Unauthorized Credit Card Transaction Dispute Philippines

A complete, practitioner-grade guide to preventing, reporting, disputing, and resolving unauthorized credit card transactions under Philippine law and card-network rules.

I. Legal & Regulatory Foundations

  • Access Devices Regulation Act (ADRA, R.A. 8484). Criminalizes fraud involving credit cards and other access devices (e.g., skimming, counterfeit cards, account takeover, stolen cards, phishing).
  • Financial Products and Services Consumer Protection Act (R.A. 11765). Establishes financial consumer rights (right to disclosure, protection of data, equitable and honest treatment, and effective redress) and requires banks and credit card issuers to maintain complaints-handling units, fair dispute processes, and internal controls.
  • Data Privacy Act (R.A. 10173). Requires lawful processing and protection of personal data (including card and identity data). Data breaches must be managed and, when applicable, notified to the National Privacy Commission (NPC) and affected consumers.
  • Cybercrime Prevention Act (R.A. 10175). Criminalizes computer-related fraud and identity theft; often used against phishing syndicates and account-takeover actors.
  • Truth in Lending Act (R.A. 3765) & card disclosure rules. Require clear disclosure of fees/interest and dispute procedures; relevant when disputing finance charges that stem from fraudulent postings.
  • BSP supervisory framework. Banks and credit-card issuers (and their acquirers) are subject to Bangko Sentral requirements on consumer assistance, fraud risk management, strong customer authentication (e.g., OTP/3-D Secure), and timely complaint resolution.

Key principle: Issuers must maintain effective controls and cannot shift loss to consumers where the transaction is unauthorized and the consumer was not negligent.

II. What Counts as an “Unauthorized Transaction”?

A transaction is unauthorized when it is posted without the cardholder’s consent and outside the scope of any authority given to a merchant or third party. Common scenarios:

  1. Card-Not-Present (CNP) fraud: Phishing/SMShing, malware, hacked merchant account, credential stuffing; typically uses stolen PAN+CVV/OTP interception.
  2. Card-present counterfeit/skimming: Magstripe skimming, shimmers on chip terminals, fallback to magstripe.
  3. Lost or stolen card usage.
  4. Account takeover: Fraudster changes contact details, adds devices, or enrolls in e-wallets/billers.
  5. Merchant error or rogue merchant: Duplicate charges, altered amounts, non-delivery after charge.
  6. “Friendly fraud” (cardholder denial). Treated differently: issuer/merchant will test for benefit/receipt; still disputable if truly unauthorized.

Not unauthorized: Charges by authorized supplemental cardholders acting within granted authority; subscription renewals not cancelled; cash advance fees after PIN disclosure; or transactions where strong evidence shows cardholder consent/benefit.

III. Immediate Steps for Consumers

  1. Freeze the risk.

    • Call the issuer’s 24/7 hotline immediately; request card blocking and account hold; ask for a replacement card with a new PAN.
    • Change your online banking password, email password, and SIM/e-wallet credentials.

  2. Record everything.

    • Note times, hotline reference numbers, and agent names.
    • Keep screenshots of SMS/email alerts, OTP prompts you did not initiate, and transaction notifications.

  3. File a formal dispute.

    • Submit the Dispute Form (issuer’s template), Affidavit of Fraud/Dispute, and ID.
    • Attach proof you did not authorize or did not receive goods/services (e.g., travel records, delivery logs, correspondence).

  4. Request operational protections.

    • Ask the issuer to suspend finance charges and late fees on the disputed amount, and to issue provisional credit pending investigation when applicable.

  5. Report crimes, if evident.

    • File a report with PNP-ACG or NBI-CCD (especially for phishing/account takeover). These reports strengthen bank disputes and separate criminal pursuit.

IV. The Bank/Issuer Dispute Process (What to Expect)

A. Acknowledgment & Case Opening

  • Issuers must acknowledge receipt of your complaint and provide a case/reference number.
  • You may receive a provisional credit for clear fraud (issuer policy-dependent) while they investigate or pursue a chargeback through the card network.

