Finding out that an e-wallet account was opened using your name, ID, selfie, mobile number, or other personal details can feel alarming because it may expose you to fraud reports, debt collection, scams, money mule investigations, or data privacy risks. In the Philippines, this is not just a “customer service issue.” It can involve financial consumer protection, data privacy violations, cybercrime, access device fraud, falsification, SIM registration violations, and possible civil damages. The most important things to do are to document everything, report quickly to the e-wallet provider, ask for account freezing and data correction, escalate to the BSP or NPC when needed, and preserve evidence for law enforcement.
What It Means When an E-Wallet Was Opened Using Your Identity
An e-wallet account opened without your consent usually means someone used your personal information to pass Know-Your-Customer or KYC checks. This may involve:
- Your full name
- Date of birth
- Address
- Mobile number
- Email address
- Government-issued ID
- Passport or foreign ID
- Selfie or liveness verification image
- Forged signature or digital consent
- A SIM registered under your name
- A stolen phone number or SIM swap
In practical terms, the account may have been used for cash-ins, cash-outs, transfers, online purchases, gambling-related payments, crypto transfers, loan applications, scam proceeds, or fraud collections. Even if you did not lose money directly, the risk is serious because your identity may appear in the e-wallet provider’s KYC records and transaction logs.
Under BSP rules, e-money is electronically stored monetary value that is pre-funded, accepted as a means of payment, represented by a claim on the issuer, and withdrawable or transferable. BSP Circular No. 1166, Series of 2023 governs the issuance and operation of electronic money by BSP-supervised financial institutions, including many e-wallet issuers.
Your Main Legal Rights in the Philippines
Several Philippine laws may apply at the same time. The right approach is usually administrative first, then regulatory, then law enforcement or court action when needed.
| Legal basis | Why it matters if an e-wallet account was opened without consent |
|---|---|
| Republic Act No. 11765, Financial Products and Services Consumer Protection Act | Protects financial consumers’ rights to fair treatment, data privacy, protection of assets against fraud and misuse, and timely complaint handling. It also gives regulators such as the BSP powers over financial service providers. (Supreme Court E-Library) |
| BSP Circular No. 1160, Series of 2022 | Requires BSP-supervised institutions to maintain consumer protection risk management systems and complaint mechanisms. |
| BSP Circular No. 1166, Series of 2023 | Requires e-money issuers to have safeguards, security policies, complaint procedures, refund policies, and protection of e-money consumer assets against fraud and misuse. |
| BSP Circular No. 1170, Series of 2023 | Covers customer due diligence and electronic KYC. It requires covered persons to conduct risk-based customer due diligence and verify customer identity using reliable information and official or valid identification documents. (Bangko Sentral ng Pilipinas) |
| Republic Act No. 10173, Data Privacy Act of 2012 | Gives you data subject rights, including the right to be informed, access, correction, blocking/removal, and damages for unauthorized or unlawful use of personal data. (National Privacy Commission) |
| Republic Act No. 10175, Cybercrime Prevention Act of 2012 | Penalizes computer-related identity theft, computer-related fraud, and computer-related forgery. (Supreme Court E-Library) |
| Republic Act No. 8484, Access Devices Regulation Act, as amended by RA 11449 | Covers access devices such as account numbers, codes, PINs, and other means of account access used to obtain money or transfer funds. RA 11449 added rules on accessing applications or online banking accounts in a fraudulent manner. (Lawphil) |
| Revised Penal Code, Article 172 | May apply if false documents, forged IDs, or falsified private, commercial, or official documents were used to open the account. (Lawphil) |
| Civil Code, Articles 19, 20, 21, and 2176 | May support a civil claim for damages if a person or company, through wrongful acts or negligence, caused injury to you. (Lawphil) |
| Republic Act No. 11934, SIM Registration Act | May apply if a SIM was registered using false information, fictitious identity, or fraudulent identification documents. (Lawphil) |
What to Do Immediately
1. Do not try to use or access the fake account
Even if the account is under your name, avoid logging in, cashing out, transferring money, changing passwords, or communicating with unknown recipients from that account unless the provider instructs you through an official channel.
Why this matters:
- You do not want to look like you accepted or controlled the account.
- You may accidentally alter evidence.
- You may be accused of participating in the transactions.
- Law enforcement may need clean logs showing the account was controlled by someone else.
Your first position should be clear: “I did not open, authorize, control, or benefit from this account.”
2. Preserve evidence before anything disappears
Create a folder for the incident. Save both digital and printed copies if possible.
