What Are the Penalties for Using Someone Else’s Electronic Signature in the Philippines?

Using another person’s electronic signature without permission can expose the user to serious criminal, civil, employment, and administrative liability in the Philippines. Depending on how the signature was obtained and used, the act may constitute computer-related forgery, identity theft, fraud, illegal access, falsification of documents, or a Data Privacy Act violation. Penalties can reach 12 years’ imprisonment or more when another offense is committed through information and communications technology, plus substantial fines and payment of damages.

There is no single offense officially called “using someone else’s electronic signature.” Prosecutors examine the complete transaction: what kind of signature was used, whether the person gave authority, how the signature or account was accessed, what document was signed, whether anyone relied on it, and whether money, property, credit, employment, or legal rights were affected.

What Counts as Using Someone Else’s Electronic Signature?

Under the Electronic Commerce Act of 2000, Republic Act No. 8792, an electronic signature may be any electronic mark, characteristic, sound, method, or procedure associated with an electronic document and adopted by a person to authenticate or approve it.

Examples include:

  • Copying a scanned handwritten signature and pasting it into a PDF
  • Typing another person’s name into an electronic signing platform
  • Clicking “Accept,” “Approve,” or “Sign” while logged in under another person’s account
  • Using another person’s digital certificate or private cryptographic key
  • Entering an OTP sent to another person to complete a signature
  • Signing an online loan, employment, insurance, banking, or property document in another person’s name
  • Using a company officer’s stored signature without authority
  • Sending an electronically signed document while falsely claiming that the named person approved it

An electronic signature is a broad concept. A digital signature is a more secure type of electronic signature created through cryptographic technology. Digital signatures can show whether a document was altered and whether the signature was generated using a particular private key. Both may have legal effect if properly authenticated under the Electronic Commerce Act and the Supreme Court’s Rules on Electronic Evidence. (Lawphil)

Main Criminal Penalties for Unauthorized Electronic Signature Use

The charge depends on the facts. Several offenses may be investigated from a single incident, although the prosecution and courts must still observe the rules against double jeopardy and improper duplication of penalties.

Conduct Possible offense Possible penalty
Creating an inauthentic electronic document intended to be accepted as genuine Computer-related forgery under RA 10175 Prisión mayor—6 years and 1 day to 12 years—or a fine of at least ₱200,000 up to an amount commensurate with the damage, or both
Using another person’s identifying information without right Computer-related identity theft under RA 10175 Prisión mayor or a fine of at least ₱200,000 up to the damage incurred, or both; generally one degree lower if no damage has yet occurred
Altering data or interfering with a system to cause loss Computer-related fraud under RA 10175 Prisión mayor or a fine of at least ₱200,000 up to the damage incurred, or both; generally one degree lower if no damage has yet occurred
Entering another person’s signing account, email, phone, or system without authority Illegal access under RA 10175 Prisión mayor or a fine of at least ₱200,000 up to the damage incurred, or both
Counterfeiting a signature in a public, official, commercial, or private document Falsification under the Revised Penal Code Depending on the document and offender, imprisonment may range from prisión correccional to prisión mayor, plus a fine of up to ₱1 million
Processing or using a person’s signature and identity data without legal authority Data Privacy Act violation Depending on the violation, imprisonment may range from 1 year to 7 years, with fines commonly ranging from ₱500,000 to several million pesos
Unauthorized access to or use of an electronic signature or key contrary to RA 8792 Electronic Commerce Act violation Up to ₱1 million or up to 6 years’ imprisonment

Computer-Related Forgery

Section 4(b)(1) of the Cybercrime Prevention Act of 2012, Republic Act No. 10175, defines computer-related forgery to include:

  1. Inputting, altering, or deleting computer data without right;
  2. Producing inauthentic data;
  3. Intending that the data be considered or acted upon for legal purposes as authentic; or
  4. Knowingly using forged computer data to carry out a fraudulent or dishonest plan.

This is one of the most direct charges when someone pastes another person’s signature into an electronic contract, creates a false electronically signed authorization, or submits a fabricated digital document to a bank, employer, government agency, customer, or court.

The penalty is prisión mayor, which runs from six years and one day to twelve years, or a fine of at least ₱200,000 up to an amount commensurate with the damage, or both. Unlike computer-related fraud and identity theft, the forgery provision does not expressly require completed financial damage before the standard penalty may apply. (Supreme Court E-Library)

Computer-Related Identity Theft

A person may commit computer-related identity theft by intentionally acquiring, using, misusing, possessing, transferring, altering, or deleting identifying information belonging to another person or company without right.