B. Retrieval & Chargeback Workflow (Card-Network Procedure)

  1. Retrieval request to the merchant/acquirer for supporting documents (e.g., signed slips, IP/device data, delivery proof).
  2. Chargeback initiated by the issuer for eligible reason codes (e.g., fraud—CNP, counterfeit, no cardholder authorization, non-receipt).
  3. Representment by the merchant/acquirer with rebuttal evidence.
  4. Pre-arbitration and arbitration (card-network level) if parties remain in dispute. Final decisions bind the parties; fees may apply (borne by the losing side, not the consumer).

Practical timing: Issuers typically ask cardholders to report within 20–30 days from statement date; network rules often allow up to ~120 days from posting (varies by reason code). Always report as soon as discovered.

C. Investigation & Determinations

Issuers assess:

  • Authentication evidence: 3-D Secure results, OTP logs, device fingerprinting, IP/geolocation, transaction velocity.
  • Card-present artifacts: EMV chip data, terminal logs, offline approvals, CCTV when available.
  • Benefit/receipt: Delivery confirmations, usage records, cardholder location at time of transaction.

Outcomes:

  • Accepted fraud: Permanent credit; fees/interest reversed; replacement card issued.
  • Denied dispute: Issuer provides rationale and evidence (e.g., OTP successfully entered from your registered device, signed receipt matches, delivery to your address). You may appeal internally and/or escalate externally (see §VII).

V. Allocation of Liability: Who Pays?

  • Issuer bears loss where the transaction was unauthorized and controls were inadequate, or where strong authentication failed or was bypassed.
  • Merchant/acquirer bears loss for card-present counterfeit (where EMV liability shift applies) or where the merchant failed security/authorization protocols.
  • Cardholder may bear loss when gross negligence or complicity is shown (e.g., willful sharing of OTP/PIN, selling card credentials, repeated disregard of security advisories), or where evidence proves actual authorization/benefit.

Zero-liability policies (network/issuer) reinforce consumer protection for genuine fraud, but typically exclude negligence and disputed quality of goods cases.

VI. Evidence Strategy for Consumers

  • Identity & presence: Passport stamps/boarding passes/work logs proving you were elsewhere; proof of card possession at the time of charge.
  • Communications: SMS/email screenshots showing suspicious OTP requests, spoofed sender IDs, SIM-swaps, or links to fake pages.
  • Delivery & usage: Courier tracking showing delivery to unknown address; merchant confirmations that don’t match your device/IP.
  • Technical: If available, bank device logs (request disclosure), IP locations, and app access logs; merchant invoices/receipts with mismatched signatures.
  • Affidavits: Sworn statements detailing discovery, timelines, and non-authorization; police/NBI report numbers.

VII. Escalation Pathways (If the Issuer’s Decision Is Unfair)

  1. Internal appeal with the issuer: submit a point-by-point rebuttal addressing the evidence they relied on.
  2. Bangko Sentral ng Pilipinas (BSP) complaint: Elevate the case when internal resolution is unsatisfactory or delayed. Provide complete documentation (dispute form, timeline, evidence, issuer decision).
  3. National Privacy Commission (NPC): If your personal data was mishandled or a breach occurred without proper notice/remediation.
  4. Criminal complaints: Under R.A. 8484 (access-device fraud), R.A. 10175 (computer-related offenses), and related laws (e.g., estafa) against perpetrators.
  5. Civil action / Small Claims: If you suffered monetary loss, consequential damages, or wrongful negative reporting and cannot obtain redress administratively. Small Claims Courts can handle money claims up to ₱1,000,000 (no lawyers required); defamation/credit reporting injuries may require regular civil suits.

VIII. Finance Charges, Credit Reporting, & Statement Treatment

  • While a dispute is active, request suspension of interest, late fees, and collections on the disputed amount.
  • Minimum payment: Clarify with your issuer whether to exclude the disputed amount when computing the minimum due to avoid delinquency flags.
  • Credit bureau reporting: Demand correction if negative information was reported due to a fraudulent transaction; request a consumer statement on your report while the dispute is pending.

