Philippine legal guide for consumers and businesses This is general information, not legal advice.
Snapshot: Which agency gets what?
| Situation | Best first stop | What they usually do |
|---|---|---|
| You bought something online (marketplace, FB/IG seller, website), it never arrived or is counterfeit/defective, or the merchant refuses refund/return | DTI (Department of Trade and Industry — Consumer Protection Group) | Handles consumer protection and unfair/deceptive trade practices under the Consumer Act and E-Commerce Act; mediates, issues administrative orders/penalties against sellers and platforms |
| You’re getting scam/spam texts, phishing links, spoofed numbers, SIM swap issues, or telco didn’t act on your spam complaints | NTC (National Telecommunications Commission) | Regulates telcos/SIM; orders blocking of numbers/sites, directs carriers to act, enforces SIM Registration Act duties |
| You were defrauded (e.g., investment swindle, phishing that emptied your e-wallet/bank, romance scam, hacked account), or there’s a crime to investigate | PNP-ACG (Philippine National Police – Anti-Cybercrime Group) | Criminal investigation; may secure devices, trace wallets/IPs, apply for cyber warrants, file cases with prosecutors |
| Same as left column, especially where specialized digital forensics, takedowns, or complex multi-jurisdiction leads are needed | NBI-CCD (National Bureau of Investigation – Cybercrime Division) | Criminal investigation with bureau-level forensics; coordinates with ISPs/foreign counterparts; assists prosecutors |
In practice, DTI and NTC are administrative/regulatory avenues. PNP-ACG and NBI-CCD are law-enforcement avenues for criminal complaints. You can pursue both an administrative complaint (to stop the practice / get merchant sanctioned) and a criminal case (to hold offenders liable), plus civil remedies for recovery of money.
Legal backbone (why these agencies matter)
- Republic Act No. 7394 (Consumer Act) – deceptive sales, false advertising, unfair practices.
- R.A. 8792 (E-Commerce Act) – recognizes electronic data messages/records; merchant/platform duties.
- R.A. 10175 (Cybercrime Prevention Act) and the 2018 Rules on Cybercrime Warrants (A.M. No. 17-11-03-SC) – basis for digital evidence preservation, search, and seizure.
- A.M. No. 01-7-01-SC (Rules on Electronic Evidence) – governs admissibility/authenticity of screenshots, emails, logs.
- R.A. 11934 (SIM Registration Act) – spam/SMS fraud control; duties of telcos/NTC oversight.
- R.A. 11765 (Financial Consumer Protection Act) – duties of banks/e-money issuers; links to BSP complaints and chargebacks.
- Revised Penal Code (e.g., estafa/Art. 315), R.A. 8484 (Access Devices) – common bases for criminal cases arising from online scams.
How to decide where to file (decision tree)
Did you pay for a product/service from an online seller/platform?
- Yes: File DTI consumer complaint (for mediation/sanctions), and if there’s deceit or large loss, also file PNP-ACG or NBI-CCD for the criminal aspect.
- No, it’s mostly spam/phishing attempts via text or call: File NTC complaint; also report to PNP-ACG/NBI-CCD if an actual crime occurred or attempted fraud is ongoing.
Is a bank, e-wallet, or card involved?
- Immediately notify your bank/e-money issuer (to freeze/trace), then consider a BSP complaint under the Financial Consumer Protection Act in parallel with any DTI/Police/NBI filing.
Is personal data exposed?
- If there’s a data breach, notify the National Privacy Commission (NPC) in addition to your main report.
Is it a suspected investment/“trading”/crypto scheme promising unrealistic returns?
- Also notify the Securities and Exchange Commission (SEC) (Enforcement).
(BSP/NPC/SEC are add-ons to the four core avenues requested.)
What each agency expects from you
DTI – Consumer Protection Group (Fair Trade & E-Commerce)
Use for: undelivered/defective goods, fake pages, no-refund/no-return abuses, drip pricing, false “sale” posts, refusal to honor Consumer Act rights. What to prepare:
- Transaction proof (order page, checkout confirmation, receipts, e-wallet/bank proof of payment)
- Seller identification (shop link/handle, phone, email, page screenshots)
- Timeline of events and what you want (refund/replace/repair) Outcome: mediation via email/phone; compliance orders; administrative fines; coordination with platforms.
NTC – Telco and Messaging Complaints
Use for: scam/spam texts/calls, phishing SMS, spoofed caller ID, non-action by telcos, SIM registration concerns. What to prepare:
- Screenshots of messages (showing sender/number, date/time, and full text)
- Any links/URLs; note if you clicked anything and what happened
- Your carrier and SIM status; request number if your telco already logged your complaint Outcome: directives to carriers to block numbers/sites, SIM deactivation, enforcement under the SIM Registration Act; referrals to law enforcement if warranted.
PNP-ACG – Police Investigation
Use for: money lost to fraud, hacked social/media accounts, sextortion, online selling fraud with intent to defraud, account takeovers, cyber-threats. What to prepare:
- Affidavit of Complaint (see template below) and evidence bundle (raw files + printed copies)
- IDs, contact info, and any suspect identifiers (handles, wallets, IP/email headers if available)
- Bank/e-wallet dispute reference numbers, if you reported to your provider Outcome: incident report, case build-up, digital forensics, coordination with prosecutors, applications for Preservation/Search/Disclosure cyber warrants.
NBI-CCD – Bureau-level Investigation
Use for: same as PNP-ACG, especially complex/large-value/multi-jurisdiction scams, platform takedowns, or when bureau forensics and international coordination may be needed. What to prepare: same evidentiary set as PNP-ACG; bring storage media if you have logs/exports. Outcome: formal investigation, forensic imaging, subpoenas (through prosecutors), case filing.
