Unauthorized E-Wallet Account Using Your Mobile Number: What to Do

Finding out that your mobile number is already tied to an e-wallet account you did not create is alarming. It may be a simple recycled-number issue, but it can also involve identity misuse, SIM-related fraud, or a financial account being used for scams. The important thing is to act quickly, preserve evidence, and report the issue through the right channels: the e-wallet provider, your telco, the Bangko Sentral ng Pilipinas, the National Privacy Commission, and law enforcement when fraud is involved.

What an Unauthorized E-Wallet Account Using Your Mobile Number Means

In the Philippines, a mobile number is often more than a contact detail. It is commonly used as:

  • the login ID for an e-wallet;
  • the number that receives one-time passwords or OTPs;
  • part of the e-wallet provider’s Know-Your-Customer or KYC process;
  • a recovery channel when an account is locked or reset; and
  • evidence linking a person to digital financial activity.

So when an e-wallet app says your number is “already registered,” “already linked,” or “already used,” it can mean several things:

Possible situation What it may mean
The number was previously owned by someone else Some mobile numbers may be reassigned after deactivation. The prior owner may have used the number for an e-wallet.
Someone typed the wrong number A person may have mistakenly entered your number during signup.
Someone intentionally used your number This may involve identity misuse, fraud, or an attempt to receive OTPs through your SIM.
Your SIM or account was compromised This can happen in SIM swap, phishing, device theft, or account takeover scenarios.
Your identity documents were used This is more serious because the e-wallet may have been opened or verified using your name, ID, selfie, or other personal information.

Not every case is immediately criminal. But you should treat it seriously until the provider confirms what happened.

Why You Should Not Ignore It

An unauthorized e-wallet linked to your mobile number can create real problems:

  • You may be unable to create your own legitimate account.
  • OTPs or account alerts may be sent to you for transactions you did not make.
  • Your number may appear in complaints from scam victims.
  • Your identity documents may have been misused for KYC.
  • The account may be used as a “mule account” to receive or move scam proceeds.
  • You may later need to explain to a bank, e-wallet provider, police investigator, or prosecutor that you did not create or control the account.

The safest approach is to create a paper trail early. In Philippine practice, written records matter: screenshots, complaint reference numbers, email confirmations, telco reports, notarized affidavits, and police or NBI records can become important later.

Legal Basis: Your Rights and the Provider’s Obligations

E-wallets are covered by Philippine financial-account scam laws

Republic Act No. 12010, or the Anti-Financial Account Scamming Act, specifically includes an e-wallet in the definition of a financial account. It penalizes acts such as opening a financial account under a fictitious name or using another person’s identity or identification documents, and it also covers money mule activities and social engineering schemes. (Lawphil)

This matters because an unauthorized e-wallet account is not just a customer-service issue. If someone used your number, identity, or ID documents to open or control an account, the facts may fall under AFASA, the Cybercrime Prevention Act, the Access Devices Regulation Act, the Revised Penal Code, or a combination of laws.

AFASA also requires covered institutions to protect access to financial accounts using controls such as multi-factor authentication, fraud management systems, and account-owner enrollment and verification processes. BSP Memorandum No. M-2024-029 emphasized that BSP-supervised financial institutions must use adequate risk management systems and controls to protect financial accounts.

Data Privacy Act rights may apply

Your mobile number, name, ID details, selfie, address, and account information are personal data. Under Republic Act No. 10173, or the Data Privacy Act of 2012, personal information controllers must process personal data lawfully, fairly, and securely.

If your personal information was misused, improperly disclosed, inaccurately processed, or used without a lawful basis, you may file a complaint with the National Privacy Commission. The NPC states that a person whose personal information has been misused or whose data privacy rights were violated has the right to file a complaint. (National Privacy Commission)

Common privacy issues in unauthorized e-wallet cases include:

  • your mobile number being linked to someone else’s account;
  • your ID being used without consent;
  • refusal to correct inaccurate personal data;
  • failure to act on a legitimate erasure, correction, or blocking request;
  • weak KYC controls that allowed a fake or unauthorized registration; and
  • continued processing of your number after you reported the problem.