An electronic signature, signing credential, account name, digital certificate, private key, email address, mobile number, or OTP may form part of the identifying information used in the offense.

The ordinary penalty is prisión mayor, a fine of at least ₱200,000 up to the amount of damage, or both. If no damage has yet been caused, the law provides for a penalty one degree lower. For imprisonment, one degree below prisión mayor is generally prisión correccional, which ranges from six months and one day to six years. (Supreme Court E-Library)

Computer-Related Fraud

Computer-related fraud may apply when the unauthorized signature is accompanied by unauthorized input, alteration, or deletion of data or interference with a computer system, resulting in damage and done with fraudulent intent.

Common examples include:

  • Changing the payee or bank details in an electronically signed payment instruction
  • Altering a contract before applying another person’s signature
  • Submitting a forged electronic loan application that causes a release of funds
  • Manipulating an approval workflow to make it appear that a manager authorized payment
  • Using a false signature to transfer digital assets or obtain goods on credit

The standard penalty is also prisión mayor, a fine of at least ₱200,000 up to the damage incurred, or both. If no damage has yet occurred, the penalty is one degree lower. (Supreme Court E-Library)

Illegal Access and Misuse of Passwords or Access Codes

A person who logs into another individual’s email, phone, cloud storage, electronic signing account, or company system without authority may be investigated for illegal access, even if the person already knew the password.

“Without right” includes acting without authority or beyond the authority originally given. For example, an employee allowed to open a manager’s account for scheduling purposes is not automatically authorized to sign contracts or approve payments.

Using or possessing another person’s password, access code, or similar data with the intent to commit a cybercrime may also fall under the misuse-of-devices provision. Illegal access ordinarily carries prisión mayor or a fine of at least ₱200,000 up to the damage incurred, or both. Misuse of devices may be punished by prisión mayor, a fine of up to ₱500,000, or both. (Supreme Court E-Library)

Violations of the Electronic Commerce Act

Section 31 of RA 8792 provides that access to an electronic file or electronic signature must be limited to the person or entity legally entitled to possess or use it and only for authorized purposes. An electronic key used to establish identity or document integrity must not be made available without the lawful holder’s consent.

A violation not covered by a more specific penalty under the Act may be punished under Section 33(d) by up to ₱1 million or six years’ imprisonment. In practice, when the same conduct clearly fits computer-related forgery, identity theft, fraud, or illegal access, the more specific provisions of RA 10175 are likely to be central to the investigation. (Lawphil)

Falsification Under the Revised Penal Code

The Revised Penal Code may also be relevant, particularly when the electronic signature is placed on a document that is later printed, notarized, registered, submitted to an agency, or used as a public, official, commercial, or private document.

Article 171 includes acts such as:

  • Counterfeiting or imitating a signature
  • Making it appear that a person participated in an act when that person did not
  • Attributing statements to a person that the person did not make
  • Altering a genuine document in a way that changes its meaning

Under Article 172, as amended by RA 10951, a private individual who falsifies a public, official, or commercial document may be punished by prisión correccional in its medium and maximum periods, or two years, four months, and one day to six years, plus a fine of up to ₱1 million.

Falsification of a purely private document additionally requires damage to another person or intent to cause such damage. A person who did not create the falsified document but knowingly uses it may receive the penalty next lower in degree when the legal elements are established. (Supreme Court E-Library)

If a public officer, government employee, or notary falsifies a document while taking advantage of official position, Article 171 may impose prisión mayor and a fine of up to ₱1 million.

Where an offense under the Revised Penal Code or another special law is committed through ICT, Section 6 of RA 10175 may increase the applicable penalty by one degree. The precise charge and penalty depend on how the complaint and Information are framed and which elements the prosecution can prove. (Supreme Court E-Library)

Data Privacy Act Penalties

A signature associated with a person’s name, account, identification details, or signing history is generally personal information. Copying, storing, altering, or using it is “processing” under the Data Privacy Act of 2012, Republic Act No. 10173.

A Data Privacy Act charge is not automatic in every signature dispute. The Act’s scope, the nature of the data, the person or organization processing it, and any legal basis for processing must be examined. It becomes particularly relevant when a company, employee, service provider, lender, platform operator, or other organization uses stored signature data for an unauthorized purpose.

