Discovering that an e-wallet account was opened in your name without your consent can be alarming. Even if no money has been taken from you yet, the account may be used for scams, “money mule” transfers, fake loans, or transactions that could later be traced back to your identity. In the Philippines, this situation may involve data privacy violations, cybercrime, financial account scamming, falsification, estafa, and consumer protection rules. The safest response is to act quickly, create a written record, report the account to the e-wallet provider, and escalate to the proper regulator or law enforcement agency when needed.
Why an Unauthorized E-Wallet Account Is Serious
An e-wallet account is not just an app profile. Under Philippine financial regulations, many e-wallets are operated by electronic money issuers, or EMIs, supervised by the Bangko Sentral ng Pilipinas (BSP). BSP Circular No. 1166, Series of 2023, treats e-money as electronically stored value that is pre-funded by customers, accepted as payment, represented by a claim on the issuer, and withdrawable or transferable to other accounts or instruments.
That means an e-wallet opened in your name can be used to:
- Receive scam proceeds from victims
- Move funds through InstaPay, PESONet, QR Ph, or cash-out agents
- Apply for credit, cash loans, “buy now, pay later,” or merchant services
- Link to your mobile number, email, IDs, selfie, or biometric data
- Create a false record that you supposedly consented to the account
- Make it appear that you are the “account owner” in a disputed transaction
Under the Anti-Financial Account Scamming Act, RA 12010 of 2024, an “e-wallet” is expressly included as a type of financial account. The law also recognizes that financial accounts may be abused in digital scams, money muling, and social engineering schemes.
The key point is this: do not ignore the account just because you did not open it or did not lose money. Your goal is to create a clear paper trail showing that the account was unauthorized, that you did not benefit from it, and that you promptly reported the misuse of your identity.
Common Signs That an E-Wallet Was Opened Using Your Identity
You may discover the unauthorized account in different ways. Common examples include:
- You receive an OTP, verification email, or “welcome” message from an e-wallet you never registered for.
- You try to create an account, but the app says your mobile number, email, or ID is already registered.
- A debt collector contacts you about an e-wallet loan or credit product you never applied for.
- Someone sends you a screenshot showing an e-wallet account under your name.
- Your bank or e-wallet freezes your legitimate account because your name appears in a fraud investigation.
- A scam victim says they transferred money to an account bearing your name.
- You receive messages about failed login attempts, device binding, password resets, or suspicious activity.
- You find out that your lost ID, passport, driver’s license, UMID, PhilSys ID, or selfie was used for account verification.
In practice, many cases start with a lost phone, compromised email, SIM swap, leaked ID photo, fake job application, online lending app misuse, marketplace scam, or someone close to the victim using stored IDs and selfies.
Legal Bases in the Philippines
Several Philippine laws may apply at the same time. The correct legal theory depends on what happened: how the account was opened, whether false documents were used, whether money moved through the account, and whether your personal data was mishandled.
Data Privacy Act of 2012: Misuse of Your Personal Information
The Data Privacy Act of 2012, RA 10173, protects personal information in both government and private-sector systems. Your name, mobile number, email address, ID details, selfie, signature, address, birthday, nationality, and account credentials are personal data.
If an e-wallet provider processed your personal data without valid consent or without a lawful basis, you may invoke your rights as a data subject, including the right to access, correction, objection, blocking or erasure in proper cases, and damages where allowed by law.
For an unauthorized e-wallet account, your written request to the provider should usually ask for:
- Confirmation whether an account exists under your name, mobile number, email, or ID
- The date and time the account was opened
- The mobile number, email address, and device information linked to the account, subject to lawful disclosure rules
- The ID document or selfie allegedly used for verification
- The basis for processing your personal data
- Immediate freezing, deactivation, or closure of the unauthorized account
- Preservation of account records, KYC records, login logs, transaction logs, IP/device logs, and communications
- Correction or deletion of inaccurate records, when legally proper
- Written confirmation that the account was disputed as unauthorized
Do not rely only on hotline calls. A call is useful for urgent freezing, but a written request is easier to prove later.
