Prosecuting Cyber Forgery

Electronic signatures have legal effect in the Philippines; altering PDFs or digital receipts may be computer-related forgery under RA 10175 and RA 8792.

Prosecuting Cyber Forgery: Why Falsifying Digital Signatures is a Crime Under the E-Commerce Act

Businesses increasingly rely on PDF contracts, e-signature platforms, emailed purchase orders, and digital receipts to close deals and document transactions. When a party alters a signed PDF, inserts another person’s signature into an electronic document, or fabricates a digital receipt to demand payment, the harm is not merely “a system issue” or “an internal compliance matter.” Under Philippine law, electronic documents and electronic signatures can carry the same legal force as paper documents and handwritten signatures, and tampering with them can trigger criminal liability and related cybercrime charges. This article explains the legal effect of electronic signatures, why falsifying them can be prosecuted, and how businesses can file and support cases.

Governing legal framework

Electronic Commerce Act (Republic Act No. 8792, approved June 14, 2000) is the primary statute recognizing electronic documents and signatures in Philippine transactions. It establishes when an electronic signature is treated as equivalent to a handwritten signature and sets standards relevant to reliability, identity, and consent.

Rules on Electronic Evidence (A.M. No. 01-7-01-SC, effective 2001) govern admissibility and authentication of electronic documents and data messages in court proceedings. They support the use of electronic records as evidence and provide doctrinal footing for proving authenticity.

Cybercrime Prevention Act of 2012 (Republic Act No. 10175, approved September 12, 2012) criminalizes computer-related offenses including computer-related forgery, which can apply when computer data is altered to make it appear authentic for legal purposes. This law is frequently relevant when the falsification occurs through ICT systems, such as altering PDFs, manipulating metadata, or fabricating e-receipts generated through online systems.

Rules on Electronic Notarization (A.M. No. 24-10-14-SC, 2025) regulate electronic notarization, including punishable acts like tampering with electronic notarial seals/records or using tools (such as VPN) to misrepresent location during electronic notarization. While not every digital contract is notarized, these rules matter for high-value agreements or transactions that require notarization and for disputes involving notarized e-documents.

Legal weight of electronic signatures in business contracts

Philippine law recognizes that an electronic signature can be equivalent to a handwritten signature if certain integrity and reliability conditions are satisfied. Under the Electronic Commerce Act, an electronic signature is treated as equivalent to a person’s signature on a written document when it is shown that a prescribed procedure existed that: (a) identifies the party sought to be bound and indicates access necessary for consent; (b) uses a reliable and appropriate method; (c) requires the signature to proceed with the transaction; and (d) allows the other party to verify the signature and decide whether to proceed with the authenticated transaction (Republic Act No. 8792, June 14, 2000, Section 8).

In disputes, the Electronic Commerce Act also provides a presumption relating to electronic signatures: it is presumed that (a) the electronic signature is the signature of the person to whom it correlates; and (b) it was affixed by that person with the intention of signing or approving the electronic document, unless reliance is unreasonable or there is notice of defects (Republic Act No. 8792, June 14, 2000, Section 9). For businesses, this means authenticated e-signatures can be powerful evidence—while also raising the stakes for parties who attempt falsification.

For purposes of evidence, the Electronic Commerce Act requires authentication of electronic documents and signatures by demonstrating and validating identity and by showing appropriate security procedures to verify origin or detect alteration. It also states that the party offering an electronic document bears the burden of proving authenticity by evidence supporting that the document is what it claims to be (Republic Act No. 8792, June 14, 2000, Section 11). The Rules on Electronic Evidence likewise recognize admissibility of electronic documents, subject to proper authentication (A.M. No. 01-7-01-SC, 2001).

What counts as falsifying a digital signature or electronic document

In commercial settings, “digital forgery” usually appears in a few recurring forms:

1) Altering a signed PDF contract
Examples include replacing pages after signature, modifying payment terms, swapping bank details, changing delivery dates, or inserting addenda without consent—then circulating the altered PDF as if it were the signed original.

2) Fabricating or manipulating digital receipts
Examples include editing screenshots of transfer confirmations, generating a false e-receipt from a payment channel, or changing transaction IDs, amounts, or timestamps to claim payment or refunds.

3) Forging e-signatures or signature blocks
Examples include copying a signature image into a contract, using someone else’s login to sign, or producing an “e-signed” document without the signatory’s consent.

4) Tampering with notarized electronic documents (where applicable)
Where a document is electronically notarized, tampering with electronic notarial seals or records, or attempts to circumvent the technological safeguards, may result in prosecution or administrative action under the Rules on Electronic Notarization (A.M. No. 24-10-14-SC, 2025, Section 3).

Why altering PDFs and digital receipts can be prosecuted as cyber forgery

Under the Cybercrime Prevention Act, computer-related forgery includes the input, alteration, or deletion of computer data without right resulting in inauthentic data, with intent that it be considered or acted upon for legal purposes as if it were authentic. It also punishes knowingly using computer data that is the product of computer-related forgery to perpetuate a fraudulent or dishonest design (Republic Act No. 10175, September 12, 2012, on computer-related offenses).

