What to Do If Someone Uses Your Identity Documents Without Permission

If someone used your passport, driver’s license, National ID, TIN, UMID, company ID, school records, or scanned documents without your permission, treat it as both a legal problem and a damage-control problem. Your first goal is to stop the misuse, preserve proof, notify the institutions involved, and create an official paper trail before the impersonation spreads to loans, SIM cards, e-wallets, bank accounts, online scams, employment records, or travel documents.

What counts as unauthorized use of identity documents?

Unauthorized use of identity documents happens when another person uses your name, ID number, signature, photo, copy of an ID, or personal information without your consent to make it appear that you approved, applied for, received, signed, borrowed, registered, or transacted something.

Common examples in the Philippines include:

  • Someone uses your ID to open a bank account, e-wallet, crypto account, or lending app account.
  • A scammer registers a SIM card or online account using your ID photo.
  • A relative, former partner, coworker, helper, agent, broker, or “fixer” uses your ID to sign a contract.
  • A fake employer, online seller, or rental agent asks for your ID and later uses it for fraud.
  • A person edits your ID, adds a different photo, or uses your scanned ID with a fake signature.
  • A company keeps using your personal data after you withdrew consent or after the stated purpose ended.
  • Your passport, National ID, TIN card, or driver’s license is used to verify an account you never opened.

In Philippine law, the same incident may fall under several legal categories at once: data privacy violation, computer-related identity theft, falsification, estafa, access device fraud, financial account scamming, or a civil claim for damages.

Why this is serious under Philippine law

Identity documents are not just pieces of plastic or paper. They contain personal information that can be used to affect your money, credit, reputation, travel, tax records, immigration records, and even criminal exposure.

Under the Data Privacy Act of 2012, or Republic Act No. 10173, personal information includes information from which your identity is apparent or can reasonably be ascertained, and the law regulates how government offices and private entities process that information. (Lawphil)

If the misuse happened through a computer system, social media account, online form, e-wallet app, lending app, email, or other digital platform, the Cybercrime Prevention Act of 2012, or Republic Act No. 10175, specifically punishes computer-related identity theft, which includes the intentional acquisition, use, misuse, transfer, possession, alteration, or deletion of identifying information belonging to another person without right. (Lawphil)

If someone forged your signature, altered an ID, made it appear that you participated in a document, or submitted a fake document to a bank, employer, government office, or private company, the act may also involve falsification under Articles 171 and 172 of the Revised Penal Code. Article 172 covers falsification by private individuals and the use of falsified documents. (Lawphil)

The Supreme Court has repeatedly explained that in falsification of public or official documents, the law punishes the violation of public faith and the destruction of truth in the document; proof of financial gain or actual injury is not always required for the falsification itself. (Lawphil)

Laws that may apply when someone uses your ID without permission

Legal basis What it may cover Common real-life example
RA 10173, Data Privacy Act of 2012 Unauthorized or improper processing of personal information A company, agent, app, or person collects or shares your ID copy beyond the purpose you agreed to.
RA 10175, Cybercrime Prevention Act of 2012 Computer-related identity theft Someone uses your ID to verify an online account, e-wallet, lending app, or fake social media profile.
Revised Penal Code, Articles 171 and 172 Falsification of public, official, commercial, or private documents A person edits your ID, forges your signature, or submits a fake application using your name.
Revised Penal Code, Article 315 Estafa, or fraud causing damage Someone obtains money, loans, goods, or services by pretending to be you.
RA 8484, as amended by RA 11449 Access device fraud involving cards, account numbers, codes, or similar access tools Someone applies for or uses a credit card, account, PIN, or access credential using false documents or another identity. (Lawphil)
RA 12010, Anti-Financial Account Scamming Act of 2024 Financial account scams, money muling, social engineering schemes, and use of another person’s identity documents for financial accounts A scammer opens or uses a financial account with your identity documents. (Lawphil)
RA 11055, Philippine Identification System Act of 2018 Misuse, unlawful use, falsification, or unauthorized handling of National ID or PhilSys information Someone unlawfully uses your PhilID, PhilSys Number, or National ID data. (Lawphil)
Civil Code, Articles 19, 20, 21, 26, and 32 Civil damages for bad faith, unlawful acts, privacy violations, or impairment of rights You suffer reputational damage, emotional distress, collection harassment, or financial loss because of the misuse. (Lawphil)