Cybercrime Prevention Act: Computer-Related Identity Theft and Fraud
The Cybercrime Prevention Act of 2012, RA 10175, penalizes several computer-related offenses. For unauthorized e-wallet accounts, the most relevant are usually:
- Computer-related identity theft, when someone acquires, uses, misuses, transfers, possesses, alters, or deletes another person’s identifying information through ICT without right
- Computer-related fraud, when fraud is committed through unauthorized input, alteration, deletion, or suppression of computer data, or interference with a computer system
- Other crimes under the Revised Penal Code committed through information and communications technology
This is why complaints are often filed with the PNP Anti-Cybercrime Group or the NBI Cybercrime Division, especially where the e-wallet was used to receive scam proceeds or apply for unauthorized credit.
Anti-Financial Account Scamming Act: E-Wallets and Money Muling
RA 12010, the Anti-Financial Account Scamming Act, is especially important because it directly covers e-wallets as financial accounts. It prohibits certain financial account scamming acts, including money muling activities. One prohibited act involves opening a financial account under a fictitious name or using the identity or identification documents of another for prohibited purposes.
This law matters in two ways.
First, it gives law enforcement and regulators a clearer framework for account-based scams. Second, it makes it even more important for an innocent person to report promptly when their identity or ID documents are used without consent.
If you did not authorize the account, did not provide your IDs for that purpose, did not receive or transfer scam proceeds, and did not allow anyone to use your financial account, say so clearly in your affidavit and reports.
Revised Penal Code: Estafa and Falsification
The Revised Penal Code may also apply.
Possible offenses include:
- Estafa under Article 315, if the unauthorized account was used to deceive someone into parting with money or property
- Falsification under Articles 171 and 172, if fake documents, forged signatures, altered IDs, or false statements in commercial or official documents were used
- Use of falsified documents, if the offender submitted fake or altered documents to the e-wallet provider
For example, if someone used your driver’s license and a manipulated selfie to open an e-wallet, then used that wallet to receive payment from a fake online seller transaction, the case may involve identity theft, computer-related fraud, estafa, and falsification.
Financial Consumer Protection Act and BSP Rules
The Financial Products and Services Consumer Protection Act, RA 11765 of 2022, protects financial consumers and recognizes rights such as fair treatment, data privacy, protection of consumer assets against fraud and misuse, and timely handling and redress of complaints.
For BSP-supervised e-wallets, the BSP’s consumer assistance mechanism is important. The BSP explains that unresolved complaints against BSP-supervised financial institutions may be elevated through the BSP Online Buddy or BSP Consumer Assistance Mechanism. The BSP also maintains a public list of supervised electronic money issuers, which is useful when checking whether the e-wallet provider is BSP-supervised.
What to Do Immediately
1. Do Not Use the Unauthorized Account
If you gain access to the account by resetting the password or using your mobile number, do not transact, withdraw, transfer, or “test” the account.
Using the account may confuse the evidence. It may allow the provider or investigator to ask why you accessed or interacted with an account you claim was unauthorized.
Instead, take screenshots and report it.
2. Preserve Evidence Before Anything Disappears
Save evidence in a way that shows dates, times, sender details, URLs, reference numbers, and account identifiers.
Useful evidence includes:
- Screenshots of the e-wallet app message saying an account already exists
- OTP messages, welcome messages, password reset messages, and login alerts
- Emails from the e-wallet provider
- Screenshots of the account name, masked number, transaction notice, or reference number
- Debt collection messages or loan statements
- Police blotter, if already obtained
- Copies of lost ID reports, if any
- Proof that your ID, phone, SIM, or email was lost or compromised
- Communication with the e-wallet provider’s hotline, chat support, fraud team, or Data Protection Officer
- Written denial that you opened, used, funded, or benefited from the account
For screenshots, include the full screen where possible. Do not crop out the date, time, sender, email headers, transaction reference numbers, or URL bar.
3. Secure Your Phone, SIM, Email, and Other Financial Accounts
An unauthorized e-wallet account may be only one part of a larger identity compromise.
Do these immediately:
- Change passwords for your email, e-wallets, online banking, and social media.
- Enable two-factor authentication using an authenticator app where possible.
- Contact your telco if you suspect SIM swap, lost SIM, or unauthorized SIM registration.
- Check whether your email has forwarding rules or unknown recovery emails.
- Remove unknown devices from your Google, Apple, Facebook, or email account.
- Notify your banks and legitimate e-wallets that your identity may have been compromised.
- Monitor for small test transfers, loan applications, or account-linking notifications.
If your phone was stolen, report the loss to your telco and request SIM replacement or blocking. If your government ID was lost, keep a notarized affidavit of loss and replacement records.
