What to Do If Fake IDs in Your Name Are Used for Financial Fraud

Discovering that someone used a fake ID bearing your name to open a bank account, obtain a loan, register an e-wallet, or receive fraudulent funds can be frightening. The most important point is that a document displaying your name does not automatically make you responsible for the transaction. You must still act quickly, however, because the institution’s records may initially identify you as the customer, borrower, or account holder. Your immediate goals are to stop further transactions, preserve evidence, formally deny the account or debt, protect your credit record, and create an official record showing that you are the victim of identity fraud.

Does a Fake ID Make You Liable for the Loan or Account?

Generally, no. A valid contract requires the consent of the contracting parties. Article 1318 of the Civil Code states that there is no contract unless consent, a definite object, and a lawful cause are present. If an impostor applied for a loan or opened an account without your knowledge or authority, you did not give the required consent. The Supreme Court has repeatedly treated the absence of consent as a “no contract” situation. (Lawphil)

This does not mean the problem will correct itself. Banks, lenders, e-wallet providers, and collection agencies may rely on the information submitted during onboarding until you formally dispute it. A prompt written denial is therefore essential.

Your case is stronger when the evidence shows that:

  • You did not submit the application.
  • You did not sign electronically or physically.
  • You did not provide the selfie, video, or biometric verification.
  • The phone number, email address, device, IP address, or residence used was not yours.
  • You did not receive or benefit from the loan proceeds.
  • The signature, photograph, or identification document was fabricated or altered.
  • You were somewhere else when the application or transaction occurred.

Philippine Laws That May Apply

Anti-Financial Account Scamming Act

Republic Act No. 12010, the Anti-Financial Account Scamming Act of 2024 or AFASA, expressly criminalizes opening a financial account using another person’s identity or identification documents. It covers bank accounts, credit card accounts, e-wallets, payment accounts, and other accounts used for financial products or services.

Using another person’s identity to open an account is punishable under AFASA even when the facts do not establish the separate offense of money muling. If the fake account is used to receive, transfer, or withdraw proceeds known to come from crimes or social-engineering schemes, the more serious money-muling provisions may apply. (Lawphil)

AFASA also requires BSP-supervised institutions to maintain adequate verification, multifactor authentication, fraud-monitoring, and account-protection controls. An institution may be required to restore funds when its failure to employ adequate controls or exercise the highest degree of diligence caused the loss. A criminal conviction of the scammer is not always required before restitution may be considered. (Lawphil)

Cybercrime Prevention Act

If computers, mobile applications, email, social media, electronic documents, or online systems were used, computer-related identity theft under Section 4(b)(3) of Republic Act No. 10175 may apply. The offense includes intentionally acquiring, using, misusing, transferring, possessing, altering, or deleting another person’s identifying information without authority. (Lawphil)

Data Privacy Act

Republic Act No. 10173, the Data Privacy Act of 2012, may apply when your name, photograph, signature, ID number, birth date, address, biometrics, or other personal information was unlawfully collected, disclosed, or used.

As the data subject, you may demand access to personal data about you, dispute inaccurate information, and seek correction, blocking, or deletion where legally appropriate. You may also complain to the National Privacy Commission when an organization mishandles your personal data or fails to respond properly to a reported privacy violation. (National Privacy Commission)

Falsification and Estafa

Depending on the documents and method used, the offender may also be investigated for:

  • Falsification of public, official, commercial, or private documents under Articles 171 and 172 of the Revised Penal Code.
  • Use of falsified documents under Article 172.
  • Estafa or swindling under Article 315 when deceit caused financial loss.
  • Estafa through falsification of a commercial document when falsification was used as the necessary means of committing the fraud.

The exact offense depends on whether the ID or application was public, official, commercial, or private; who falsified it; how it was used; and who suffered the loss. (Lawphil)

If the fake document is a National ID, Republic Act No. 11055, the Philippine Identification System Act, also penalizes unauthorized issuance, preparation, or use of fraudulent PhilSys credentials. (Lawphil)

What to Do Immediately

1. Preserve Every Piece of Evidence

Do not delete messages, emails, collection notices, application screenshots, or transaction alerts. Save the original electronic files whenever possible rather than relying only on screenshots.