Many business forgeries fit this definition because PDFs, electronic contracts, emails, and e-receipts are “computer data.” When altered “without right” and used to demand payment, enforce obligations, obtain goods, or defeat a claim, they are presented for legal and commercial reliance.

Separately, even outside R.A. 10175, courts recognize longstanding principles on falsification and use of falsified documents. In Brisenio v. People of the Philippines (G.R. No. 241336, 2021), the Supreme Court reiterated that a person found in possession of a forged document and who uses or utters it is presumed to be the forger, absent satisfactory explanation—an evidentiary principle that may become relevant when the accused is the one circulating or relying on the altered electronic document in a dispute.

Common charge combinations in business disputes involving forged electronic records

Depending on the evidence and how the act was carried out, prosecutors may consider charges under R.A. 10175 for computer-related forgery, and in appropriate situations, related fraud concepts. When the act causes or attempts to cause financial loss—such as collecting money using a falsified digital receipt—computer-related fraud may also be evaluated (Republic Act No. 10175, September 12, 2012, on computer-related offenses).

Where the falsified record is used to deceive another into parting with money or property, prosecutors may also assess whether traditional offenses (for example, estafa-based theories) are implicated, and whether R.A. 10175’s provisions affect penalty treatment when offenses are committed through ICT. The exact charging decision is fact-sensitive and depends on the evidence, the transaction structure, and how the falsification was used.

Evidence and authentication: what businesses should preserve

Successful prosecution often depends less on suspicion and more on evidence quality. The Electronic Commerce Act places the burden of proving authenticity on the party introducing the electronic document and points to demonstrating identity and security procedures, including the ability to detect alteration (Republic Act No. 8792, June 14, 2000, Section 11). The Rules on Electronic Evidence support admissibility with proper authentication (A.M. No. 01-7-01-SC, 2001).

Businesses should preserve evidence in a way that supports integrity and traceability. The following items commonly matter:

Original electronic files (not just screenshots), including the PDF, its properties/metadata, and any “audit trail” from the e-signature service.
Email headers and full email chains showing transmission, recipients, timestamps, and attached file hashes where available.
System logs from document management systems, CRM/ERP platforms, accounting systems, payment gateways, or cloud storage (who uploaded/downloaded/edited a file, from what IP, and when).
Payment records from banks, e-wallets, or gateways that can disprove a fabricated receipt (transaction reference validation is often decisive).
Witness statements from employees handling the contract workflow, approvals, and payment verification.

Typical scenario: A supplier presents an “amended” PDF contract showing a higher price and claims it was signed. If the business can produce the e-signature audit trail showing only the original version was signed, plus email attachments showing the original file circulated, and logs showing when the amended file was created, the altered file becomes easier to attack as inauthentic data used for legal reliance.

Procedure: how to file and pursue a case

Cyber forgery cases follow ordinary criminal processes, but usually require tighter coordination between complainants, investigators, and prosecutors due to technical evidence.

Step 1: Internal incident documentation and preservation
Lock down relevant accounts and preserve the original electronic evidence. Avoid “cleaning” files or forwarding altered versions in ways that overwrite metadata. Document a chronology: when the genuine file was created, transmitted, signed, paid, and when the alleged falsified version appeared.

Step 2: Prepare a complaint-affidavit
Include: (a) narrative of facts; (b) identification of accused (or “John/Jane Doe” if unknown, with identifiers such as email, phone, usernames, IP data if available); (c) attachments (original files, audit trails, email headers, system logs, bank confirmations); and (d) sworn statements of custodians of records and relevant employees. Authentication matters because the party presenting electronic evidence bears the burden to show it is what it claims to be (Republic Act No. 8792, June 14, 2000, Section 11).

Step 3: File for preliminary investigation with the Office of the Prosecutor
For most cyber-enabled forgery complaints, filing is done through the appropriate prosecutor’s office with jurisdiction over the offense as alleged. Because cybercrime cases commonly involve coordination and monitoring, DOJ issuances require reporting and inventory of cybercrime and cyber-related cases and outline prosecution-side monitoring requirements (Department Circular No. 008, 2019; Department Circular No. 002, 2018). These do not replace the Rules of Court but reflect DOJ processes in handling and tracking cybercrime prosecutions.

Step 4: Coordinate with investigators for technical support
Expect requests for device examination, log extraction, and validation of transaction references. Cooperate while maintaining a clear chain of custody for documents and devices. If the suspect is internal, preserve access logs and consider isolating the account to prevent further tampering.

Step 5: Preliminary investigation timeline and case build-up
The prosecutor evaluates whether probable cause exists to file an Information in court. DOJ Department Circular No. 013 (2026) reflects DOJ policy on proactive prosecutorial involvement in case build-up for cybercrime offenses under R.A. 10175, supporting earlier prosecutor engagement during investigation stages where needed (Department Circular No. 013, 2026).