How to Report the Unauthorized E-Wallet Account
Step 1: Report to the E-Wallet Provider in Writing
Start with the provider because it controls the account records and can freeze or deactivate the account faster than an external agency.
Your written report should include:
- Your full name
- Mobile number and email address involved
- Type of ID allegedly used, if known
- Date you discovered the account
- A clear statement that you did not open, authorize, use, or benefit from the account
- Request to freeze, investigate, deactivate, and preserve records
- Request for a written incident or case reference number
- Request for correction, blocking, or deletion of your personal data where proper
- Copies of supporting documents
Use the app’s official help channel if available, but also send email if the provider publishes a support, fraud, or Data Protection Officer email address. Keep screenshots of your submission.
Step 2: Ask for Account Preservation
Specifically ask the provider to preserve:
- KYC or verification records
- ID images and selfie or liveness check records
- Device ID, IP address, and login logs
- Mobile number and email registration records
- Transaction history
- Linked bank accounts, cards, merchants, or devices
- Customer support records
- Internal fraud investigation notes, to the extent disclosable
Providers may not release all of this directly to you because of privacy, bank secrecy, anti-fraud, or law enforcement restrictions. But preservation is still important because investigators may later request records through the proper legal process.
Step 3: File a Police or Cybercrime Complaint if There Is Fraud, Debt, or Misuse
File with the PNP Anti-Cybercrime Group, NBI Cybercrime Division, or the nearest police station if:
- Money passed through the account
- A scam victim is involved
- The account was used for loans or credit
- The provider refuses to act
- Your ID documents were forged or misused
- You need an official report for banks, creditors, the NPC, or BSP
Bring:
| Document | Why it matters |
|---|---|
| Government ID or passport | Proves your identity as complainant |
| Screenshots and emails | Shows discovery and digital trail |
| Provider complaint/reference number | Shows you reported first to the institution |
| Affidavit of loss, if ID/SIM/phone was lost | Explains how your information may have been exposed |
| Notarized affidavit of complaint | Gives investigators a sworn factual basis |
| Transaction references, if any | Helps trace funds |
| Names, numbers, URLs, wallet IDs, or handles | Helps identify suspects or accounts |
| Written denial of consent | Clarifies that you did not open or authorize the account |
For serious cybercrime or financial fraud, a barangay blotter is usually not enough. It may help document timing, but e-wallet tracing normally requires the provider, BSP-supervised institutions, telcos, PNP ACG, NBI, prosecutors, or courts.
Step 4: Escalate to BSP if the E-Wallet Provider Does Not Resolve It
If the e-wallet is BSP-supervised and the provider does not respond properly, escalate to the BSP.
The BSP says consumers may file through BOB, the BSP Online Buddy, or send a Complaints, Inquiries and Requests form by email to consumeraffairs@bsp.gov.ph. For email or mail complaints, include a clear summary, your requested resolution, contact details, and a copy of the complaint filed with the financial institution and its reply, if any.
Ask for specific relief, such as:
- Investigation of unauthorized account opening
- Confirmation of freeze or closure
- Correction of records
- Written statement that you disputed the account as unauthorized
- Assistance in preventing collection, blacklisting, or adverse records based on the unauthorized account
- Review of the provider’s KYC and complaint-handling process
Step 5: File with the National Privacy Commission if Personal Data Was Misused
If the issue involves unauthorized processing of your personal data, file or prepare a complaint with the National Privacy Commission.
The NPC’s complaint mechanics require a filled-out and notarized complaint-assisted form or verified complaint with evidence and witness affidavits. The NPC also emphasizes “exhaustion of remedies”: before filing, you generally need to inform the respondent in writing of the privacy violation or personal data breach and give the respondent a chance to act. If there is no timely or appropriate action, or no response within 15 calendar days from receipt, attach proof of that written notice to your NPC complaint.
Useful NPC requests include:
- Finding that your personal data was improperly processed
- Order to stop processing unauthorized data
- Correction, blocking, or deletion of inaccurate records
- Security measures to prevent repeat misuse
- Indemnity or damages where supported by evidence
- Referral for possible criminal violations where appropriate
The NPC’s official pages on filing a complaint and mechanics for complaints are useful references.
If Money Was Transferred Through the Account
If money moved through the unauthorized e-wallet, time becomes critical.
