Identity Fraud in the Philippines: Types, Scale, and Prevention
Identity fraud in the Philippines is accelerating on multiple fronts. According to ScamWatchHQ research (October 2025), the Philippines recorded a 13.4% suspected digital fraud rate in 2024, the second-highest globally after India. Synthetic identity fraud surged 291% in the first half of 2025. Social engineering, account takeovers, and identity theft accounted for 76% of total fraud losses in 2025, according to BSP data. The primary legal frameworks are the Cybercrime Prevention Act (RA 10175) and the Anti-Financial Account Scamming Act (AFASA, RA 12010, signed 2024). Prevention centers on eKYC with biometric liveness and deepfake detection at onboarding.
What Is Identity Fraud?
Identity fraud is the use of another person’s identity, or a fabricated identity, to obtain financial benefits, access accounts, or conduct transactions without authorization. It differs from identity theft in a technical sense: identity theft is the act of stealing personal information, while identity fraud is the act of using that stolen (or fabricated) information for gain. In practice, the two are closely linked, and Philippine law treats them under the same broad framework.
In financial services, identity fraud most commonly targets onboarding and account access: fraudsters use stolen or synthetic identities to open accounts, access existing accounts, obtain credit, or create the account infrastructure needed for downstream financial crime including money laundering.
Scale of Identity Fraud in the Philippines
The Philippines is among the highest-risk countries globally for identity fraud. Four data points define the current environment.
According to ScamWatchHQ research (October 2025), the Philippines recorded a 13.4% suspected digital fraud rate in 2024, the second-highest globally after India at 19%. According to the same source, 74% of Filipinos reported being targeted by scams in the preceding three months, compared to 53% globally, with estimated annual losses of USD 8.29 billion (PHP 480 billion), equivalent to 1.9% of GDP.
According to Asian Banking and Finance reporting (February 2025), identity-related fraud surged 121% in 2024, with 8.3% of all digital transactions in 2023 already flagged as fraudulent. According to BSP data cited by Inquirer Business (February 2026), social engineering, account takeovers, and identity theft accounted for 76% of total fraud losses in 2025.
The synthetic identity layer is accelerating fastest. According to Sumsub internal statistics cited in BusinessWorld (January 2026), synthetic identity document fraud in the Philippines surged 291% in the first half of 2025 compared to the same period in 2024, with AI tools identified as the primary driver. See the full analysis in the guide to deepfake fraud in the Philippines.
Types of Identity Fraud in the Philippines
| Fraud Type | Method | Philippine Scale | Primary Target |
|---|---|---|---|
| Synthetic identity fraud | Fabricated identity combining real and fake data, or fully AI-generated | 291% surge in H1 2025 (Sumsub data) | eKYC onboarding, loan applications |
| Account takeover (ATO) | Phishing, credential stuffing, SIM swap, malware | PHP 409 million lost in 2024 | Existing bank and e-wallet accounts |
| SIM swap fraud | Port victim’s phone number to attacker-controlled SIM | Pivoting to e-SIM hijacking post-RA 11934 | OTP interception across all financial platforms |
| Document fraud | Forged or AI-generated government ID documents | Accelerating via generative AI tools | eKYC document verification systems |
| Phishing / social engineering | Impersonation of banks, telcos, and agencies | 76% of total fraud losses in 2025 (BSP) | Credential theft, account access |
1. Synthetic Identity Fraud
Synthetic identity fraud involves creating a new, fabricated identity by combining real and fake information, or by generating an entirely fictitious person using AI. Unlike traditional identity theft, there is no single victim whose account has been taken over. The synthetic identity is a new entity that has never existed, making it harder to detect and slower to be flagged as fraudulent. Organized crime groups and nation-state actors are the primary operators of synthetic identity networks in the Philippines, according to iProov CTO Dominic Forrest in BusinessWorld (January 2026). Synthetic accounts are used for loan fraud, smurfing, and eKYC bypass at scale.
2. Account Takeover (ATO)
Account takeover involves gaining unauthorized access to an existing legitimate account. Methods include phishing, credential stuffing using leaked passwords from data breaches, SIM swapping, malware, and social engineering. According to ScamWatchHQ (October 2025), PHP 409 million was lost to ATO in 2024 alone in the Philippines, with an 18% increase in the Asia-Pacific region that year. Once an account is taken over, it may be used for unauthorized transfers, credit line exploitation, or resale to criminal networks as a verified account with transaction history.
3. SIM Swap Fraud
SIM swap fraud involves convincing a telco to transfer a victim’s phone number to a SIM card controlled by the fraudster. Once the number is ported, the fraudster receives SMS OTPs sent to that number, enabling account access and transaction authorization across banking and e-wallet platforms. Republic Act No. 11934 (SIM Registration Act, 2022) was enacted specifically to make SIM swap fraud harder by requiring telcos to verify the identity of SIM cardholders. According to Respicio and Co. legal analysis (July 2025), post-RA 11934 criminals have pivoted to e-SIM hijacking through remote e-SIM provisioning, with BSP pushing telcos for port-out cooling-off periods in response.