Create a folder containing:

  • The fake ID, application, or account information you received.
  • Text messages, emails, call logs, and collection letters.
  • Screenshots showing the date, time, sender, account number, and web address.
  • The institution’s name, branch, app, or platform.
  • Reference numbers from every complaint.
  • Proof that the contact number, email, address, photograph, or signature used was not yours.
  • Your genuine IDs and specimen signatures from around the same period.
  • Travel records, attendance logs, employment records, immigration stamps, receipts, or other proof of your location.
  • Proof that the proceeds went to an account, wallet, or recipient unrelated to you.

Keep unedited copies. If you need to mark a screenshot, preserve the original and create a separate annotated copy.

2. Notify the Bank, Lender, or E-Wallet Provider Immediately

Use only the institution’s official hotline, website, mobile application, branch, or published email address. Do not send personal documents to a number supplied by an unknown collector.

State clearly that this is an identity-theft and fraudulent-account dispute, not merely a billing inquiry. Request:

  1. Immediate blocking or restriction of the fraudulent account.
  2. Suspension of collection activity against you while the matter is investigated.
  3. A notation that you deny opening, authorizing, or benefiting from the account.
  4. Preservation of all application, know-your-customer, transaction, device, and communications records.
  5. A written complaint reference number.
  6. Confirmation of whether the account was reported to the Credit Information Corporation.
  7. Correction or withdrawal of any adverse credit report attributable to the fraudulent account.
  8. Written findings after the investigation.

For a BSP-supervised institution, the first-level complaint channel is its Financial Consumer Protection Assistance Mechanism, commonly called the FCPAM. If the institution’s response is unsatisfactory, the complaint may be escalated to the BSP Consumer Assistance Mechanism through the BSP Online Buddy or the official complaint form.

3. Ask the Institution to Preserve Specific Fraud Records

A useful preservation request should identify the records that may prove who actually applied. Ask the institution to preserve, subject to lawful disclosure and redaction:

  • The original application and attachments.
  • Front-and-back copies of every ID submitted.
  • Selfies, liveness checks, video calls, and biometric results.
  • Electronic signatures and signature audit trails.
  • IP addresses, device identifiers, browser information, and geolocation data.
  • Registered phone numbers and email addresses.
  • One-time-password and authentication logs.
  • Call recordings and customer-service chats.
  • Branch CCTV, if the transaction was done in person.
  • The account into which loan proceeds were released.
  • Transfers, cash-outs, withdrawals, and beneficiary details.
  • Internal fraud alerts and account-verification results.

These records can disappear under ordinary retention schedules. A prompt written preservation request reduces that risk.

4. Request an AFASA Hold When Funds Are Still Moving

When the incident involves an unauthorized transfer from a financial account, report it immediately and ask whether the institution can initiate AFASA’s temporary-holding and coordinated-verification process.

Under BSP Circular No. 1215, disputed funds may initially be held for up to five calendar days. The hold may be extended by up to another 25 calendar days, for a maximum of 30 calendar days, when additional verification is justified. A longer hold requires a court order. The process is most useful before the funds have been withdrawn or transferred beyond traceable financial institutions.

A hold is not automatic reimbursement. It preserves identifiable funds while participating institutions investigate the transaction.

5. Execute an Affidavit of Denial and Identity Theft

Prepare a detailed sworn affidavit stating:

  • Your complete name and identifying details.
  • How and when you discovered the fraudulent account.
  • The institution and account or application reference involved.
  • That you did not apply, sign, authorize, or receive the proceeds.
  • Which information on the application is false.
  • Whether any genuine ID was lost, copied, photographed, or previously submitted elsewhere.
  • Whether the photograph or signature is yours.
  • The phone numbers, email addresses, and accounts that actually belong to you.
  • The action you took after discovery.
  • The documents attached to support your denial.

Have the affidavit notarized. Submit copies to the institution, law-enforcement investigator, regulator, and credit-reporting dispute process as appropriate.