Important evidence includes:
- Screenshots showing the e-wallet account, name, number, QR code, transaction details, or messages
- SMS, email, app notifications, OTPs, collection messages, or scam reports
- The exact mobile number linked to the suspicious wallet
- The account name shown to senders or recipients
- Dates and times when you discovered the issue
- Ticket numbers from the e-wallet provider
- Screenshots of your reports to the provider, telco, BSP, NPC, PNP, or NBI
- Proof that you were somewhere else or had no control over the number, if relevant
- Copies of IDs that may have been compromised
- Police blotter or incident report, once available
For court or investigation purposes, electronic evidence must be authenticated. The Supreme Court’s Rules on Electronic Evidence, A.M. No. 01-7-01-SC, recognize electronic documents if they meet admissibility and authentication requirements. (Lawphil)
Practical tip: When taking screenshots, include the date, time, sender name, phone number, URL, transaction reference number, and full screen whenever possible. Do not crop too aggressively.
3. Report to the e-wallet provider through official channels
Use only the official app, website, hotline, verified email, or verified support page. Do not click links from text messages or social media comments pretending to be support agents.
Your report should ask for these actions:
- Freeze or restrict the account immediately pending investigation.
- Confirm whether your personal information is being processed in connection with the account.
- Preserve KYC records and transaction logs, including ID image, selfie/liveness record, device data, IP logs, timestamps, mobile number, and transaction history.
- Investigate the KYC failure or identity misuse.
- Delete, correct, block, or annotate your personal data if the account was fraudulently opened.
- Issue a written certification or incident report stating that you deny opening or authorizing the account.
- Provide a ticket number and expected response timeline.
A short report can say:
I am reporting an e-wallet account apparently opened using my identity without my consent. I did not create, authorize, control, or benefit from this account. Please immediately freeze or restrict the account, preserve all KYC and transaction records, investigate the fraudulent onboarding, and confirm what personal data of mine is being processed. I also request correction, blocking, or removal of my unlawfully used personal data, subject to lawful retention requirements for investigation.
4. Ask for the provider’s Data Protection Officer and complaints unit
E-wallet providers normally have both:
- A customer service or financial consumer protection complaints unit
- A Data Protection Officer or DPO for privacy-related requests
Send your complaint to both if available. The customer service team handles account freezing and financial investigation. The DPO handles personal data access, correction, blocking, and breach concerns.
Under the Data Privacy Act, you may demand reasonable access to personal information processed about you, dispute inaccurate or unlawfully obtained data, and request blocking, removal, or destruction when personal information is incomplete, false, unlawfully obtained, or used for unauthorized purposes. (National Privacy Commission)
Step-by-Step Process to Escalate the Complaint
Step 1: File a first-level complaint with the e-wallet provider
Before going to the BSP, report first to the provider’s own Financial Consumer Protection Assistance Mechanism or customer service channel. BSP guidance states that consumers should first report to the BSP-supervised institution’s FCPAM or customer service channel before escalating to the BSP Consumer Assistance Mechanism.
Keep proof of:
- Date and time of filing
- Reference or ticket number
- Email acknowledgments
- Chat transcripts
- Names of agents, if provided
- The provider’s response or lack of response
Step 2: Escalate to the BSP if the provider does not act properly
If the e-wallet provider is a BSP-supervised institution and you are dissatisfied with its action, inaction, or vague response, you may escalate to the BSP Consumer Assistance Mechanism through the BSP Online Buddy or by submitting a Complaint/Inquiry/Reply form when BOB is unavailable. BSP’s public guidance says BSP-CAM is a second-level recourse and that proof of prior resort to the provider’s FCPAM should be submitted.
Your BSP complaint should focus on the provider’s possible failures, such as:
- Weak KYC controls
- Failure to freeze an account despite credible identity theft notice
- Failure to provide a clear complaint resolution
- Failure to preserve evidence
- Failure to correct or block unlawfully used personal data
- Poor handling of fraud reports
- Refusal to give a written outcome
The BSP may facilitate communication and regulatory handling, but it is not a criminal court. If there is identity theft or fraud, you should also consider filing with law enforcement.
Step 3: File a privacy complaint with the NPC when personal data was misused
The National Privacy Commission handles privacy violations and personal data breach complaints. Before filing with the NPC, you generally need to comply with exhaustion of remedies: inform the respondent in writing of the privacy violation or personal data breach and give it an opportunity to address the matter. NPC guidance refers to no timely or appropriate action, or no response within 15 calendar days from receipt of the written notice. (National Privacy Commission)
You may file with the NPC if, for example:
- Your ID or selfie was used without consent.