Possible penalties include:

  • Unauthorized processing of ordinary personal information: one to three years’ imprisonment and a fine of ₱500,000 to ₱2 million
  • Unauthorized processing of sensitive personal information: three to six years’ imprisonment and a fine of ₱500,000 to ₱4 million
  • Processing for an unauthorized purpose: one year and six months to five years’ imprisonment and a fine of ₱500,000 to ₱1 million for ordinary personal information
  • Unauthorized access or intentional breach: one to three years’ imprisonment and a fine of ₱500,000 to ₱2 million
  • A combination or series of Data Privacy Act violations: three to six years’ imprisonment and a fine of ₱1 million to ₱5 million

An alien convicted under the Data Privacy Act may also be deported after serving the sentence. (National Privacy Commission)

Is a Document Valid If Someone Else Used Your Electronic Signature?

Not necessarily.

An electronic signature has legal effect only when the evidence shows that it is genuinely attributable to the person and was affixed with the intention to sign or approve the document. The person presenting the electronic document in a legal proceeding generally carries the burden of authenticating it. Courts consider the reliability of the system, the method used to identify the signer, the integrity of the document, and the surrounding circumstances. (Lawphil)

Under Article 1317 of the Civil Code, no one may contract in another person’s name without authority or a legal right to represent that person. A contract made by an unauthorized representative is generally unenforceable against the supposed principal unless the principal ratifies it.

A forged signature may also show that there was no genuine consent, which is an essential requirement of a contract under Article 1318. The legal result may depend on whether the case involves:

  • A completely fabricated consent
  • An unauthorized person pretending to be an agent
  • A real agent acting beyond the granted authority
  • A document later expressly or impliedly ratified
  • A third party who reasonably relied on an agreed security procedure

A person disputing the document should avoid conduct that could be presented as ratification, such as knowingly accepting benefits under it without objection. (Supreme Court E-Library)

When Using Another Person’s Electronic Signature Is Authorized

Not every use by another person is illegal. Valid authority may arise from:

  • A special or general power of attorney
  • A board resolution or secretary’s certificate
  • Corporate signing authority
  • An employment delegation clearly covering the transaction
  • A platform feature that formally delegates signing rights
  • Guardianship, parental authority, or another authority created by law
  • Express approval to apply the signature to a specific final document

Authority should identify:

  • The documents that may be signed
  • The transaction or purpose
  • Any amount or time limit
  • Whether delegation to another person is allowed
  • Whether notarization or personal appearance is still required
  • Whether the agent must sign in a representative capacity

A person authorized to sign for another should normally sign in a manner showing representation, such as “Juan Dela Cruz, by Maria Santos, attorney-in-fact,” rather than pretending that Juan personally applied the signature.

Permission to use a signature once does not create unlimited authority. Approval to sign one version of a contract does not permit signing a revised version containing different prices, obligations, parties, or payment instructions.

Notarized Documents and Electronic Signatures

Electronic signatures do not automatically remove legal formalities. RA 8792 expressly states that it does not change statutory formalities required for the validity of particular documents.

Under the 2004 Rules on Notarial Practice, a notary ordinarily must require the signatory’s personal appearance and competent evidence of identity. A pasted signature, phone confirmation, or assurance from another person does not by itself satisfy the standard personal-appearance requirement.

A notary who falsely certifies that a person appeared may face revocation of the notarial commission, disqualification, suspension from law practice, and possible criminal liability. The Supreme Court has repeatedly disciplined notaries for notarizing documents without the signatories personally appearing. (Supreme Court E-Library)

What to Do If Your Electronic Signature Was Used Without Permission

1. Secure the affected accounts immediately

Change passwords and PINs for:

  • Email accounts
  • Electronic signing platforms
  • Banking and payment applications
  • Cloud storage
  • Mobile accounts linked to OTPs
  • Company accounts and approval systems

Enable multi-factor authentication and terminate all active sessions. If a digital certificate or private key was compromised, ask the certification or platform provider to revoke it.

2. Send a written denial and preservation notice

Notify the recipient, bank, employer, platform, government office, or other party that:

  • You did not sign or authorize the document;
  • You dispute its authenticity;
  • You do not ratify the transaction;
  • Processing, payment, registration, or transfer should be suspended; and
  • All records, logs, emails, IP information, device data, and signing certificates must be preserved.