Step 6: Filing in court and trial (evidence presentation)
At trial, electronic documents must still be properly offered and authenticated under the applicable rules. Plan witnesses who can testify on how the document was generated, stored, transmitted, signed, and how alteration was detected, consistent with the Electronic Commerce Act’s authentication approach (Republic Act No. 8792, June 14, 2000, Section 11) and the Rules on Electronic Evidence (A.M. No. 01-7-01-SC, 2001).

Exceptions, defenses, and common points of dispute

Businesses should anticipate common defenses and gray areas, especially in disputes involving routine document editing:

Authority to revise: The accused may claim they were authorized to edit the document. Clear version control and approval workflows help rebut this.
No intent for legal reliance: For computer-related forgery, intent that the inauthentic data be considered for legal purposes is significant. Showing the altered PDF was used to demand payment, enforce delivery, or justify withholding performance supports intent (Republic Act No. 10175, September 12, 2012).
Authentication challenge: The opposing party may argue the complainant cannot prove which version is authentic. Audit trails, hashes, and logs help meet the burden (Republic Act No. 8792, June 14, 2000, Section 11).
“Someone else did it”: If the accused possessed and used the forged electronic document, prosecutors may rely on the evidentiary inference discussed in Brisenio, subject to satisfactory explanation and the totality of evidence (Brisenio v. People of the Philippines, G.R. No. 241336, 2021).

Compliance and risk controls for businesses using digital contracts

Reducing exposure to digital document forgery requires controls designed for authenticity and dispute readiness:

Use e-signature tools with audit trails that record identity signals, timestamps, IP data, and document integrity checks.
Adopt version control and locked PDFs after execution, with restricted editing permissions and centralized storage.
Require out-of-band payment verification (direct bank confirmation or portal validation) rather than relying on screenshots of receipts.
Train finance and sales teams to spot altered PDFs (mismatched fonts, broken pagination, altered metadata, inconsistent timestamps).
Maintain clear record custodianship so someone can testify on how records are generated and preserved for evidence.

Summary table: legal recognition and liabilities relevant to forged electronic documents

Subject	Rule / Standard	Common business example
Validity of electronic signatures	Electronic signature may be equivalent to handwritten signature if identity, reliability, consent/access, and verifiability conditions are shown (Republic Act No. 8792, June 14, 2000, Section 8).	Digitally signed supply agreement is enforceable if the signing method and process are reliable.
Presumptions on e-signatures	Presumed to be the signature of the correlating person and affixed with intent, unless reliance is unreasonable or defects are known (Republic Act No. 8792, June 14, 2000, Section 9).	Counterparty cannot easily deny an e-signature where audit trail and signature correlation are strong.
Authentication burden	Party presenting an electronic document bears burden to prove authenticity; security procedures and identity validation are relevant (Republic Act No. 8792, June 14, 2000, Section 11; A.M. No. 01-7-01-SC, 2001).	Company must show that the “original signed PDF” is genuine and the “amended PDF” is altered.
Computer-related forgery	Altering computer data without right to create inauthentic data, intending it to be acted upon for legal purposes as if authentic; or using forged computer data (Republic Act No. 10175, September 12, 2012).	Editing a PDF contract price and presenting it to demand payment; fabricating e-receipts.
Possession and use inference	Possession and use/uttering of a forged document may support an inference of authorship absent satisfactory explanation (Brisenio v. People of the Philippines, G.R. No. 241336, 2021).	Employee circulates the forged “receipt” to accounting to secure release of goods.

Final observations and recommendations

For Philippine businesses, the legal takeaway is straightforward: electronic signatures and electronic documents are not second-class records. They can be enforceable, admissible, and presumptively attributable when supported by reliable procedures (Republic Act No. 8792, June 14, 2000, Sections 8–11; A.M. No. 01-7-01-SC, 2001). Because of this legal recognition, falsifying or altering PDFs, e-signatures, or digital receipts can support prosecution under cybercrime provisions on computer-related forgery and related offenses (Republic Act No. 10175, September 12, 2012).

Businesses should (1) implement audit-trail capable signing and storage systems, (2) standardize version control and post-signing lock-down, (3) verify payments through source systems instead of screenshots, and (4) preserve evidence early when a dispute arises. If fraud is suspected, prepare a complaint-affidavit with original files and technical records, and coordinate closely with prosecutors and investigators during case build-up and preliminary investigation, consistent with DOJ cybercrime case monitoring and prosecution processes (Department Circular No. 002, 2018; Department Circular No. 008, 2019; Department Circular No. 013, 2026).

About Nicolas and De Vega Law Offices

Nicolas and de Vega Law Offices is a full-service law firm in the Philippines. You may visit us at the 16th Flr., Suite 1607 AIC Burgundy Empire Tower, ADB Ave., Ortigas Center, 1605 Pasig City, Metro Manila, Philippines. You may also call us at +632 84706126, +632 84706130, +632 84016392 or e-mail us at [email protected]. Visit our website https://ndvlaw.com.

SEARCH

LATEST POST