Evidence: what holds up
Courts in cybercrime matters care about authenticity and integrity:
- Screenshots + Originals. Take clear screenshots and export the originals (e.g., full-resolution photos, PDFs, chat exports).
- Metadata matters. Keep files in their original formats; avoid editing/forwarding that strips headers.
- Header & log capture. For emails, export full headers; for websites, save the page as PDF/HTML and record the URL and timestamp.
- Chain of custody. When handing devices to law enforcement, list what you surrendered (device/drive/USB) and do not alter data after reporting.
- Pay-trail proof. Secure bank statements, e-wallet ledger, transaction IDs, chargeback/ dispute letters.
- Do not “confront” the scammer. Preserve, don’t escalate. Block only after you’ve captured evidence.
Step-by-step playbook (do this now)
Secure your money and accounts.
- Contact your bank/e-wallet/card issuer to freeze, reverse, or trace funds; change passwords; enable MFA.
- For hacked accounts, start recovery immediately and record the timestamps.
Preserve evidence.
- Screenshot conversations, save invoices, download order/chat logs, export email headers, record phone numbers/links.
- Keep original files. Don’t crop/annotate the only copy.
File the right reports.
- DTI for merchant/platform conduct.
- NTC for spam/scam messaging and SIM/telco issues.
- PNP-ACG or NBI-CCD for the criminal case (you can go to either; choose what’s accessible).
- If financial services are involved, send a written complaint to the provider and escalate to BSP if needed.
Follow through.
- Keep your case/complaint numbers.
- Respond promptly to requests for more evidence.
- Ask the investigator about preservation requests to platforms or telcos if time-sensitive.
Filing mechanics (common patterns)
- Modes: online forms/portals, email intake, hotlines, or walk-in at regional offices/camps/bureaus.
- IDs: Bring one government ID; for representatives, bring a SPA (Special Power of Attorney).
- Affidavit: Notarized if filing directly with prosecutors; for police/bureau intake, you may start with a sworn statement there.
- Venue: For criminal cases with online elements, venue generally lies where any element occurred or where the offended party resides, and designated Cybercrime courts hear them.
- Timelines: Administrative mediation may take weeks; criminal investigations vary based on leads and cooperation from platforms/ISPs.
Sample Affidavit of Complaint (outline)
Title: Affidavit of Complaint Complainant: Name, address, ID Respondent: (if known) Name/alias/handles Facts: Chronological narrative (dates/times, platforms, promises made, payments sent, delivery failures, deceitful acts) Evidence List: Screenshots A-1…A-n; receipts B-1…; chat export C-1…; bank ledger D-1… Offenses Alleged: Estafa (Art. 315 RPC); Violations of R.A. 10175 and/or R.A. 8484, as applicable; Consumer Act violations (for administrative cases) Relief Sought: Investigation, prosecution, restitution, preservation orders, platform/telco cooperation Jurats: Sworn before a notary/public officer, date/place
(Attach clean copies; label exhibits consistently.)
Frequently asked practical questions
Can I file with both DTI and PNP/NBI? Yes. DTI addresses the merchant/platform’s regulatory compliance; PNP-ACG/NBI-CCD pursue the criminal aspect. Proceedings may run in parallel.
What if the scammer is anonymous or abroad? Still file. Agencies can request subscriber information, wallet traces, and platform data; cross-border MLAT or liaison channels may be used for serious cases.
Do I get my money back automatically after reporting? No. Recovery usually comes from chargebacks, reversals, settlement during mediation, or restitution ordered by courts. Use the Financial Consumer Protection route with BSP if a regulated provider mishandled your case.
Are screenshots enough? They help, but better if backed by original files/headers/logs and payment records. Follow the Rules on Electronic Evidence for authenticity.
Can the NTC block a scam website or number? NTC can direct carriers to block numbers/links and enforce SIM rules; criminal takedowns typically ride on PNP/NBI requests and court orders.
Document checklists
Universal pack (bring to any agency):
- One valid ID
- Your contact details
- Detailed timeline (dates, times, amounts)
- Evidence set: screenshots + originals, payment proof, chat/email exports, links/handles
For DTI:
- Order details, seller/platform identifiers, receipts, your requested remedy (refund/replace/repair)
For NTC:
- Screenshots with visible number/sender and timestamps, carrier info, prior ticket with your telco (if any)
For PNP-ACG/NBI-CCD:
- Draft affidavit, storage media with original files/exports, device(s) if needed for imaging, bank/e-wallet dispute references
Parallel/adjacent remedies (often overlooked)
- Bangko Sentral ng Pilipinas (BSP) – escalate unresolved bank/e-money complaints; invoke R.A. 11765.
- National Privacy Commission (NPC) – report doxxing/data breaches and unlawful processing.
- Securities and Exchange Commission (SEC) – tip/report investment or unregistered securities schemes.
- Insurance Commission – if the “product” was an insurance/plan.
- Local Police Station/City Prosecutor – for immediate blotter/initial intake and inquest or regular filing.
Pro tips from the trenches
- Act fast. Funds often hop through multiple wallets. Early reports increase the odds of freezing.
- Write like a timeline. Investigators and mediators prefer dated bullet points with amounts and screenshots tied to each entry.
- Don’t sanitize evidence. Avoid editing, forwarding, or re-saving images in ways that strip metadata.
- Keep your case file. Store everything (PDF binder + folder of originals). Name files
YYYY-MM-DD – Exhibit label – brief description. - Security afterward. Change passwords, enable MFA, audit recovery emails/numbers, and check devices for malware.
Bottom line
- DTI → fix merchant behavior and get consumer relief.
- NTC → stop spam/scam communications at the network level.
- PNP-ACG/NBI-CCD → investigate and prosecute the crime. Use them together as your situation requires, and preserve evidence meticulously to maximize your chances of recovery and accountability.