The SIM Registration Act is relevant

Republic Act No. 11934, or the SIM Registration Act, requires SIM registration as a prerequisite to activation. It was enacted to reduce anonymous use of SIMs in fraud, scams, and other illegal activity. (Lawphil)

If your SIM is registered under your name, your telco record can help show that you are the legitimate user of the number. If the SIM is not registered under your name, or if you suspect SIM swapping, unauthorized replacement, or unauthorized porting, report this to your telco immediately.

Foreign nationals should also be aware that Philippine SIM rules treat tourist SIM registration differently. Under the SIM Registration Act and its implementing rules, tourist SIMs may have temporary validity, while foreign nationals with other visa types may register under a different process. (Supreme Court E-Library)

Cybercrime and access-device laws may also apply

Republic Act No. 10175, the Cybercrime Prevention Act of 2012, may apply where there is computer-related identity theft, unauthorized access, phishing, or use of digital systems to commit fraud. In Disini v. Secretary of Justice, the Supreme Court reviewed the Cybercrime Prevention Act and upheld substantial parts of the law while striking down certain provisions. (Lawphil)

Republic Act No. 8484, the Access Devices Regulation Act of 1998, is also relevant because an “access device” includes account numbers, codes, PINs, telecommunications identifiers, or other means of account access that can be used to obtain money, services, or transfer funds. It penalizes various forms of unauthorized or fraudulent use of access devices. (Lawphil)

Depending on the facts, the Revised Penal Code may also come in, especially for:

  • estafa under Article 315, if deceit caused another person to lose money;
  • falsification under Articles 171 or 172, if documents or IDs were falsified or used falsely;
  • use of fictitious name or concealment of true name under Article 178, in appropriate cases; and
  • related fraud or conspiracy theories when several persons are involved.

Civil Code Articles 19, 20, 21, and 26 may also support civil claims where a person’s rights, dignity, privacy, or identity were wrongfully violated.

What to Do Immediately

1. Do not try to access the account casually

If the account is not yours, do not explore it, change the password, move money, or attempt to view transactions “just to check.” Even if OTPs are going to your number, entering the account may create a separate legal issue if the account belongs to another person or is under investigation.

Instead, report the problem through official channels and ask the provider to investigate.

2. Preserve evidence before anything disappears

Take screenshots and keep copies of:

  • the app screen saying your number is already registered;
  • SMS or OTP messages received from the e-wallet;
  • email or in-app support replies;
  • dates and times of login attempts;
  • transaction alerts, if any;
  • caller IDs, suspicious links, or messages;
  • your telco SIM registration confirmation, if available;
  • your valid ID used for your own verification; and
  • all complaint reference numbers.

Make a simple timeline:

  1. Date you discovered the issue.
  2. What app or provider showed the problem.
  3. What message appeared.
  4. Whether you received OTPs or transaction alerts.
  5. When you contacted the e-wallet provider.
  6. When you contacted the telco.
  7. Any response received.

This timeline is useful for BSP, NPC, NBI, PNP, and the e-wallet provider’s fraud team.

3. Secure your mobile number with your telco

Contact your telco through its official hotline, store, app, or website. Ask them to check whether:

  • your SIM is registered under your correct name;
  • there was any recent SIM replacement;
  • there was any porting request;
  • your SIM was reported lost or replaced;
  • there were suspicious account changes; and
  • your SIM is currently active and under your control.

If your phone was lost, stolen, cloned, or replaced without your consent, ask the telco to block or replace the SIM and issue a reference number. Keep a copy of any incident report.

4. Report the issue to the e-wallet provider

Use only official channels: the in-app help center, official website, official hotline, or verified email address. Avoid links sent by strangers, social media commenters, or “agents” asking for OTPs.

Your report should clearly say:

I am the current user of mobile number +63 ________. I did not create or authorize any e-wallet account using this number. When I attempted to register or verify my account, the system indicated that this number is already linked to an existing account. Please investigate, preserve relevant logs, prevent unauthorized access or transactions, and advise me on the process to unlink, deactivate, revalidate, or correct the account record.

Ask for these specific actions:

  • a complaint or ticket reference number;
  • confirmation that the account is flagged for investigation;
  • temporary restriction if there is risk of fraud;
  • revalidation of KYC information;
  • correction or unlinking of your mobile number if improperly associated;
  • preservation of account logs, device IDs, IP logs, and KYC records;
  • written confirmation of the final resolution.