An affidavit is important evidence, but it does not by itself erase the account, cancel a credit report, or convict the offender. It must be paired with formal complaints and supporting records.

6. Report the Crime to Law Enforcement

You may report to:

  • The Philippine National Police Anti-Cybercrime Group.
  • The National Bureau of Investigation Cybercrime Division.
  • The NBI Fraud and Financial Crimes Division.
  • The Cybercrime Investigation and Coordinating Center.
  • The nearest police station, particularly when you need an immediate blotter entry or police report.

The BSP’s official complaint guide lists the PNP, NBI, and CICC as the appropriate law-enforcement channels for scams and financial fraud.

A police blotter records that you reported the incident on a particular date. It is useful, but it is not the same as a fully investigated criminal complaint. For a formal investigation, expect to provide a sworn statement, the disputed documents, correspondence with the institution, and available electronic evidence.

The NBI Citizens’ Charter indicates that complainants and witnesses may be required to execute sworn statements and present relevant documents or devices. Its published processing times cover initial frontline intake and evaluation—not the entire investigation, which may take longer when records must be obtained from several institutions. (National Bureau of Investigation)

7. Notify the ID-Issuing Agency

If the fraudulent document contains a real ID number, altered copy, or genuine photograph, report it to the issuing agency. Do not falsely report your original ID as lost when it remains in your possession; explain that a counterfeit or unauthorized copy is being used.

For National ID-related fraud, the PSA accepts reports through its official PhilSys channels, Hotline 1388, and designated Fraud Incident Officers at registration centers. The PSA also provides online National ID verification facilities. (Philippine Statistics Authority)

For other IDs, notify the corresponding agency, such as the DFA for passports, LTO for driver’s licences, or the agency that issued the professional, employee, or government credential.

8. Check and Dispute Your Credit Report

Obtain your credit report from a Credit Information Corporation-authorized channel. Look for:

  • Loans you did not obtain.
  • Accounts with unfamiliar lenders.
  • Addresses, phone numbers, or IDs that are not yours.
  • Late payments or defaults linked to the fraudulent account.
  • Multiple recent credit inquiries.

Republic Act No. 9510 gives borrowers the right to dispute erroneous, incomplete, outdated, or misleading credit information. The CIC must investigate and verify disputed information within five working days from receipt of a proper complaint. If the information cannot be verified or proven accurate, it must be deleted, and affected recipients of the report must be informed of the correction or removal. (Credit Information Corporation (CIC))

The current CIC Online Dispute Resolution Process requires information from a recently obtained credit report, including its transaction reference number. Supporting documents such as your affidavit, police report, and the lender’s fraud-dispute acknowledgment should be attached. (Credit Information Corporation (CIC))

Where to File Each Complaint

Problem First office or channel Escalation or additional action
Fake bank, credit-card, e-wallet, or payment account Institution’s FCPAM or fraud department BSP Consumer Assistance Mechanism
Unauthorized bank transfer Institution immediately; request tracing and AFASA holding BSP if handling is unsatisfactory; PNP, NBI, or CICC for criminal investigation
Fake loan from a financing or lending company Company’s complaint channel SEC I-Message Mo Portal
Incorrect credit record Lender and CIC dispute system Submit further evidence requested by CIC
Misuse of personal data Institution’s Data Protection Officer or privacy office National Privacy Commission
Fake National ID PSA or nearest National ID registration center PNP or NBI if used in a crime
Forged documents or identity theft PNP, PNP Anti-Cybercrime Group, or NBI Office of the City or Provincial Prosecutor when a formal criminal complaint is pursued

BSP-supervised institutions must be approached first through their own complaint mechanism before ordinary escalation to BSP. Financing companies, lending companies, and online lending platforms are primarily regulated by the SEC rather than the BSP.

Filing a Data Privacy Complaint

Before filing a formal complaint with the National Privacy Commission, notify the organization in writing of the suspected misuse or inaccurate processing of your personal data. NPC rules generally require exhaustion of remedies: the respondent must first be given an opportunity to address the violation, and either fail to take timely and appropriate action or fail to respond within 15 calendar days.