What to do first: immediate steps to protect yourself

1. Secure your accounts and documents

Start with the accounts and IDs most likely to be abused:

  • Change passwords for email, banking, e-wallets, social media, shopping apps, and cloud storage.
  • Turn on two-factor authentication or multi-factor authentication.
  • Check whether your email or mobile number was changed in any account.
  • Review recent login activity, device history, OTP messages, transaction alerts, and password reset emails.
  • If your phone or SIM was lost, ask your telco to block or replace the SIM.
  • If your physical ID was stolen, prepare an affidavit of loss and, when needed, a police report.

Do not delete messages, screenshots, fake profiles, transaction alerts, or emails. You may need them as evidence.

2. Preserve evidence before contacting the offender

Many victims immediately message the person who used their ID. That is understandable, especially if the person is a relative, ex-partner, broker, recruiter, former employer, or online seller. But before doing that, preserve proof.

Save:

  • screenshots showing the account, post, transaction, message, or application;
  • URLs or profile links;
  • email headers, if available;
  • text messages, OTPs, delivery notices, and loan reminders;
  • bank or e-wallet transaction records;
  • collection notices;
  • copies of fake documents;
  • names, mobile numbers, account numbers, and usernames used;
  • dates and times of each event;
  • names of institutions where your ID was used.

For screenshots, include the full screen where possible: date, time, URL, sender, recipient, and account name. For printed evidence, keep both printed copies and the original digital files.

3. Make a simple incident timeline

A clear timeline helps police investigators, banks, e-wallets, prosecutors, and privacy officers understand what happened.

Use this format:

Date What happened Proof available Institution or person involved
March 3 Received loan collection text for loan I did not apply for Screenshot of SMS Lending app / collector
March 4 Found account using my ID photo Screenshot and URL Social media platform
March 5 Reported to bank/e-wallet Email acknowledgment Bank or e-wallet

This timeline is also useful when preparing an affidavit-complaint.

4. Notify the company, bank, e-wallet, telco, app, or government office involved

Send a written report to the institution where your ID was used. Ask for:

  • immediate freezing or suspension of the suspicious account;
  • preservation of logs, application records, KYC documents, CCTV, IP addresses, device IDs, and transaction history;
  • a written acknowledgment of your complaint;
  • confirmation that the account, loan, SIM, or transaction was not authorized by you;
  • correction or deletion of wrong records, where applicable;
  • a copy of the institution’s investigation result or final response.

For banks and BSP-supervised financial institutions, you generally report first to the institution’s Financial Consumer Protection Assistance Mechanism or customer service channel. If you are not satisfied with the action or response, you may escalate through the BSP Consumer Assistance Mechanism, including the BSP Online Buddy channel. (Bangko Sentral ng Pilipinas)

Under the Financial Products and Services Consumer Protection Act, or RA 11765, a financial service provider must have a consumer assistance mechanism, and for alleged unauthorized transactions, it must suspend interest, fees, charges, or provide similar reasonable accommodations while the final investigation is pending. (Lawphil)

5. File a police blotter or incident report when identity documents were lost, stolen, or used for fraud

A barangay blotter or police blotter is not the same as a criminal case, but it is useful because it creates an early official record. It can help when dealing with banks, lending apps, e-wallets, telcos, DFA, PSA, LTO, BIR, embassies, and collection agencies.

Go to the police station where the incident happened, where you discovered the misuse, or where you reside. Bring:

  • valid ID;
  • proof of the unauthorized use;
  • copies of lost or compromised documents, if available;
  • affidavit of loss, if the physical ID was lost or stolen;
  • written timeline;
  • names and contact details of suspects or institutions involved.