The provider may refuse to disclose the other account holder’s name, ID, address, or transaction history because of privacy and bank-secrecy-related obligations. That does not mean they can ignore you. They can investigate, validate your ownership of the number, restrict suspicious activity, and correct inaccurate or unauthorized processing.

5. If money was stolen or transferred, report it as urgent fraud

If the unauthorized account was used to receive, transfer, cash out, or move money, time matters.

Immediately report to:

  • the e-wallet provider;
  • the sending or receiving bank, if known;
  • the payment platform involved;
  • BSP CAM, if unresolved after reporting to the provider;
  • CICC hotline 1326 for cyber scam guidance;
  • PNP Anti-Cybercrime Group or nearest police station; and
  • NBI Cybercrime Division.

Under AFASA, institutions may conduct coordinated verification of disputed transactions, and covered institutions may be required under BSP rules to temporarily hold funds in appropriate cases. AFASA also gives BSP authority to investigate and inquire into financial accounts involved in prohibited acts. (Lawphil)

6. Escalate to the BSP if the e-wallet provider does not resolve it

For e-wallets and other BSP-supervised financial institutions, the usual process is:

  1. Report first to the provider’s own consumer assistance channel.
  2. Wait for the provider’s action or response.
  3. If unresolved, escalate to the BSP Consumer Assistance Mechanism.

The BSP says consumers with unresolved concerns may file through BSP Online Buddy or send the Complaints, Inquiries and Requests form to consumeraffairs@bsp.gov.ph. The BSP also lists the documents to include: your complaint summary, the resolution requested, contact details, a copy of the complaint filed with the institution, the institution’s reply if any, and supporting documents. (Bureau of Small and Medium Enterprises)

For email or postal submissions, BSP states that a Consumer Specialist will evaluate and, if necessary, respond or refer the concern to the BSP-supervised institution within seven banking days from receipt. (Bureau of Small and Medium Enterprises)

7. File with the National Privacy Commission if personal data was misused

Consider an NPC complaint if:

  • your mobile number remains linked to an account you did not authorize;
  • the provider refuses to correct inaccurate data;
  • your ID or selfie was used without consent;
  • your data was exposed to another person;
  • the provider failed to secure your data; or
  • you suffered harm because of improper data processing.

The NPC requires formal complaints to follow a specific format. Its process includes downloading the complaint form, printing and filling it out, having it notarized, and submitting it in person, by courier, or by scanned email. (National Privacy Commission)

Practical tip: Attach your screenshots, IDs, telco proof, e-wallet complaint tickets, provider replies, and a clear timeline. A short, organized complaint is usually better than a long emotional narrative with missing evidence.

8. Report to law enforcement when there is fraud, identity theft, or scam activity

Go beyond customer support if:

  • money was lost;
  • your ID was used;
  • someone is threatening you;
  • scam victims are contacting you;
  • the account was used to receive suspicious funds;
  • there are phishing links or fake support agents;
  • you received OTPs for transactions you did not initiate; or
  • the provider confirms suspicious account activity.

The NBI Cybercrime Division’s citizen charter identifies investigative assistance for victims of computer crimes as available to the general public, with complainants proceeding to the CyberCrime Division, undergoing interview, and executing sworn statements or submitting affidavits and supporting documents. (National Bureau of Investigation)

You may also report cyber scams through CICC’s 1326 hotline, which government sources have described as a reporting channel for victims of cyber fraud and online scams. (Philippine News Agency)

Documents to Prepare

Purpose Documents or information to prepare
Proving you control the number SIM card, telco app profile, SIM registration confirmation, billing statement, prepaid account screenshot, telco incident ticket
Proving the e-wallet issue Screenshot showing “number already registered,” OTP messages, app error messages, complaint ticket numbers
Proving identity Valid government ID, passport for foreigners, ACR I-Card if applicable, selfie or liveness verification if requested by provider
Proving fraud Transaction IDs, sender/recipient details, amounts, dates, screenshots of chats, phishing links, calls, account names
Filing BSP complaint Copy of provider complaint, provider reply, requested resolution, supporting documents
Filing NPC complaint Notarized complaint form or affidavit, proof of data misuse, provider correspondence
Filing NBI/PNP complaint Complaint affidavit, screenshots, IDs, phone/device details, transaction records, witness statements if any
Authorizing a representative Special Power of Attorney, valid IDs of principal and representative, consular acknowledgment or apostille if executed abroad

