What to Do If Your Signature Was Forged to Sell Your Property in the Philippines

What to Do If Someone Took an Online Loan Using Your Identity in the Philippines

Identity-based loan fraud has surged alongside digital lending. This article lays out—comprehensively and practically—what Filipino consumers can do immediately and legally if a loan was taken out in their name without consent, plus how to clean up credit records and pursue remedies.

1) First 24–48 Hours: Immediate Containment

  1. Document everything. Take screenshots of messages, emails, app notifications, e-wallet or bank debits, and caller IDs. Save copies of any contracts or e-signatures you never made.

  2. Secure your devices and accounts.

    • Change passwords on email, social, banking, and e-wallets.
    • Enable multi-factor authentication (MFA).
    • Review “connected apps” and revoke suspicious access.
    • Scan devices for malware; update OS and apps.

  3. SIM and email security.

    • Check for SIM swap signs (no signal, unexpected OTP requests). Contact your telco to lock/replace the SIM.
    • Set up email account recovery protections; confirm forwarding rules or filters haven’t been added.

  4. Notify the lender in writing.

    • Send a formal dispute and fraud notice stating you did not apply, did not receive funds, and did not authorize any transaction.
    • Demand account freeze, investigation, and suspension of collection pending resolution.
    • Ask for the application dossier: IP logs, device IDs, selfie/KYC images, IDs submitted, e-sign logs, timestamps, disbursement trail, and collection notes.

  5. File a police blotter / incident report.

    • Go to the nearest police station or the PNP Anti-Cybercrime Group (ACG).
    • Attach your evidence bundle. This anchors your timeline and supports later disputes.

  6. Notify your bank/e-wallet.

    • Flag your account for suspected identity theft and request monitoring; reverse unauthorized debits if any.
    • Replace compromised cards or virtual accounts.

2) Who Regulates What: Know the Correct Forum

  • Bangko Sentral ng Pilipinas (BSP) – banks, e-money issuers, some financing companies supervised by BSP. Use their consumer assistance channels after you first file a complaint with the provider.
  • Securities and Exchange Commission (SEC)lending and financing companies (including many online lending apps, or “OLAs”). SEC also enforces rules against unfair collection practices.
  • National Privacy Commission (NPC) – privacy/data-protection violations (e.g., harvesting contacts, doxxing, harassment, excessive data collection).
  • Department of Trade and Industry (DTI) – consumer complaints for entities under its jurisdiction (some marketplaces or unregulated merchants).
  • Credit Information Corporation (CIC) – central credit registry; disputes about your credit data are resolved through CIC’s dispute mechanism via its accredited bureaus (SAEs).

Tip: If you’re unsure who supervises the lender, ask them in writing which regulator oversees them and their registration/certificate number.

3) Your Legal Anchors (Plain-English Guide)

  • Data Privacy Act of 2012 (R.A. 10173). Protects personal and sensitive personal information. Gives you rights to be informed, access, object, erase/block, rectify, data portability, and damages. Unlawful processing, unauthorized access, negligent handling, and malicious disclosure can be penalized.

  • Cybercrime Prevention Act (R.A. 10175). Penalizes computer-related fraud, illegal access, and identity-related offenses executed via ICT.

  • Financial Consumer Protection Act (R.A. 11765). Requires financial service providers to treat consumers fairly, resolve complaints, disclose information, and protect data; empowers BSP/SEC/IC/DTI to order restitution and sanctions.

  • Revised Penal Code (RPC). Relevant offenses may include falsification, estafa (swindling), and use of falsified documents—depending on the facts.

  • Access Devices Regulation Act (R.A. 8484). Applies when credit cards or similar access devices are used fraudulently.

  • Anti-Photo and Video Voyeurism / Anti-Doxxing-type harms (via DPA + RPC). If collectors harass you by blasting your photos or contact list, these may amount to privacy violations, threats, grave coercion, or unjust vexation, besides DPA infractions.

  • SEC rules on Unfair Debt Collection. Lenders/collectors cannot shame, threaten, or contact your phonebook; they must observe ethical hours and methods.

4) Formal Dispute Playbook

Follow this sequence to preserve rights and reduce back-and-forth.