If the incident is online, ask whether the report should be referred to the PNP Anti-Cybercrime Group or the NBI Cybercrime Division. The NBI’s public service information for computer-crime victims states that complainants fill out complaint forms and submit them to the relevant division or regional cybercrime center. (National Bureau of Investigation)

The Department of Justice Office of Cybercrime also acts on cybercrime complaints and referrals and supports investigation and prosecution of cybercrimes. (Department of Justice)

Where to report based on what happened

Situation Where to report What to prepare
Your ID was used in an online account, fake profile, phishing, lending app, or e-wallet PNP Anti-Cybercrime Group, NBI Cybercrime Division, or DOJ Office of Cybercrime Screenshots, URLs, transaction records, account names, phone numbers, email addresses, affidavit-complaint
Your ID was used in a bank, e-wallet, fund transfer, or financial account scam Bank/e-wallet first, then BSP if unresolved; law enforcement if fraud is involved Complaint reference number, disputed transaction details, police report, IDs, screenshots
Your personal data was collected, shared, exposed, or processed without authority National Privacy Commission Notarized complaint or verified complaint, evidence, witness affidavits when available
Your National ID or PhilSys details were misused PSA / PhilSys, law enforcement if fraudulent Proof of misuse, copy of National ID if available, police report if stolen, screenshots
Your passport was lost or used without authority DFA or Philippine Embassy/Consulate, plus police if stolen or used for fraud Affidavit of loss, police report if required, valid IDs, passport details if known
Your TIN or TIN card was used or compromised BIR Revenue District Office or ORUS-related channel, plus law enforcement if fraud is involved Valid ID, affidavit of loss if lost, proof of unauthorized use
Your driver’s license was lost, stolen, or used LTO and police if theft or fraud is involved Affidavit of loss, valid ID, police report if stolen or used in fraud

Filing with the National Privacy Commission

If the problem involves unauthorized collection, use, disclosure, storage, or sharing of your personal information, the National Privacy Commission may be the proper forum.

NPC complaint rules generally require a filled-out and notarized complaint-assisted form or a verified complaint, with copies of evidence and witness affidavits when available. (National Privacy Commission)

A privacy complaint is especially relevant when:

  • a company refuses to tell you how your ID was used;
  • an app or business keeps processing your data after you objected;
  • your ID was exposed in a breach or posted online;
  • a collector or lending app shared your ID or personal details to shame or pressure you;
  • an employer, school, condo, broker, or service provider used your ID beyond the purpose you allowed;
  • a government or private office mishandled your personal data.

In practical terms, NPC complaints often move more effectively when you provide complete documentation: the entity involved, the data used, the date of collection or misuse, your request to the entity, their response or lack of response, and the harm caused.

Filing a criminal complaint

If you want law enforcement or prosecutors to act against the person responsible, prepare a criminal complaint package.

A typical complaint package includes:

  1. Complaint-affidavit This is your sworn written statement explaining who you are, what happened, when it happened, how you discovered it, what documents were misused, what damage occurred, and why you believe the respondent is responsible.

  2. Supporting evidence Attach screenshots, certified true copies if available, bank records, application records, collection messages, fake documents, IDs, email exchanges, platform reports, and police blotter.

  3. Witness affidavits If someone saw the transaction, received the fake document, assisted in the investigation, or can identify the suspect, their sworn statement may help.

  4. Copies for respondents and official file Under criminal procedure, a complaint for preliminary investigation is generally supported by affidavits and documents sufficient to establish probable cause, with copies for the respondents and the official file. (Lawphil)

  5. Notarization or oath before authorized officer Affidavits should be subscribed and sworn before a prosecutor, authorized government officer, or notary public, depending on where and how you file. (Lawphil)

After filing, the prosecutor may dismiss the complaint if there is no ground to continue, or issue subpoenas requiring the respondent to submit a counter-affidavit. The respondent is generally given a period to respond, and the prosecutor resolves whether probable cause exists. (Lawphil)

Do you need to go through the barangay first?

For many identity-document misuse cases, barangay conciliation is usually not the main remedy because the acts may involve cybercrime, falsification, fraud, financial account misuse, or offenses punishable by more than one year of imprisonment.