BSP Circular No. 1215, Series of 2025, issued in connection with AFASA, provides rules on temporary holding of funds subject to disputed transactions and coordinated verification. In simplified terms, involved financial institutions may be asked to trace and temporarily hold disputed funds. The initial holding may be for up to five calendar days, and in proper cases may be extended by not more than 25 calendar days from the lapse of the initial holding period.
In practice, this means you should:
- Report immediately to the originating financial institution or e-wallet.
- Provide transaction reference numbers and screenshots.
- Ask whether a temporary hold or coordinated verification process can be initiated.
- Submit a sworn complaint, affidavit, police report, or supporting documents quickly.
- Get written confirmation of what was held, reversed, rejected, or already withdrawn.
The longer you wait, the more likely the funds will be withdrawn, cashed out, converted, or moved through several accounts.
If the Account Was Used for an Unauthorized Loan or Credit Product
Some e-wallet ecosystems are connected to credit lines, cash loans, merchant advances, or partner lending platforms. If you receive a demand letter or collection message for a loan you did not apply for:
- Do not admit liability.
- Do not pay “just to stop the harassment” unless you have obtained proper advice and a written reservation of rights.
- Ask for the loan application records, KYC documents, IP/device logs, disbursement details, and repayment account details.
- Dispute the debt in writing with the lender and e-wallet provider.
- Demand suspension of collection while the identity theft report is being investigated.
- Report abusive collection practices to the relevant regulator if applicable.
- Check your credit report.
The Credit Information Corporation explains that a credit report summarizes financial transactions submitted to the CIC under RA 9510. If an unauthorized loan appears in your credit records, dispute it with the reporting lender and follow the CIC or accredited credit bureau correction process.
Special Notes for OFWs and Foreigners
If You Are a Filipino Abroad
If you are outside the Philippines, you can still prepare a report. Practical steps include:
- Send written reports to the e-wallet provider, BSP, and NPC by email or official online channel.
- Execute an affidavit before the Philippine Embassy or Consulate, or before a local notary with apostille if applicable.
- Issue a Special Power of Attorney if a trusted person in the Philippines will file documents, follow up, or obtain records for you.
- Keep copies of your passport pages, visa/residence card, and proof that you were abroad when the account was opened or used.
If your location proves you could not have opened or used the wallet in the Philippines, attach travel records, immigration stamps, airline records, employment certificates, or residence permits.
If You Are a Foreigner in the Philippines
Foreigners may also be victims of unauthorized e-wallet accounts. You may need:
- Passport
- ACR I-Card, if applicable
- Philippine address proof
- Local SIM ownership or telco records
- Police report or NBI complaint
- Embassy-notarized or apostilled documents if some evidence comes from abroad
If the account was opened using your passport details, ask the e-wallet provider to preserve the image of the passport page and the selfie or liveness verification used. This can help prove whether the document was stolen, altered, or used with an impersonator.
Common Mistakes to Avoid
Waiting Too Long
Fraud moves quickly. A delay of even a few days can make tracing harder. Report as soon as you discover the unauthorized account.
Only Calling Customer Service
Hotlines are useful, but written records are stronger. Always follow up by email, ticket, or in-app written complaint.
Deleting Messages or Screenshots
Do not delete OTP messages, emails, debt collection texts, or suspicious chats. Investigators need the original context.
Accessing or Using the Account
Do not transfer funds, withdraw money, change details, or interact with the account beyond what is necessary to document and report it.
Assuming “No Loss” Means “No Case”
Even without financial loss, unauthorized use of your personal data may still be a privacy, cybercrime, or consumer protection issue.
Ignoring Credit and Collection Risks
If the wallet was used for loans, your name may be reported to collectors or credit databases. Dispute early and in writing.
Posting Full Details Online
Avoid posting your full name, mobile number, account number, ID images, or transaction records publicly. You may accidentally expose more personal data.
Sample Wording for Your Initial Report to the E-Wallet Provider
You may adapt this for email or in-app support:
I am reporting an e-wallet account that appears to have been opened or registered using my name, mobile number, email address, identification document, or other personal data without my consent. I did not create, authorize, use, fund, transact through, or benefit from this account.
Please immediately freeze or restrict the account, preserve all KYC records, ID images, selfie/liveness records, registration logs, device and IP logs, linked accounts, transaction history, and communications relating to the account. Please also provide a case reference number and written confirmation of the actions taken.
I am invoking my rights under the Data Privacy Act of 2012 and requesting confirmation of the personal data processed in relation to this account, the basis for processing, and the procedure for correction, blocking, deletion, or closure of records that were created without my authorization.