A. Dispute With the Lender (Internal Process)

Send a written dispute (email + registered mail if possible) that includes:

  • Statement: “I did not apply for or authorize the referenced loan” (include account/transaction numbers).
  • Demand: freeze/close the fraudulent account, cease collection and reporting, and conduct a fraud investigation.
  • Privacy demand: provide KYC dossier and processing basis; erase/ block unlawful data under DPA.
  • Notice: you will escalate to regulators if unresolved within their complaint-handling timeline.
  • Attach: copy of your ID, police blotter, and any notarized affidavit of denial.

Affidavit of Denial (sample outline):

  1. Your identity details.
  2. Clear denial of application, receipt of funds, OTPs, or benefit.
  3. Statement that your identity may have been compromised.
  4. Request to treat the incident as identity theft.
  5. Request to furnish all application and disbursement records to you and law enforcement.
  6. Undertaking to cooperate; prayer for closure of the account.

Get it notarized; some lenders require this to trigger their fraud workflows.

B. Escalate to the Proper Regulator

If the lender stonewalls, collects aggressively, or continues reporting against you:

  • BSP-supervised entity: File a complaint with the bank’s Consumer Protection Desk first. If unresolved, elevate to BSP Consumer Assistance.
  • SEC-supervised OLA/lending/financing company: File a complaint with the SEC’s Financing & Lending Division. Cite unfair collection, unregistered operations (if suspected), and privacy breaches.
  • NPC complaint (privacy angle): If the lender scraped your contacts, used your selfie/ID without proper basis, or publicized your data, file with NPC. Request an Order to Cease and Desist, data erasure, and penalties for unlawful processing.

Keep proof of your first complaints; regulators typically require you to try resolution with the provider before escalation.

C. Criminal Route (When Appropriate)

With counsel, consider:

  • Estafa/falsification against the impostor.
  • DPA offenses against the company or individuals who unlawfully processed or maliciously disclosed your data.
  • Cybercrime charges if the fraud used illegal access, phishing, or device intrusions.

Coordinate with PNP-ACG or NBI Cybercrime Division; bring your dossier.

5) Fixing Your Credit Record (CIC + Bureaus)

  1. Get your CIC report. Obtain your latest CIC Basic Credit Report via an accredited bureau (e.g., TransUnion, CIBI, CRIF). Identify the fraudulent tradeline.

  2. File a Data Correction/Dispute.

    • Dispute the entry as “identity theft / not mine.”
    • Attach your evidence (dispute letter to lender, police blotter, affidavit, regulator complaint).
    • The lender (data furnisher) must investigate and respond. If they confirm fraud or fail to substantiate, the bureau should suppress/rectify the tradeline.

  3. Track chain-effects. If multiple bureaus show the bad account, dispute with each. Ask for written confirmation of correction for your records.

6) If Collectors Harass or Shame You

You may formally warn them that:

  • Harassment, threats, profane language, contacting your employer/contacts, or public shaming are prohibited;
  • You are invoking your DPA rights (object to processing, erasure/blocking of unlawfully obtained contacts, and restriction during dispute); and
  • You will report continued violations to SEC (for unfair debt collection), NPC (privacy), and law enforcement (coercion, threats).

Keep a call log (date, time, agent name/alias, number used, summary). Recordings are allowed if you are a party to the conversation, but avoid publishing them; provide to authorities as evidence.

7) Special Scenarios & How to Respond

  • Funds were disbursed to your e-wallet/bank without your consent (e.g., “forced disbursement”). Immediately return the funds to the remitter with a letter stating “no enrichment; transaction is fraudulent,” and keep proof of return. Disputes are stronger when no benefit was retained.

  • You clicked a phishing link and shared OTPs. You may still be a victim if there was deception. Disclose the full truth in your affidavit (courts favor candor). Change credentials and consider device forensics.

  • The lender is unregistered or a “loan shark app.” Report to SEC (unregistered lending), NPC (privacy abuses), and law enforcement. Do not pay “penalties” to hush the matter—channel all communications in writing.

  • The impostor used a clone/fake ID. Request the lender’s KYC images and device/IP logs. These help law enforcement and support your dispute that KYC controls failed.