- The provider refuses to confirm whether your personal data is in the account.
- The provider refuses to correct, block, or annotate fraudulent KYC records.
- A company that held your ID may have leaked or misused it.
- The account opening suggests unauthorized processing of sensitive personal information.
- The provider failed to notify you of a breach when required.
NPC complaints generally require a filled-out and notarized complaint-assisted form or verified complaint, supporting evidence, and witness affidavits. The NPC may dismiss complaints that are insufficient in form, do not show exhaustion of remedies, do not involve a DPA violation, or lack supporting facts. (National Privacy Commission)
Step 4: Report to PNP-ACG or NBI Cybercrime Division
If the account was used for scam proceeds, fake loans, phishing, identity theft, mule activity, unauthorized transactions, or other cyber-enabled wrongdoing, report to law enforcement.
Under the Cybercrime Prevention Act rules, the NBI and PNP are responsible for cybercrime law enforcement, and the DOJ Office of Cybercrime coordinates their efforts. (Supreme Court E-Library)
You may report to:
- PNP Anti-Cybercrime Group
- NBI Cybercrime Division
- The nearest police station for blotter and referral
- The City or Provincial Prosecutor’s Office if preparing a direct criminal complaint
NBI’s citizen charter for investigative assistance for victims of computer crimes indicates no fee for that service and includes steps such as filing a complaint, executing sworn statements, and submitting supporting documents. (National Bureau of Investigation)
Step 5: Report to the telco if a SIM was involved
If the e-wallet account is tied to a mobile number that was registered using your identity, report separately to the telecommunications company.
Ask the telco to:
- Confirm if your identity was used for SIM registration, subject to lawful verification
- Block or deactivate the SIM if fraudulently registered
- Preserve registration documents, selfies, timestamps, device or IP records, and change-of-SIM records
- Provide a written response or incident reference number
Under RA 11934, using fictitious identities or fraudulent identification documents to register a SIM is punishable. (Supreme Court E-Library)
Documents You Should Prepare
| Purpose | Documents or evidence to prepare |
|---|---|
| E-wallet provider complaint | Valid ID, written statement denying account opening, screenshots, suspicious mobile number, account name, transaction reference numbers, ticket history |
| BSP escalation | Provider complaint ticket, provider response or proof of no response, timeline, screenshots, requested relief |
| NPC complaint | Written notice to provider or DPO, proof of receipt, response or non-response after 15 calendar days, notarized complaint or verified complaint, evidence, witness affidavits |
| PNP/NBI cybercrime report | Valid IDs, complaint-affidavit, screenshots, URLs, phone numbers, transaction details, account names, proof of identity misuse, provider/telco ticket numbers |
| Telco complaint | Valid ID, suspected SIM number, proof your identity was used, written request for deactivation or investigation |
| If abroad | Passport or ID, notarized affidavit, consularized or apostilled documents when required, Special Power of Attorney if someone in the Philippines will file for you |
If You Are Abroad or You Are a Foreigner
Identity misuse involving Philippine e-wallets can affect OFWs, dual citizens, foreign tourists, former residents, and foreigners who previously submitted IDs to Philippine businesses.
If you are a Filipino abroad
You can usually start the complaint online with the provider, BSP, or NPC, but sworn statements, affidavits, or SPAs may need proper notarization. If you will authorize a relative or lawyer in the Philippines, prepare a Special Power of Attorney that specifically authorizes the person to file complaints, sign affidavits, receive documents, and coordinate with the e-wallet provider, BSP, NPC, PNP, NBI, telco, and prosecutor.
Depending on where the document is executed, the Philippine recipient may ask for:
- Philippine Embassy or Consulate notarization; or
- Apostille from the competent authority in an Apostille Convention country.
The Philippines became a party to the Apostille Convention on 14 May 2019, but documents from non-Apostille countries may still require consular legalization. (Apostille Philippines)
If you are a foreigner
A foreign passport, Alien Certificate of Registration, foreign driver’s license, or other ID may have been copied and used. Report quickly because the account may later be connected to suspicious transactions.
Practical points:
- Use your passport number and full name exactly as shown in your passport when reporting.
- State whether you were in or outside the Philippines when the account was opened.
- If your passport was compromised, consider reporting to your embassy or passport authority.
- If you authorize someone in the Philippines, check whether your SPA or affidavit needs apostille or consular notarization.
- Keep travel records, immigration stamps, airline records, or overseas residence documents if they help show you could not have opened the account.
