees tied to the disputed amount should be reversed. If decided against you, request a detailed evidence packet and consider regulatory escalation or civil action.

13) For businesses & corporate cards

  • Trigger your incident response plan and legal hold.
  • Coordinate with your bank’s relationship manager and fraud team; prepare employee statements and device forensics if insider misuse is suspected.
  • If personal data was involved, assess NPC breach notification duties.

14) Quick FAQs

Q: I pressed “Pay” by mistake—can I still dispute? That’s a merchant dispute, not fraud. You can still dispute for refund not processed, duplicate, or non-delivery, but success hinges on merchant evidence.

Q: Are contactless taps under ₱ limits always my liability? Not necessarily. If the card was stolen and you reported promptly, argue issuer risk for taps after your report; before report, issuers examine negligence and CVM limits.

Q: What if the merchant is abroad? Network rules still apply. Provide tracking, emails, and photos; your issuer can file cross-border chargebacks.

Q: My SIM was swapped without consent. Get a telco incident letter; it’s powerful evidence that OTP delivery was compromised beyond your control.

15) Bottom line

  • Act fast (block, document, dispute).
  • Over-document your case and insist on written, rule-based outcomes.
  • Use parallel tracks when needed: issuer dispute + regulatory complaint + law enforcement + (if applicable) privacy complaint.
  • If a decision goes against you, appeal with evidence or escalate—you have rights under FCPA/CCIRL and BSP’s consumer-protection regime.

If you want, tell me your issuer, the exact transactions/dates, and what you’ve done so far—I’ll tailor a dispute packet (cover letter + annex checklist) you can file today.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login