Under the Local Government Code’s Katarungang Pambarangay rules, offenses punishable by imprisonment exceeding one year or a fine exceeding ₱5,000 are excluded from barangay conciliation coverage. (Lawphil)

Still, a barangay blotter can be useful as an early record, especially if the suspect lives nearby, the ID was taken from your home or workplace, or collection agents are visiting your residence. Just remember: a blotter records the incident; it does not automatically prosecute the offender or erase fraudulent records.

Special situations involving common Philippine IDs

If your Philippine passport was used or stolen

For a lost Philippine passport, DFA and Philippine consular posts commonly require an affidavit of loss, and for lost valid passports, a police report may be required by consular offices. (Philippine Embassy)

If the passport was not merely lost but used by another person, report both the loss and the suspected misuse. For Filipinos abroad, documents executed overseas may need notarization by a local notary and, depending on the country, apostille or consular processing before they are accepted in the Philippines.

If your National ID or PhilSys information was misused

RA 11055 applies to transactions where the PhilSys Number, PhilID, or biometric information is required, presented, or used, whether legally or illegally, within or outside the Philippines. (Lawphil)

The PSA has warned the public to report PhilSys-related fraudulent activity through official PhilSys channels and has reiterated that unlawful use of the PhilID or PhilSys Number to commit fraud can result in imprisonment and fines under the law. (Philippine Statistics Authority)

If your TIN or BIR records were used

A TIN is sensitive because it connects to tax records, employment, business registration, banking, and government transactions. The BIR’s information on TIN card replacement states that a replacement fee applies for lost or damaged TIN cards and that fake TIN cards may be confiscated. (Bureau of Internal Revenue)

If your TIN was used in employment, invoicing, business registration, or a fake tax document, request correction with the appropriate Revenue District Office and preserve proof that the transaction was not yours.

If your ID was used for a bank, e-wallet, or online loan

This is time-sensitive. Report it immediately to the bank, e-wallet, lending company, or payment provider and ask them to freeze suspicious activity while preserving account-opening records.

RA 12010, the Anti-Financial Account Scamming Act, specifically addresses financial account scams and includes situations involving opening or using financial accounts under fictitious names or using another person’s identity or identification documents. (Lawphil)

The law also recognizes temporary holding of funds subject to disputed transactions, subject to BSP rules and time limits. BSP materials on AFASA state that institutions may temporarily hold disputed funds within the period prescribed by the BSP, not exceeding 30 calendar days unless extended by a court. (Bangko Sentral ng Pilipinas)

Practical evidence checklist

Prepare a folder, both digital and printed, with:

  • photocopies or scans of the ID documents involved;
  • affidavit of loss, if any ID was lost or stolen;
  • police or barangay blotter;
  • screenshots of fake accounts, posts, loan notices, messages, or transactions;
  • URLs and usernames;
  • email headers, account notifications, OTP messages, and password reset alerts;
  • bank, e-wallet, or loan account reference numbers;
  • letters or emails sent to companies and their responses;
  • proof of your location or non-participation, if relevant;
  • witness affidavits, if available;
  • notarized complaint-affidavit;
  • copies of all submissions and acknowledgment receipts.

For online evidence, do not rely only on screenshots saved in chat apps. Export or back up the files separately. Screenshots may be questioned if they are incomplete, cropped, or missing context.

Common mistakes that make identity-document cases harder

Waiting too long before reporting

Delays allow the suspect to withdraw funds, delete accounts, change numbers, or create more accounts. Early reports also help you show that you promptly denied the transaction.

Only calling customer service and not sending a written complaint

Phone calls are easy to forget and hard to prove. Always ask for a ticket number or send an email after the call summarizing what you reported.

Deleting embarrassing or stressful messages

Collection threats, scam messages, fake posts, and abusive chats may be important evidence. Save them first, even if you later block the sender.

Posting accusations online without complete proof

Publicly naming a suspect without sufficient basis can create separate risks, including defamation disputes. A safer approach is to document, report, and use official channels.

Assuming “family use” is automatically legal

Even if the person is a spouse, sibling, parent, child, partner, or coworker, using another person’s identity documents without authority can still be unlawful, especially if it involves forged signatures, loans, financial accounts, or government records.

Paying a fraudulent loan just to stop harassment

If you pay without clearly disputing liability, the lender or collector may treat it as acknowledgment. If the loan is not yours, dispute it in writing and ask for account-opening documents, verification records, and investigation results.