IX. Special Situations & Edge Cases

  • Dynamic Currency Conversion (DCC): Dispute if you were charged in a foreign currency without consent or at abusive rates; argue lack of disclosure/choice.
  • Offline/contactless transactions: Some terminals approve small amounts offline; still disputable if unauthorized. Liability often follows the EMV/contactless rules.
  • Recurring/subscription charges: If you cancelled but were still billed, dispute as “cancelled recurring” with proof of cancellation.
  • E-wallet top-ups/billers: Treat as unauthorized if fraudulently initiated; issuers can chargeback to the acquiring side with network reason codes.
  • SIM-swap/OTP interception: Include telco incident tickets; ask telco for logs and consider SIM change or number port-freeze.

X. Merchant & Acquirer Responsibilities (For Businesses)

  • Strong authentication and 3-D Secure enrollment for CNP.
  • EMV terminals and anti-skimming controls for card-present.
  • Fraud monitoring: Velocity checks, device/IP risk scoring, blacklist management.
  • Clear evidence packs for representments: delivery proof, signed receipts, device/IP data, customer communications.
  • Data protection: PCI DSS-aligned controls; breach playbooks; timely consumer notice.

Failure to maintain these can shift chargeback liability and lead to acquirer penalties or account termination.

XI. Practical Timelines (Consumer-Friendly View)

  • Immediately (Day 0): Block card, lodge dispute, compile evidence.
  • Within a few days: Written acknowledgment and case ID from issuer; possible provisional credit.
  • ~30–45 days (typical window): Substantive findings or updates; complex cases may take longer due to network arbitration cycles.
  • Within statement cycle(s): Reversals of principal, fees, and interest if dispute is resolved in your favor; if not, proceed to BSP escalation and/or legal action.

(Issuers’ and networks’ exact clocks vary by reason code and contract—always act fast.)

XII. Templates

A. Consumer Dispute & Suspension Request (Short Form)

Subject: Unauthorized Credit Card Transaction Dispute – [Last 4 digits / Case No.] Dear [Issuer Disputes Unit], I dispute the following transaction(s) as unauthorized: [date/merchant/amount]. I did not give consent, receive goods/services, or benefit from these charges. Attached are my Affidavit of Fraud, valid ID, and supporting evidence (screenshots, delivery records, travel logs). Please (1) block/replace my card, (2) suspend finance charges/late fees/collections on the disputed amount, and (3) initiate chargeback as applicable. Kindly confirm case number and provide updates within your prescribed timelines. Sincerely, [Name | Address | Mobile | Email | Signature]

B. Affidavit of Fraud (Key Points to Include)

  • Identity, card number (masked), issuer, and account details
  • Exact timeline of discovery and reporting (dates/times)
  • Statement denying authorization/benefit and confirming card/device custody
  • Description of suspected vector (if known): phishing SMS, lost card, skimming, device compromise
  • List of disputed transactions (date/merchant/amount)
  • Request for issuer to provide logs/records to support investigation
  • Undertaking to cooperate in criminal proceedings; jurat/acknowledgment

XIII. Prevention Playbook

  • Lock card in app; set per-transaction limits and geo-controls if available.
  • Enable real-time alerts for every transaction.
  • Never share OTP/PIN/CVV; assume any message asking for OTP is fraud.
  • Use separate email for banking; enable multi-factor authentication on email and mobile apps.
  • Avoid clicking links in unsolicited messages; access banks via official apps or typed URLs.
  • For online purchases, prefer merchants with 3-D Secure checkout and strong reputation.
  • Regularly review statements; dispute early.

XIV. Quick Checklist (Consumers)

  • Card blocked/replaced immediately
  • Formal dispute + affidavit filed with evidence
  • Requested fee/interest suspension and provisional credit
  • Police/NBI report (as applicable)
  • Tracked issuer timelines; obtained written decisions
  • If denied/unjust: BSP escalation, NPC (if data issues), criminal complaint, and civil/small claims if needed

XV. Key Takeaways

  1. Act fast—speed strengthens recovery and preserves chargeback rights.
  2. Document thoroughly—timeline, screenshots, receipts, and location evidence win cases.
  3. Genuine fraud generally should not be the consumer’s loss; issuers/merchants carry liability absent consumer negligence.
  4. Use regulatory escalation (BSP/NPC) and legal remedies if internal processes fail.
  5. Harden your defenses post-incident—new credentials, SIM hygiene, and transaction alerts.

This article provides general information only and is not a substitute for advice from counsel. Procedures and timelines vary by issuer and network; always follow the instructions on your card statement and dispute forms.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login