Documents to Prepare
| Purpose | Documents |
|---|---|
| Report to e-wallet provider | Government ID, screenshots, phone number/email involved, written statement of non-consent |
| BSP escalation | Provider complaint, provider reply or proof of no response, requested resolution, contact details |
| NPC complaint | Notarized complaint-assisted form or verified complaint, proof you first informed the respondent in writing, evidence, affidavits |
| PNP/NBI complaint | Affidavit, IDs, screenshots, transaction references, provider ticket, lost ID/SIM reports |
| Unauthorized loan dispute | Demand letters, credit/loan notices, proof of identity theft report, written denial of debt |
| OFW/foreigner filing | Passport, apostilled or consularized affidavit/SPA, proof of location abroad, representative’s ID |
Frequently Asked Questions
Can someone legally open an e-wallet account in my name?
No. Opening an e-wallet account using your identity, ID documents, selfie, or personal data without your consent may violate Philippine data privacy, cybercrime, consumer protection, anti-scam, and penal laws, depending on the facts.
Am I liable if a scammer used an e-wallet account under my name?
You are not automatically liable just because your name appears on an account. But you must be able to show that you did not open, authorize, use, control, or benefit from the account. Prompt written reports, affidavits, and evidence are important.
Should I report first to the e-wallet provider, police, BSP, or NPC?
For urgent freezing, report first to the e-wallet provider. If fraud, transactions, loans, or identity theft are involved, also report to PNP ACG or NBI. If the provider mishandles your complaint, escalate to BSP if it is BSP-supervised. If personal data was misused, consider an NPC complaint after complying with the NPC’s exhaustion-of-remedies requirement.
Can I ask the e-wallet provider to delete the fake account?
You can request closure, blocking, correction, or deletion of unauthorized personal data where legally proper. However, the provider may need to preserve records for fraud investigation, AML compliance, regulatory reporting, or law enforcement. A practical request is: freeze the account immediately, stop further use, preserve evidence, and correct records showing that you dispute the account as unauthorized.
What if the e-wallet provider refuses to give me the ID, selfie, or phone number used?
Providers may limit disclosure because the records may involve another person’s data, fraud controls, or law enforcement-sensitive information. Ask them to preserve the records and disclose what they can lawfully disclose to you. For deeper tracing, investigators may need subpoenas, court orders, or lawful requests under applicable rules.
Is a barangay blotter enough?
Usually, no. A barangay blotter may help document that you reported the incident, but e-wallet identity theft and cyber-enabled fraud usually require the e-wallet provider, BSP, NPC, PNP ACG, NBI, prosecutors, or courts. Do not rely on a barangay blotter alone if money, loans, or scam reports are involved.
What if my lost ID was used to open the account?
Prepare an affidavit of loss, report the unauthorized account, and ask the provider to preserve the KYC documents. If the ID was altered or submitted with a fake selfie, the case may involve falsification, identity theft, cybercrime, and data privacy violations.
Can an OFW file a complaint from abroad?
Yes. An OFW can send written complaints through official channels and may execute an affidavit or Special Power of Attorney through a Philippine Embassy or Consulate, or through local notarization with apostille where applicable. A trusted representative in the Philippines can help file or follow up if properly authorized.
How long does this process take?
Freezing or restricting an account can sometimes happen quickly once the provider verifies the risk, but investigation and correction may take longer. BSP escalation depends on the completeness of your complaint and the provider’s response. NPC complaints require proper form, notarization or verification, supporting evidence, and proof that you first informed the respondent in writing and gave it a chance to act, usually within 15 calendar days.
Key Takeaways
- An e-wallet opened in your name without consent is a serious identity, privacy, and financial security issue.
- Report immediately to the e-wallet provider and request freezing, investigation, preservation of records, and written confirmation.
- Preserve screenshots, OTPs, emails, reference numbers, loan notices, and provider replies.
- If money, scams, or loans are involved, file with PNP ACG or NBI and ask the provider about disputed-transaction tracing or temporary holding.
- Escalate unresolved complaints against BSP-supervised e-wallets through BSP consumer assistance.
- File with the National Privacy Commission when your personal data was misused and the provider fails to act properly after written notice.
- Do not use, withdraw from, or transact through the unauthorized account.
- Keep a clear paper trail proving that you did not open, authorize, use, or benefit from the account.