  • Employer references contacted. Provide HR with a memo explaining the fraud; this controls reputational fallout and stops further workplace escalation.

8) Evidence Pack: What Good Files Look Like

  • Timeline (a simple table) of key events with timestamps.
  • Copies of all notices sent/received.
  • KYC dossier from the lender (IDs, selfies, device fingerprints, IPs, e-sign trails).
  • Device logs (SMS OTP history, email login alerts, authenticator prompts).
  • Bank/e-wallet statements highlighting relevant entries.
  • Police blotter and notarized affidavit.

Bundle this as a single PDF for submissions.

9) Preventive Hygiene Going Forward

  • Use unique passwords + MFA (prefer app-based authenticators over SMS).
  • Lock your SIM with a PIN; keep a separate recovery number/email.
  • Freeze or limit credit lines you don’t use; set transaction alerts.
  • Minimize public posting of IDs/birthdates/addresses.
  • Share IDs only with regulated entities; redact non-essential fields when possible.
  • Regularly pull your CIC report and dispute anomalies early.
  • Treat QR codes, APK sideloads, and “screen-share support” as high-risk.

10) Practical Templates (Short, Editable Samples)

A. Fraud Dispute to Lender (Email Subject: URGENT – Identity Theft Dispute)

I, [Name], [ID number], did not apply for or authorize Loan [Account/Reference No.]. I did not receive or benefit from any disbursement.

Pursuant to R.A. 11765 and R.A. 10173, I demand: (1) immediate freeze and investigation; (2) suspension of collection and reporting; (3) copies of the full application dossier (KYC images, IDs, IP/device logs, timestamps, disbursement trail); and (4) erasure/blocking of unlawfully processed data.

Attached are my police report and notarized Affidavit of Denial. Kindly confirm actions within your standard complaints timeline.

Sincerely, [Name | Mobile | Email | Address]

B. NPC Privacy Complaint (Narrative Core)

The respondent collected/processed my personal data without lawful basis, including [describe: scraping contacts, doxxing, harassing calls]. The processing is disproportionate and unnecessary to legitimate purposes. I request: (1) cease-and-desist; (2) erasure/blocking; (3) sanctions for unlawful processing; and (4) coordination with [lender/regulator] to prevent further harm.

C. Credit Bureau/CIC Dispute

I dispute tradeline [No.] reported by [Lender] as not mine/identity theft. Attached are my dispute letter to the lender, affidavit, police report, and evidence. Please suppress/rectify and advise in writing.

11) Frequently Asked Questions

Do I have to pay a loan I didn’t take? No, but you must promptly dispute and cooperate with the investigation. Silence can be misread as admission.

What if the lender insists I “borrowed” because the money hit my account? Return the funds and keep proof. Absence of enrichment + fraud evidence generally defeats liability.

Can collectors call my relatives/employer? Collectors cannot shame or harass third parties; they may only confirm your location in limited, ethical ways. Report violations.

Will a police blotter alone fix my credit report? Not by itself. You must file disputes with the lender and bureaus/CIC so the false tradeline is corrected.

How long will this take? It varies by entity. Keep your paper trail tidy and follow up on statutory/posted timelines.

12) When to Get a Lawyer

  • Large sums or cross-platform fraud (multiple lenders, account takeovers).
  • You are being sued or threatened with litigation.
  • There is ongoing harassment/shaming or doxxing.
  • The lender refuses to correct records after you’ve provided solid proof.

A lawyer can file targeted criminal complaints (estafa/falsification/cybercrime) and a civil claim for damages (including moral and exemplary) under the DPA and Civil Code.

Final Checklist (Print-Ready)

  • Passwords changed; MFA enabled; SIM/email secured
  • Police blotter obtained
  • Notarized Affidavit of Denial prepared
  • Dispute sent to lender (with demand to freeze/investigate)
  • Complaint escalated to regulator (BSP/SEC/NPC as applicable)
  • CIC/bureau disputes filed
  • Harassment evidence logged; cease-and-desist sent
  • Funds (if mis-disbursed) returned with proof
  • Follow-ups calendared until written closure received

Disclaimer: This article provides general information for Philippine consumers and is not a substitute for legal advice. Facts vary; consult counsel for case-specific guidance.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login