A formal NPC complaint normally requires a notarized complaint-assisted form or verified complaint, supporting evidence, and witness affidavits where applicable. (National Privacy Commission)

A privacy complaint is particularly relevant when an institution:

  • Refuses to correct personal information it knows is inaccurate.
  • Continues associating you with a fraudulent account after receiving credible proof.
  • Discloses the fake debt to unauthorized persons.
  • Fails to protect copies of your IDs or biometric information.
  • Cannot explain how your personal information was obtained or used.
  • Ignores a proper request for access, correction, or blocking.

What to Do If a Collection Agency Contacts You

Respond in writing rather than arguing by phone. State that:

  • You dispute the debt in full.
  • You did not apply for or authorize the account.
  • The account is under an identity-fraud investigation.
  • You require written validation and copies of the documents relied upon.
  • Further communications should identify the creditor, account reference, and legal basis for collection.

Do not make a “small payment,” sign a restructuring agreement, or agree to a settlement merely to stop the calls. Such action may complicate your denial and may later be presented as an acknowledgment of the obligation.

Do not send full, unwatermarked ID copies to an unknown collector. When an institution legitimately requires an ID copy, consider marking it:

For identity-fraud dispute with [institution] only — submitted [date]

Mask information that the institution confirms is unnecessary.

What If the Lender Files a Court Case?

Do not ignore a summons even when the debt is clearly fraudulent. Under the current Rules of Civil Procedure, a defendant generally has 30 calendar days from service of summons to file an answer, unless the court sets a different period. (Lawphil)

The answer should specifically deny:

  • That you signed the application, promissory note, disclosure statement, or receipt.
  • That you authorized anyone to sign for you.
  • That you received the proceeds.
  • That the contact details and accounts used were yours.
  • The genuineness and due execution of any document falsely bearing your signature.

When a claim is based on a written document, the Rules contain technical requirements for specifically denying its genuineness and due execution, often under oath. A general statement that “the debt is not mine” may be insufficient. Authentic specimen signatures and the original disputed document may also become important because forgery is ordinarily established through comparison with genuine signatures and other evidence. (Lawphil)

Documents That Strengthen an Identity-Fraud Dispute

Document Why it helps
Notarized affidavit of denial Gives a detailed sworn account of the fraud
Police or NBI report Shows prompt reporting and supports investigation
Genuine IDs Allows comparison with the counterfeit document
Specimen signatures Helps establish that the disputed signature was forged
Proof of address Shows that the application used an unrelated address
Phone and email records Demonstrates that the registered contact details were not yours
Travel or attendance records Shows where you were when the account was opened
Bank statements Helps prove you did not receive the proceeds
Complaint reference numbers Establishes a chronological paper trail
CIC credit report Identifies affected accounts and submitting institutions
Institution’s KYC records May reveal the impostor’s photo, device, phone, or disbursement account

Provide copies unless an investigator or court requires the original. Keep a complete duplicate set and an index showing when and to whom each document was submitted.

If You Are Outside the Philippines

You can begin by reporting electronically to the institution, regulator, CIC, PNP, NBI, or CICC. Do not wait until your next visit to the Philippines.

For an affidavit executed abroad:

  • A Filipino may usually appear before a Philippine Embassy or Consulate for consular notarization.
  • A document notarized by a local notary in an Apostille Convention country may generally be apostilled by that country’s competent authority for use in the Philippines.
  • In a non-Apostille country, authentication or legalization through the appropriate authorities and Philippine foreign service post may be required.
  • A representative in the Philippines may need a notarized or properly authenticated Special Power of Attorney.

Philippine consular offices may have country-specific procedures, fees, and appointment systems. Documents already bearing a valid apostille generally do not require further Philippine Embassy authentication. (Philippine Embassy New Delhi)

Foreign nationals should submit the passport, ACR I-Card, Philippine visa or immigration record, and proof of Philippine or overseas address relevant to the disputed transaction. A foreign police report and certified English translation may also help when the fraud was discovered abroad.

Common Mistakes That Make the Problem Harder

Ignoring the First Collection Notice

Silence allows adverse credit reporting and collection activity to continue. Dispute the account immediately in writing.

