PayMaya Scam Warning—A 2025 Philippine Legal Primer
1 | Background & Significance
Maya (formerly PayMaya) is one of the country’s two dominant e-wallet ecosystems, regulated by the Bangko Sentral ng Pilipinas (BSP) as an Electronic-Money Issuer (EMI). As of 26 February 2025, Maya Philippines, Inc. and Maya Bank, Inc. remain on the BSP’s official list of supervised EMIs. (List of BSP Supervised Electronic Money Issuers (EMIs) As of 26 ...)
The same ubiquity that makes Maya convenient also attracts fraudsters, prompting repeated public warnings from Maya, the BSP, the Cybercrime Investigation and Coordinating Center (CICC), and law-enforcement agencies. (I believe I was scammed. What should I do? - support.maya.ph, CICC warns of scam SMS in e-wallet services - Philippine News Agency)
2 | Regulatory & Statutory Framework
| Source of Obligation | Key Provisions for Scam-Related Conduct | Typical Penalties |
|---|---|---|
| Cybercrime Prevention Act of 2012 (RA 10175) | §§ 4(a)(1)–(3) (illegal access, data interference, computer-related fraud) | Imprisonment prisión mayor (6 yrs–12 yrs) + fine |
| Access Devices Regulation Act (RA 8484) | § 10 (fraudulent use of access devices / e-wallet credentials) | Up to 20 yrs imprisonment + triple the value taken |
| Revised Penal Code, Art. 315 (Estafa) | Deceit + damage through false pretenses | Up to 20 yrs imprisonment |
| Data Privacy Act (RA 10173) | §§ 25–34 (unauthorized processing, negligent access) | 1 yr–6 yrs + PHP 500 k–5 m |
| SIM Registration Act (RA 11934) | False or fictitious registration, spoofing of messages | 6 yrs–2 decades + fine |
| AMLA (RA 9160, as amended) | Laundering of crime proceeds via e-wallet chains | 7 yrs–14 yrs + forfeiture |
| BSP Circular No. 1048 (Consumer Protection Framework) | Mandatory Consumer Assistance Mechanism (CAM); 15-BD turnaround on complaints | Administrative fines; license sanctions |
3 | Prevailing Scam Typologies Targeting Maya Users
| Typology | How It Works | Recent Evidence |
|---|---|---|
| Smishing / “Text-Hijacking” | Fraudulent SMS injected into legitimate message threads to harvest OTPs | Joint Smart-Maya warning, Oct 2024 (Smart and Maya alert public on ‘text hijacking’ scam, Smart, Maya warn of text hijacking - Manila Bulletin) |
| Phishing (e-mail & social) | Fake “promo” pages or spoofed customer-support chats directing users to credential-harvesting sites | Maya’s own anti-phishing tips, Nov 2024 (Top 5 “Iwas Scam” Tips to Help You Keep Your Maya Digital Banking ...) |
| SIM-Swap Takeover | Fraudster convinces telco to re-issue victim’s SIM, intercepts OTP & drains wallet | Legal commentary, Feb 2025 (Legal Action for Fraud Case Involving Maya Bank and Digital Payment Scam) |
| Fake Deposit / Payment Confirmation | Counterfeit screenshots or doctored “Successful transfer” e-mails used to dupe sellers | Advisory, Feb 2025 (Filing a Complaint for a PayMaya Scam or Fraud in the Philippines) |
| Sale of Pre-Registered Accounts | Bundles of KYC’d PayMaya accounts sold on FB for PHP 600–800 each, later recycled for mule activity | NBI-CCD arrests, Jun 2023 (2 persons nabbed, charged over illegal sale of Shopee Pay ... - Abogado, NBI arrests 2 persons ‘for selling Shopee Pay, PayMaya accounts with ...) |
4 | Official Warnings & Consumer Education
- Maya Support Advisories – 24/7 hotline (+632 8845-7788) and in-app #ScamPatrol encourage immediate reporting of suspicious activity. (I believe I was scammed. What should I do? - support.maya.ph, A suspicious transaction or activity appeared on my account ... - Maya)
- CICC Public Alerts – Recommends ignoring & deleting embedded-link SMS that enter official threads. (CICC warns of scam SMS in e-wallet services - Philippine News Agency)
- BSP Consumer Protection Campaigns – BSP’s Inclusive Finance desk accepts escalated e-wallet complaints when resolution exceeds 15 BD. (Advisories - Bangko Sentral ng Pilipinas, Inclusive Finance - Consumer Protection - Bangko Sentral ng Pilipinas)
5 | Liability Matrix
| Actor | Possible Breach | Governing Rule | Practical Consequences |
|---|---|---|---|
| Fraudster | Phishing, estafa, unauthorized access | RA 10175; RPC Art 315 | Criminal prosecution; AMLA forfeiture |
| Mule-Account Seller | Trafficking of access devices | RA 8484 | Up to 20 yrs + triple value |
| Maya / EMI | Negligent security, failure to reimburse unauthorized debits | BSP Circular 1048; NCC Art 1170 (quasi-delict) | Administrative fines; civil damages; possible suspension of EMI license |
| Victim-Consumer | Duty of ordinary diligence (unlocking phone, sharing OTP) | NCC Art 2180 (contributory negligence) | May reduce recoverable damages |
6 | Victim’s Step-by-Step Remedies
Freeze the Damage
- Block card / change PIN inside the Maya app.