Frequently Asked Questions

What should I do if someone used my ID to get an online loan in the Philippines?

Report the loan as unauthorized to the lending app or financing company in writing. Ask for account-opening documents, KYC records, disbursement details, mobile number used, and a written investigation result. File a police or cybercrime report if fraud is involved, and preserve all collection messages. If the entity is regulated by a financial authority, use the proper consumer complaint channel after first reporting to the company.

Is using someone else’s ID a crime in the Philippines?

It can be. Depending on the facts, it may involve computer-related identity theft under RA 10175, falsification under the Revised Penal Code, estafa under Article 315, access device fraud under RA 8484 as amended, financial account scamming under RA 12010, or violations of the Data Privacy Act. More than one law may apply to the same incident.

Can I file a complaint if I only have screenshots?

Yes, screenshots can support a complaint, especially for online identity theft, fake accounts, e-wallet misuse, and loan harassment. But screenshots are stronger when supported by URLs, account names, timestamps, transaction records, emails, written complaint acknowledgments, and affidavits explaining how and when you captured them.

Should I report to the barangay, police, NBI, or NPC?

It depends on the issue. Use the barangay or police blotter for an immediate incident record. Use PNP ACG, NBI Cybercrime Division, or DOJ Office of Cybercrime for online or computer-related misuse. Use the NPC for unauthorized processing, disclosure, or misuse of personal information. Use the bank, e-wallet, telco, DFA, PSA, BIR, LTO, or other agency when their records or issued documents are involved.

Can a company keep a copy of my ID after the transaction is finished?

A company may keep personal data only when it has a lawful purpose and only for as long as necessary under applicable privacy, regulatory, or recordkeeping rules. Under the Data Privacy Act, processing of personal data must follow privacy principles such as legitimate purpose and proportionality. (Lawphil)

What if the person who used my ID is a relative?

The relationship does not automatically make the use lawful. If your relative forged your signature, used your ID to obtain money, opened an account, registered a SIM, or caused damage, the same legal rules may apply. In practice, family cases may be emotionally harder, but documentation is still important.

Can foreigners file complaints in the Philippines for identity document misuse?

Yes. Foreigners may report crimes, file complaints, and seek remedies when their identity documents are misused in the Philippines or by persons or entities subject to Philippine jurisdiction. Foreign-issued documents, affidavits, or powers of attorney executed abroad may need notarization and apostille or consular authentication before Philippine offices accept them.

Can I demand that a bank, lending app, or company delete my ID?

You may ask for correction, blocking, deletion, or restriction of processing when the continued use of your data is unlawful or no longer necessary. However, regulated entities may also have legal recordkeeping duties, especially for financial, tax, anti-money laundering, or litigation purposes. A practical request is to demand that the account be tagged as disputed or fraudulent, that further processing stop except for investigation and legal compliance, and that you receive a written result.

What if collectors are harassing me for a loan I did not make?

Tell them in writing that you dispute the debt and that your identity documents were used without authority. Ask for proof of the loan application, KYC documents, disbursement account, consent records, and authority to collect. Save all calls, texts, messages, and threats. If they disclose your debt claim to contacts, shame you online, or use abusive tactics, the matter may also raise privacy, harassment, and regulatory issues.

Key Takeaways

  • Unauthorized use of identity documents in the Philippines can involve data privacy violations, cybercrime, falsification, estafa, access device fraud, financial account scamming, and civil damages.
  • Act quickly: secure accounts, preserve evidence, prepare a timeline, and notify the institution where your ID was used.
  • Use written complaints, not just phone calls, so you have proof of reporting.
  • File with the correct office: police or cybercrime units for fraud, NPC for privacy violations, BSP channels for unresolved financial complaints, and the issuing agency for compromised IDs.
  • A barangay or police blotter helps create an early record, but serious identity-document misuse often needs police, NBI, prosecutor, NPC, BSP, or agency-level action.
  • Keep copies of every screenshot, affidavit, complaint, acknowledgment receipt, and investigation response because identity misuse cases are often won or lost on documentation.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.