A prompt notice is important because RA 8792 may allow a recipient to rely on an agreed authentication procedure until the supposed signer gives notice that the message or signature was unauthorized. (Lawphil)

3. Preserve the original electronic evidence

Do not rely only on cropped screenshots. Keep:

  • The original PDF or electronic file
  • The original email in .eml or equivalent format
  • Full email headers
  • The signing platform’s audit trail
  • Completion certificates and timestamp records
  • IP address and device information
  • OTP and SMS records
  • Login and access history
  • Earlier and later versions of the document
  • Chat messages and instructions
  • Bank records, payment confirmations, or transaction receipts
  • Copies of documents submitted to third parties
  • Written confirmations from people who received or relied on the document

Electronic evidence must be authenticated. Original files, metadata, platform records, and testimony from a knowledgeable witness are usually more useful than a screenshot standing alone. (Supreme Court E-Library)

4. Ask the platform or organization to investigate

Request a written incident report or certification covering:

  • When the document was uploaded
  • Which account initiated the signature
  • Authentication methods used
  • IP addresses and device identifiers
  • Whether the account password or OTP was used
  • Whether the document changed after signing
  • Which users viewed, downloaded, or forwarded it
  • Whether the certificate or signature has been revoked

Make the request quickly. Under RA 10175, service providers must preserve specified traffic data and subscriber information for at least six months from the transaction. Content data may be preserved for six months after a law-enforcement preservation order, with a possible one-time extension. (Supreme Court E-Library)

5. Report the matter to the proper authorities

Cybercrime complaints may be reported to:

  • The National Bureau of Investigation, particularly its cybercrime investigators
  • The Philippine National Police Anti-Cybercrime Group
  • The city or provincial prosecutor’s office
  • The DOJ Office of Cybercrime when appropriate
  • The National Privacy Commission for personal-data violations
  • The relevant regulator, bank, employer, professional body, or government agency

RA 10175 assigns the NBI and PNP responsibility for investigating cybercrime offenses. Cybercrime prosecutions fall within the jurisdiction of Regional Trial Courts, including designated cybercrime courts. (Supreme Court E-Library)

6. Prepare a complete complaint-affidavit

A useful complaint package normally contains:

Document Purpose
Complaint-affidavit Gives a chronological, sworn account of what happened
Disputed document Shows the signature and false representation
Genuine signature samples Helps establish differences or unauthorized use
Platform audit records Identifies accounts, timestamps, IP addresses, and authentication events
Emails and messages Shows instructions, admissions, intent, or lack of permission
Proof of damage Establishes financial loss, rejected applications, fees, or other harm
Written denial and notices Shows prompt objection and lack of ratification
Witness affidavits Confirms receipt, creation, submission, or use of the document
Identity and authority documents Establishes ownership of the signature, account, company, or property

During preliminary investigation under Rule 112 of the Rules of Criminal Procedure, the respondent is generally given ten days from receipt of the prosecutor’s subpoena to submit a counter-affidavit. The Rules provide short periods for the formal steps and resolution, but actual processing may take longer because of difficulty serving subpoenas, crowded dockets, forensic examinations, platform responses, and requests for records from foreign providers. (Lawphil)

7. Consider civil and administrative remedies

The affected person may seek appropriate relief such as:

  • Declaration that the document is unenforceable or not binding
  • Cancellation or correction of records
  • Injunction against payment, transfer, registration, or continued use
  • Recovery of actual financial loss
  • Moral damages when legally justified
  • Exemplary damages for fraudulent, oppressive, or bad-faith conduct
  • Attorney’s fees when allowed by law
  • Indemnity for unauthorized processing of personal information

Articles 19, 20, and 21 of the Civil Code require honesty and good faith and allow compensation when a person unlawfully or willfully causes injury. (Lawphil)

Common Real-Life Scenarios

An employee uses the boss’s stored signature

An employee who applies a manager’s stored signature to purchase orders, checks, contracts, certifications, or payroll documents without authority may face cybercrime or falsification charges.

The employee may also be dismissed for serious misconduct, fraud, or willful breach of trust under Article 297 of the Labor Code, provided the employer proves a valid ground and follows the required notice-and-opportunity-to-explain procedure. (Supreme Court E-Library)

A spouse or relative signs for a family member

Marriage or family relationship does not automatically authorize one person to sign contracts, loans, waivers, deeds, or affidavits for another. Authority may require a power of attorney, particularly for property transactions or acts of strict ownership.

A spouse who pastes the other spouse’s signature onto a loan or sale document without permission can still face criminal and civil liability.

Someone signs an online loan application

Using another person’s signature and identity to obtain a loan may lead to computer-related forgery, identity theft, fraud, and possibly estafa if the lender released funds because of the deception. The loan amount and actual damage may affect the penalty for the additional fraud or estafa charge.

The named borrower should immediately notify the lender in writing, dispute the application, request all KYC and signing records, and demand that collection and adverse credit reporting be suspended while the impersonation is investigated.

A forged signature is used in a deed of sale or special power of attorney

Property-related cases require urgent action because a forged document may be presented to a notary, Register of Deeds, bank, assessor, developer, or buyer.