4. Document Fraud
Document fraud involves forging, altering, or fabricating identity documents to pass verification checks. Historically this required physical printing capabilities. Generative AI now enables convincing document fabrication digitally, bypassing verification systems that rely on template matching rather than AI-level forensic analysis. The synthetic identity surge in the Philippines is driven in substantial part by AI-generated identity documents that fool legacy eKYC systems.
5. Phishing and Social Engineering
Phishing remains the highest-volume identity fraud vector in the Philippines. Fraudsters impersonate banks, e-wallets, government agencies, and telcos to extract OTPs, account credentials, or personal information. Generative AI has changed what phishing looks like entirely. AI-generated phishing messages can now be fully personalized, grammatically correct, and contextually aware in ways that mass-template phishing could not achieve.
Legal Framework: Philippine Laws Against Identity Fraud
Republic Act No. 10175 (Cybercrime Prevention Act of 2012) is the primary legal basis for prosecuting identity-related cybercrime in the Philippines, including unauthorized access to computer systems, computer fraud, and the fraudulent use of electronic identities.
Republic Act No. 12010 (Anti-Financial Account Scamming Act or AFASA, 2024) was signed by President Marcos in 2024 specifically to address financial account fraud at scale. AFASA prohibits acting as a money mule, performing social engineering schemes, and conducting economic sabotage. It authorizes BSP to investigate bank deposits, e-wallets, and financial accounts involved in such crimes with the help of law enforcement, with bank secrecy provisions suspended for accounts under fraud investigation.
Republic Act No. 11934 (SIM Registration Act, 2022) requires SIM card registration with valid government-issued ID to reduce anonymous SIM use that enables SIM swap fraud, OTP hijacking, and smishing attacks.
Beyond these primary laws, the Data Privacy Act (RA 10173) imposes obligations on organizations that hold personal data: breaches that enable identity fraud trigger NPC notification requirements and potential administrative liability.
How Philippine Financial Institutions Prevent Identity Fraud
Effective identity fraud prevention in the Philippine financial context requires layered controls at each stage of the customer lifecycle.
At onboarding: Government ID authentication against official Philippine registries, biometric liveness detection, AI-powered deepfake detection, and document forensics. eKYC under BSP Circular 1170 provides the regulatory framework; the quality of the underlying technology determines how much fraud it actually stops.
During the relationship: Behavioral anomaly detection flags unusual transaction patterns. Re-authentication for high-value transactions reduces ATO exposure. Regular re-KYC for high-risk customers catches identity changes that occurred after onboarding.
At account recovery: Account recovery and password reset are the highest-risk moments for ATO in the post-onboarding lifecycle, according to iProov (BusinessWorld, January 2026). Institutions that apply the same identity verification standards to account recovery as they apply to onboarding close the largest ATO attack surface.
For a full comparison of available KYC solutions in the Philippines, the key differentiator in 2025 and 2026 is deepfake and injection attack detection at the identity verification layer. Platforms that built their eKYC before AI-generated fraud became commercially scalable need to reassess whether their liveness and document verification meets the current threat environment.
Frequently Asked Questions About Identity Fraud in the Philippines
What is identity fraud in the Philippines?
- Identity fraud in the Philippines is the use of another person’s identity, or a fabricated synthetic identity, to obtain financial benefits, access accounts, or conduct unauthorized transactions. It is criminalized under RA 10175 (Cybercrime Prevention Act) and AFASA (RA 12010).
How common is identity fraud in the Philippines?
- According to ScamWatchHQ research (October 2025), the Philippines recorded a 13.4% suspected digital fraud rate in 2024, the second-highest globally. Synthetic identity fraud surged 291% in the first half of 2025 according to Sumsub data. BSP data shows social engineering, ATO, and identity theft accounted for 76% of total fraud losses in 2025.
What is the difference between identity theft and identity fraud?
- Identity theft is the act of stealing personal information. Identity fraud is the act of using that stolen information (or fabricated information) for financial gain. In Philippine law and practice, the terms are closely linked and addressed under the same legal frameworks.
What is AFASA in the Philippines?
- AFASA stands for Anti-Financial Account Scamming Act (Republic Act No. 12010), signed by President Marcos in 2024. It prohibits money muling, social engineering schemes, and economic sabotage, and authorizes BSP to investigate financial accounts involved in fraud with bank secrecy suspended for accounts under active investigation.
How does eKYC help prevent identity fraud in the Philippines?
- eKYC with biometric liveness detection, AI deepfake detection, and government ID authentication stops synthetic and stolen identities at account opening. It ensures that the person opening the account is a verified, living individual whose identity matches a real Philippine government record, eliminating the anonymous or fabricated accounts that enable most financial identity fraud.
Identity Fraud Prevention Starts Before the First Transaction
The problem is not at the transaction layer. The 76% of Philippine fraud losses attributable to identity-based attacks in 2025 did not start at the transaction layer. They started at account opening, SIM registration, and credential theft months or years earlier. Prevention that begins at the transaction layer is already managing a compromised environment.
The intervention that matters most is biometric verification at onboarding: reliable enough to stop AI-generated synthetic identities, deepfake attacks, and document forgeries before they create accounts that can be used for fraud. Verihubs eKYC API provides that layer for Philippine financial institutions, with 15+ government ID support, AI liveness detection, and dedicated deepfake detection built for the current Philippine fraud environment.