Common Scenarios and What They Usually Mean
Someone used your ID photo from a previous transaction
This often happens when people submit ID photos to online sellers, lending apps, job recruiters, rental brokers, crypto groups, fake “verification” pages, or social media marketplace transactions.
Possible legal issues:
- Unauthorized processing of personal data under the Data Privacy Act
- Computer-related identity theft under RA 10175
- Access device fraud if the account was used to obtain money or transfer funds
- Civil damages if a person or company mishandled your ID
You received debt collection messages for an e-wallet loan you never took
Ask the lender or e-wallet provider for the loan application details, KYC record, disbursement trail, device and SIM information, and proof of consent. Do not simply pay to “clear your name” unless liability is verified.
State clearly that you dispute the account and debt because of identity theft. If collection agents harass you or disclose the alleged debt to others, additional privacy and consumer protection issues may arise.
A scam victim says your e-wallet account received money
Take this seriously. You may be a victim of identity theft, but the scam victim may also be a real victim. Preserve all communications and avoid private settlement without understanding the facts.
Report to the e-wallet provider and law enforcement. Ask the provider to freeze the account and preserve logs. Do not promise repayment unless you actually received or benefited from the funds.
Your mobile number was used but you never registered it
Report to the telco and ask for a SIM registration investigation. If the number is not yours, request that your identity be disassociated from it, subject to the telco’s legal retention and investigation obligations.
The provider refuses to give details because of “privacy”
This is common. The provider may be unable to disclose full transaction logs, recipient identities, device information, or third-party personal data directly to you. However, that does not mean it can ignore your complaint.
You can still request:
- Confirmation whether your personal data is being processed
- The categories of personal data used
- The source of your personal data, when available
- Correction, blocking, or annotation of fraudulent records
- Preservation of evidence
- Written confirmation that the matter is under investigation
- Release of records to law enforcement upon proper legal request
What Relief Can You Ask For?
Depending on the facts, you may ask for:
- Immediate freezing or restriction of the fraudulent e-wallet account
- Written confirmation that you did not open or authorize the account
- Removal, blocking, correction, or annotation of your personal data
- Deactivation of a fraudulently registered SIM
- Preservation of KYC and transaction records
- Reversal or refund of unauthorized transactions, if you lost money
- Written incident report for use with police, NBI, BSP, NPC, or prosecutors
- Assurance that you will not be treated as liable for transactions you did not authorize
- Deletion of false negative records, blacklists, or internal fraud tags wrongly associated with you
- Damages, if you suffered financial loss, reputational harm, harassment, or other injury
Under RA 11765, financial consumers have the right to timely handling and redress of complaints, protection of assets against fraud and misuse, and data privacy and protection. (Supreme Court E-Library)
Practical Timeline
| Stage | Usual practical timing | Notes |
|---|---|---|
| Evidence gathering | Same day | Screenshot and save everything before links, messages, or account details disappear. |
| Report to e-wallet provider | Same day to 24 hours | Ask for urgent freezing and preservation of records. |
| Provider investigation | A few days to several weeks | Complex cases involving other wallets, banks, telcos, or law enforcement may take longer. |
| BSP escalation | After provider response or unreasonable delay | BSP expects proof that you first reported to the provider’s FCPAM or customer service channel. |
| NPC complaint | After written notice and 15 calendar days without proper action | Attach proof of written notice and evidence. (National Privacy Commission) |
| PNP/NBI filing | Same day or as soon as evidence is ready | Faster filing helps preserve logs and supports later subpoenas or requests. |
| Prosecutor action | Varies widely | Requires complaint-affidavit and evidence; law enforcement may assist with case build-up. |
Mistakes to Avoid
- Do not delete messages, emails, call logs, or screenshots.
- Do not send your OTP, password, PIN, selfie, or ID to anyone claiming to “fix” the account.
- Do not rely only on phone calls. Always create a written record.
- Do not assume the e-wallet provider will automatically clear your name. Ask for written confirmation.
- Do not ignore collection messages. Dispute them in writing.
- Do not file vague complaints. Give dates, numbers, screenshots, reference IDs, and a clear timeline.
- Do not accuse a specific person publicly unless you have reliable evidence. Focus reports on facts and official investigation.
- Do not skip the provider complaint before BSP escalation. BSP generally treats itself as second-level recourse.
- Do not submit original IDs unnecessarily. Provide copies only through official channels and mark them for the specific complaint when possible.