The affected owner should obtain certified copies of the document and any related registration records, notify the Register of Deeds and other concerned parties, and preserve evidence showing that the owner did not personally appear, sign, or authorize the transaction.

The signature was copied but the transaction failed

A failed transaction can still create criminal exposure. Computer-related forgery may be complete when inauthentic data is created with the required intent. Attempt, aiding, or abetting may also be punishable under RA 10175. Identity theft and computer-related fraud provide a lower penalty when no damage has yet occurred, but the absence of completed loss does not necessarily erase liability. (Supreme Court E-Library)

The victim or offender is outside the Philippines

Philippine cybercrime jurisdiction may exist when:

  • The offender is a Filipino national, regardless of where the offense occurred;
  • An element of the offense occurred in the Philippines;
  • A computer system used in the offense was wholly or partly located in the Philippines; or
  • The offense caused damage to a person who was in the Philippines at the time.

Affidavits executed abroad may generally be signed before a Philippine consular officer or before a local notary and then apostilled when the country is a party to the Apostille Convention. Documents from non-Apostille countries may require authentication through the appropriate Philippine Embassy or Consulate. (Supreme Court E-Library)

Frequently Asked Questions

Can I use someone else’s electronic signature if they verbally approved it?

Possibly, but verbal permission is difficult to prove and may not satisfy transaction-specific requirements. The permission must cover the exact document and final terms. A written authorization, platform delegation, board resolution, or power of attorney is safer and may be legally required.

Is copying and pasting a signature automatically forgery?

Not automatically. The prosecution must prove the elements of a specific offense, including lack of authority and the required intent. Pasting a signature onto a document intended to create legal obligations or deceive another person strongly supports a forgery investigation.

Can a person be jailed even if no money was stolen?

Yes. Computer-related forgery does not require completed financial loss in every case. Identity theft, illegal access, misuse of access credentials, falsification, and attempted cybercrime may also be punishable even when the transaction was stopped.

Is an electronic contract binding if the signature was forged?

It is generally not binding on the person who did not sign, consent, authorize an agent, or ratify the transaction. However, the person should dispute it promptly and avoid accepting benefits that could be presented as implied ratification.

What if I shared my password voluntarily?

Sharing a password may make the evidence more complicated, but it does not necessarily authorize every transaction. Permission to access an account for a limited purpose is not permission to sign documents, transfer funds, or approve contracts.

Can screenshots prove that my signature was misused?

Screenshots can help, but they are stronger when supported by original files, metadata, email headers, audit trails, device records, platform certificates, and testimony from someone who can authenticate them.

Can I complain to the National Privacy Commission?

Yes, when the incident involves unauthorized processing, access, disclosure, or use of personal information covered by the Data Privacy Act. The NPC generally requires a verified or notarized complaint and supporting documents. Its official complaint-filing guidance allows filing in person, by courier, or through the stated electronic channel. (National Privacy Commission)

Can an employee be fired for using another person’s electronic signature?

Yes, when the act constitutes serious misconduct, fraud, or a willful work-related breach of trust and the employer can prove it with substantial evidence. The employer must still observe procedural due process, including written notice of the accusation, a reasonable opportunity to explain, and written notice of the decision.

Does notarization make a forged electronic signature valid?

No. Notarization does not cure forgery or lack of consent. A notary who falsely states that a person appeared or acknowledged the document may face administrative discipline and possible criminal liability.

Can several criminal cases arise from one forged electronic signature?

Potentially. One incident may involve forgery, identity theft, illegal access, fraud, falsification, or data privacy violations. Whether separate charges and penalties may lawfully proceed depends on the distinct elements of each offense, the evidence, and constitutional protections against double jeopardy.

Key Takeaways

  • Unauthorized use of another person’s electronic signature can result in six to twelve years’ imprisonment, substantial fines, civil damages, and other consequences.
  • Computer-related forgery, identity theft, fraud, and illegal access under RA 10175 are the most common cybercrime provisions considered.
  • Falsification under Articles 171 and 172 of the Revised Penal Code may also apply, especially when the document is notarized, registered, printed, or used in an official or commercial transaction.
  • An unauthorized contract is generally not enforceable against the supposed signer unless validly ratified.
  • Prompt written denial helps prevent further reliance and avoids claims of implied ratification.
  • Preserve original files, metadata, audit trails, emails, OTP records, access logs, and platform certificates—not only screenshots.
  • Report quickly because important service-provider records may be retained for limited periods.
  • Authority to access an account or use a signature for one purpose does not create unlimited authority to sign other documents.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.