Relying Only on a Police Blotter

A blotter is useful evidence, but the lender, CIC, and regulator still need their own properly documented complaints.

Reporting Only by Telephone

Calls are difficult to prove. Follow every call with an email or letter summarizing what was reported, who received it, and the reference number.

Sending Sensitive Data to Unverified Contacts

Scammers sometimes impersonate the institution again after the victim reports the fraud. Verify every email domain, telephone number, payment instruction, and document request.

Publicly Posting the Fake ID

Posting the entire document may expose your ID number, address, birth date, photograph, signature, or QR code to additional misuse.

Signing a Settlement Without Understanding It

A restructuring agreement or compromise may be treated as evidence that you accepted the debt. Maintain a clear and consistent position if the obligation is entirely fraudulent.

Filing an Exaggerated or False Report

State only facts you can honestly support. AFASA penalizes malicious reporting made in bad faith when completely unwarranted information results in the holding of funds.

Frequently Asked Questions

Am I required to pay a loan obtained using a fake ID in my name?

Not merely because the fake ID carries your name. The lender must establish a valid obligation, including your consent. Formally dispute the loan and provide evidence that you did not apply, sign, authorize, or receive the proceeds.

Is an affidavit of denial enough to clear my name?

No. It is an important supporting document, but you should also file disputes with the lender, regulator, CIC, and law enforcement. Ask each office for written acknowledgment and final findings.

Should I report the incident even if no money was taken from my own account?

Yes. A fraudulent loan, account, or e-wallet can damage your credit standing, expose you to collection activity, and be used for further crimes even when your personal funds were not directly stolen.

Can I demand a copy of the fake application?

You may request access to personal data and documents relating to you. The institution may redact third-party or confidential information, but it should still investigate the dispute and preserve the complete records for regulators or law enforcement.

What if the fake ID contains my correct ID number and photograph?

Report the misuse to both the financial institution and the issuing government agency. Change compromised account credentials and determine where copies of the ID may previously have been submitted.

Will replacing my ID stop the fraud?

Not necessarily. Replacing a lost or compromised ID may reduce future risk, but copies and personal data may continue circulating. You must also dispute existing accounts, protect your phone and email, review your credit report, and preserve evidence.

How long does an identity-fraud investigation take?

Initial institution and law-enforcement intake may occur quickly, but the full investigation may take weeks or months, especially when several banks, e-wallets, telecommunications providers, or overseas parties are involved. AFASA’s disputed-fund holding period is much shorter—initially up to five days and, when justified, up to 30 days total.

Can I recover damages?

Depending on the evidence, damages may be pursued against the offender and potentially against an institution whose unlawful, negligent, or inadequate handling caused additional harm. Articles 19, 20, 21, 26, and 33 of the Civil Code may support civil remedies for abuse of rights, unlawful injury, invasion of privacy, or fraud. AFASA also recognizes restitution and civil liability in appropriate cases. (Lawphil)

What if the fraudster is overseas?

Philippine authorities may still investigate when relevant acts, accounts, systems, or resulting damage are connected to the Philippines. AFASA contains provisions on extraterritorial jurisdiction and international cooperation, although obtaining overseas evidence may lengthen the process. (Lawphil)

Key Takeaways

  • A fake ID bearing your name does not by itself prove that you consented to a loan or financial account.
  • Report the fraud immediately to the institution and describe it as an identity-theft dispute.
  • Request account restrictions, preservation of KYC and electronic records, and suspension of collection and adverse credit reporting.
  • Execute a detailed notarized affidavit of denial and file a police, PNP Anti-Cybercrime, NBI, or CICC report.
  • Check your CIC credit report and dispute every fraudulent account or incorrect personal detail.
  • Escalate unresolved bank and e-wallet complaints to BSP, lending-company complaints to SEC, and personal-data violations to the National Privacy Commission.
  • Never ignore a court summons; the ordinary deadline to answer is 30 calendar days from service.
  • Keep one organized evidence file containing every document, email, reference number, and proof of submission.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.