- Call hotline within 24 hours to log an “unauthorized transaction” ticket. (I believe I was scammed. What should I do? - support.maya.ph)
Secure Formal Evidence
- Screenshot entire chat/SMS thread, phishing site, and Maya transaction log.
- Request a dispute reference number from Maya; keep Confirmation ID.
Escalate if Unresolved After 15 Banking Days
- File a BSP-CAM complaint (e-mail, portal, or walk-in). (Filing a Complaint for an Online Payment Scam via PayMaya)
Criminal Action
- Execute an affidavit and file with the City/Provincial Prosecutor or with PNP-ACG/NBI-CCD. (Legal Action for Fraud Case Involving Maya Bank and Digital Payment Scam)
Civil Action
- If direct loss is > PHP 300 k or involves moral damages, a separate civil suit may be filed concurrently under Art. 33, Civil Code.
7 | Enforcement Landscape
| Agency | Focus | Powers |
|---|---|---|
| PNP-Anti-Cybercrime Group | Rapid response, digital forensics | Warrants to search/seize devices |
| NBI-Cybercrime Division | Complex, syndicated fraud | Sting operations, undercover buys (e.g., 2023 account-selling bust) (NBI arrests 2 persons ‘for selling Shopee Pay, PayMaya accounts with ...) |
| AMLC | Transaction tracing; asset freeze | Issuance of freeze orders/SAROs |
| CICC | Policy coordination; intel sharing | National CERT; public advisories |
8 | Duties & Defenses of Maya as an EMI
- Mandatory KYC / CDD – Section 901, BSP MORB; liveness check, selfie-matching, “one customer–one wallet” rule.
- Real-Time Fraud-Rules Engine – Velocity limits, device fingerprinting, and geo-lock (highlighted in Maya’s “5 Ways We Keep Your Money Safe”). (5 Ways Maya Keeps Your Money Safe)
- Reimbursement Policy – Under BSP Circular 1048 § 6, Maya must credit proven unauthorized debits within 10 BD, absent contributory fault.
Failure to implement these controls can expose Maya to BSP monetary penalties (up to PHP 30 k per transactional breach) and, in repeated violations, suspension of its EMI license.
9 | Emerging Trends & Legislative Moves (2024-2025)
- Mandatory Real-Time Payee Name Display – Draft BSP circular (for public comment Q1 2025) will require EMI apps to show the registered name linked to the destination number before transfer confirmation—aiming to curb fake-merchant scams.
- E-Wallet Regulation Bill – Pending in the House (H.B. No. 11072) to codify liability-shift to EMIs for phishing losses where multi-factor authentication was not enforced.
- AI-Driven Deep-Fake Voice Scams – CICC flagged the first Philippine incident in March 2025; regulatory guidance awaited.
10 | Practical “Iwas-Scam” Checklist for Users
- NEVER share OTP/PIN—even with someone claiming to be from Maya.
- Inspect URLs carefully; trust only maya.ph and mayabank.ph. (Smart and Maya alert public on ‘text hijacking’ scam)
- Enable app-lock & biometric login.
- Set transfer limits inside the app. (Top 5 “Iwas Scam” Tips to Help You Keep Your Maya Digital Banking ...)
- Register your SIM accurately; update Maya if you change numbers.
11 | Key Hotlines & Portals
| Purpose | Channel |
|---|---|
| Maya 24/7 Support | +632 8845-7788 / in-app chat |
| BSP Consumer Assistance | consumeraffairs@bsp.gov.ph / (02) 8708-7087 |
| PNP-ACG Hotline | (02) 8414-1560 / acg@pnp.gov.ph |
| NBI-CCD | (02) 8523-8231 / ccd@nbi.gov.ph |
| CICC Scam Reporting | report@cicc.gov.ph |
12 | Conclusion
The steady rise of PayMaya/Maya scams underscores a simple reality: technology evolves faster than regulation, but Philippine law already provides a multi-layered net of criminal, civil, and administrative remedies. Coupled with BSP’s consumer-protection regime and Maya’s own security commitments, victims do have concrete avenues for recourse—provided they act quickly, preserve digital evidence, and know which agency to engage at each stage. Continuous vigilance and decisive enforcement remain the twin pillars of safeguarding the country’s booming cash-lite economy.