Practical Timelines and Bottlenecks

Step Usual practical timeline Common bottleneck
E-wallet support ticket Same day to several business days for acknowledgment Generic replies, chatbot loops, repeated ID verification
Fraud or account restriction review A few days to several weeks Provider needs KYC, transaction logs, and coordination with other institutions
Telco SIM ownership or incident report Same day to several days Store visit may be required, especially for SIM replacement
BSP CAM escalation BSP email/postal complaints may be evaluated or referred within seven banking days BSP usually expects proof you first complained to the provider
NPC complaint Filing can be done once documents are complete; resolution may take longer Complaint must be properly formatted and notarized
NBI/PNP cybercrime report Complaint may be received the same day; investigation takes longer Need sworn statements, evidence preservation, and sometimes personal appearance
Overseas execution of documents Several days to weeks Consular acknowledgment, apostille, courier delays

For urgent fraud, do not wait for one office before reporting to another. You can report to the provider immediately, then follow with BSP, law enforcement, or NPC depending on what the facts show.

Special Situations

If your number was previously owned by someone else

This is common with recycled numbers. The previous owner may have legitimately opened the e-wallet years ago. In that case, the issue may be less about fraud and more about account recovery, unlinking, or data correction.

Still, the provider should have a process to verify that you are now the legitimate user of the number and to prevent OTPs or alerts meant for another person from going to you.

If you are an OFW or you are abroad

You can still start the process by email or official support channels. Prepare scanned copies of your passport, Philippine ID if available, SIM proof, and a signed statement.

If a notarized affidavit or Special Power of Attorney is required in the Philippines:

  • documents signed before a Philippine Embassy or Consulate are commonly accepted in the Philippines as consularized documents;
  • documents notarized by a foreign notary may need an apostille if the country is part of the Apostille Convention;
  • if the country is not an apostille country, consular authentication may be required; and
  • your Philippine representative should carry valid IDs and the original authority document.

If you are a foreigner in the Philippines

Foreigners can encounter this problem when a local SIM expires, gets replaced, or is linked to an old account. Keep copies of:

  • passport bio page;
  • entry stamp or visa page;
  • ACR I-Card or other immigration document, if applicable;
  • proof of Philippine address;
  • SIM registration confirmation;
  • e-wallet KYC submission; and
  • visa extension documents if your SIM validity depends on tourist status.

Do not assume that a Philippine e-wallet provider will accept foreign documents in the same way a bank does. KYC requirements vary by provider and risk level.

If scam victims are contacting you

Do not argue with them online. Do not post their personal details. Do not admit that the account is yours if it is not.

Instead:

  1. Save the messages.
  2. Ask for the transaction reference number, date, amount, and platform.
  3. Tell them you are also reporting unauthorized use of your number.
  4. File your own report with the e-wallet provider.
  5. Consider filing with NBI or PNP if the matter appears to involve fraud.

This protects you from looking evasive while avoiding statements that may later be misunderstood.

If police, NBI, or a prosecutor contacts you

Take it seriously. Bring or prepare:

  • proof that the SIM is yours;
  • proof of when you acquired or registered the number;
  • screenshots showing you could not access or create your own account;
  • your reports to the e-wallet provider and telco;
  • BSP or NPC complaints, if filed;
  • proof of your location or activity during disputed transactions, if relevant; and
  • your devices, only if legally requested and appropriate.

If you receive a subpoena for preliminary investigation, do not ignore it. In Philippine criminal procedure, a counter-affidavit and supporting evidence are usually submitted at the prosecutor level. Missing the deadline can make it harder to explain your side later.

What Not to Do

Avoid these common mistakes:

  • Do not share OTPs with anyone, including people claiming to be from the e-wallet provider.
  • Do not pay a “fixer” who claims they can delete or recover the account.
  • Do not access the unauthorized account just because OTPs arrive on your phone.
  • Do not post full screenshots showing account numbers, phone numbers, IDs, or transaction details.
  • Do not delay reporting if money was transferred.
  • Do not rely only on a barangay blotter for cyber or financial fraud.
  • Do not sell, lend, or rent your e-wallet or SIM. Under AFASA, money mule activity and buying or selling financial accounts can carry serious consequences. (Lawphil)

Sample Report to Send to the E-Wallet Provider

Subject: Unauthorized E-Wallet Account Linked to My Mobile Number

I am reporting an unauthorized e-wallet account linked to my mobile number, +63 ________. I am the current user of this number, but I did not create, authorize, or verify any account using it.