Sample Timeline of Events to Include in Your Complaint
A clear timeline makes your complaint easier to investigate.
| Date and time | Event | Evidence |
|---|---|---|
| 5 January 2026, 8:30 PM | Received message from unknown person saying my e-wallet account received scam funds | Screenshot of message |
| 5 January 2026, 8:45 PM | Checked and saw account name matching my full name linked to mobile number 09XX-XXX-XXXX | Screenshot |
| 5 January 2026, 9:10 PM | Reported to e-wallet provider through official support | Ticket No. ABC123 |
| 6 January 2026 | Sent written request to DPO for access, correction, blocking, and preservation of records | Email with delivery proof |
| 8 January 2026 | Filed police blotter / cybercrime report | Blotter or complaint reference |
| 21 January 2026 | No sufficient response after 15 calendar days | Follow-up email and non-response proof |
Frequently Asked Questions
Can I force the e-wallet company to tell me who opened the account?
You can request access to personal data about you and ask for the source, purpose, and categories of data processed. However, the provider may not directly disclose another person’s personal data, device logs, IP addresses, or recipient details to you without proper legal basis. In many cases, those records are released to law enforcement, prosecutors, courts, or regulators through proper process.
Is an e-wallet account opened using my identity considered identity theft?
It may be. Under RA 10175, computer-related identity theft includes intentional acquisition, use, misuse, transfer, possession, alteration, or deletion of identifying information belonging to another without right. If the e-wallet account was opened or used through digital systems using your identifying information, cybercrime issues may arise. (Supreme Court E-Library)
Should I file with the BSP or the NPC first?
File first with the e-wallet provider. Then choose based on the problem. Go to the BSP if the issue is poor handling by a BSP-supervised e-wallet provider, failed fraud controls, unauthorized transactions, or financial consumer redress. Go to the NPC if the issue is misuse, unauthorized processing, leakage, refusal to correct, or unlawful retention of your personal data. In serious cases, you may pursue both tracks.
Do I need a police report before the e-wallet provider acts?
Not always. A provider can freeze or investigate based on your report, especially if there is credible evidence of identity misuse. However, a police blotter, PNP-ACG complaint, or NBI complaint helps establish that you formally deny the account and may support preservation or release of records.
Can I be made liable for transactions from an account I never opened?
Liability depends on evidence. If you truly did not open, authorize, control, or benefit from the account, you should dispute liability in writing immediately. The provider, law enforcement, and any claimant should examine KYC data, device logs, SIM records, transaction trails, and proof of consent.
What if my own ID was used because I sent it to someone before?
Sending an ID once for a legitimate purpose does not automatically authorize someone to use it to open an e-wallet account. The person or entity that reused, sold, leaked, or processed it for another purpose may face privacy, cybercrime, fraud, or civil liability depending on the facts.
Can I ask the e-wallet company to delete the fake account entirely?
You can ask for blocking, removal, correction, or annotation of your personal data. The provider may still retain some records for legal, regulatory, AML, fraud investigation, or litigation purposes. A practical request is to freeze the account, mark it as disputed identity theft, stop further use, and ensure your personal data is not treated as valid consent.
What if I am outside the Philippines?
You can start with online complaints to the provider, BSP, NPC, telco, PNP, or NBI where available. For sworn documents, you may need an affidavit or Special Power of Attorney notarized before a Philippine consulate or apostilled by the competent authority in your country, depending on where it will be used.
How long do e-wallet identity theft cases take?
Simple account-freezing requests may be acted on quickly, but full investigations can take weeks or longer, especially if transactions passed through several wallets, banks, merchants, telcos, or foreign platforms. Regulatory and law enforcement timelines vary depending on evidence, volume of complaints, and whether subpoenas or inter-agency coordination are needed.
Key Takeaways
- An e-wallet account opened using your identity without consent can involve financial consumer protection, data privacy, cybercrime, access device fraud, falsification, and SIM registration issues.
- Report first to the e-wallet provider and ask for freezing, preservation of records, KYC investigation, and correction or blocking of your personal data.
- Escalate to the BSP if the provider mishandles the financial consumer complaint.
- File with the NPC if your personal data was unlawfully processed, misused, leaked, or not corrected after written notice and proper waiting period.
- Report to PNP-ACG or NBI Cybercrime Division if the account was used for scams, identity theft, unauthorized transactions, or other cyber-enabled offenses.
- Preserve screenshots, tickets, emails, mobile numbers, transaction references, and affidavits because digital evidence must be properly authenticated.
- If you are abroad, prepare notarized, consularized, or apostilled documents when a Philippine agency, provider, or representative requires them.