When I attempted to register or access the service on [date], the app/system stated that my number was already registered. I also received the following OTPs or alerts: [briefly list, if any].

Please investigate this as a possible unauthorized registration, identity misuse, or account-linking error. I request that you:

  1. issue a complaint reference number;
  2. preserve relevant account, KYC, device, IP, and transaction logs;
  3. restrict suspicious activity if warranted;
  4. verify my ownership or lawful use of the mobile number;
  5. correct, unlink, deactivate, or revalidate any account improperly associated with my number; and
  6. provide a written response on the action taken.

Attached are my screenshots, proof of mobile number use, valid ID, and other supporting documents.

Frequently Asked Questions

Can someone open an e-wallet using my mobile number in the Philippines?

It can happen if there was weak verification, a typo, an old account from a previous number owner, SIM compromise, or intentional misuse. Whether it is fraud depends on the facts, especially whether your identity documents or OTPs were used.

Is an unauthorized e-wallet account a crime?

It may be. If someone used your identity, ID documents, or financial account access to commit fraud, possible laws include AFASA, the Cybercrime Prevention Act, the Access Devices Regulation Act, the Revised Penal Code provisions on estafa or falsification, and the Data Privacy Act.

Can I force the e-wallet company to tell me who opened the account?

Usually, you should not expect the provider to disclose another person’s personal information directly to you. Privacy and financial confidentiality rules may limit what they can reveal. But they should investigate, verify your claim, correct inaccurate data, and cooperate with regulators or law enforcement when legally required.

What if the account belongs to the previous owner of my number?

Report it as an account-linking or data-correction issue. Provide proof that you are now the legitimate user of the number. The provider may need to unlink the number from the old account or require the old account holder to update their registered number.

Should I file a police report immediately?

File with law enforcement if there is fraud, money loss, identity theft, use of your ID, threats, scam-victim complaints, phishing, or suspicious transactions. For a simple recycled-number issue with no fraud, start with the e-wallet provider and telco, then escalate if unresolved.

Is filing with BSP enough?

No. BSP is important for unresolved complaints against BSP-supervised financial institutions, including many e-wallet providers. But BSP CAM is not a substitute for a criminal complaint with NBI or PNP if fraud occurred, and it is not a substitute for an NPC complaint if the main issue is data privacy misuse.

Can the e-wallet provider freeze the account?

In appropriate cases, the provider may restrict, hold, or review an account or transaction under its fraud controls and applicable BSP rules. AFASA also provides mechanisms for disputed transactions, coordinated verification, and temporary holding of funds under BSP regulations.

What if I am abroad and cannot go to the Philippines?

Start by filing online or by email with the provider, telco, BSP, or NPC as applicable. For sworn documents, use a Philippine Embassy or Consulate, or comply with apostille or authentication requirements depending on the country where the document is executed.

Can I claim damages?

Possibly, if you suffered actual loss, reputational harm, privacy injury, or other legally compensable damage. Depending on the facts, claims may be based on the Civil Code, Data Privacy Act, contractual obligations, financial consumer protection rules, or the specific law violated.

Is a barangay blotter enough proof?

A barangay blotter can help document that you reported the incident, but it is usually not enough for e-wallet fraud, cybercrime, or data privacy violations. For serious cases, report to the provider, telco, BSP, NPC, NBI, PNP, or CICC as appropriate.

Key Takeaways

  • An unauthorized e-wallet account using your mobile number can be a simple recycled-number issue or a serious fraud and identity-theft problem.
  • Do not access the account casually, even if OTPs are sent to your phone.
  • Preserve screenshots, OTPs, reference numbers, telco records, and provider replies.
  • Report first to the e-wallet provider and your telco.
  • Escalate unresolved e-wallet complaints to BSP CAM.
  • File with the NPC if your personal data, ID, selfie, or mobile number was misused.
  • Report to NBI, PNP, or CICC 1326 if fraud, scams, identity theft, or suspicious transactions are involved.
  • Foreigners and OFWs should prepare passport, visa, SIM registration, and properly authenticated authority documents when acting from abroad.
  • The most important practical protection is a clear written record showing that you promptly reported the unauthorized account and did not create, control, or benefit from it.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login