skip to content

ombudsman news

issue 116

March/April 2014

case studies - disputed transactions

Complaints about disputed transactions are rarely clear-cut. Where there are disagreements - or ambiguities - around how a transaction occurred, we make our decision based on what we think is most likely to have happened. As with any other issue, we take into account relevant law, regulations, and good industry practice.

Many complaints we see involve fraud - or suspected fraud. Typically, transactions will come to light that a consumer says were made by a third party who has somehow got hold of their card or payment details. In some cases, the business accepts this but is unwilling to refund the money. This is usually because the business thinks that the consumer has been particularly careless with their card - or has breached the terms and conditions of their account in some other way. We also hear from consumers whose bank is insisting that they authorised the “fraudulent” transactions - or even made them themselves.

We sometimes find that a consumer is reluctant to tell us the whole story. This could be because they’re embarrassed about being taken in by a scam - or about the circumstances in which the problem arose. But it isn’t our role - or the role of the business - to comment on this. Our job is to establish the most likely sequence of events - using evidence that can include police reports, bank statements, electronic records, and information about the business’s security procedures.

Aside from “traditional” plastic cards, people can now carry out transactions in an increasing number of ways. This is reflected in the complaints we’re seeing. In last year’s annual review we reported a rise in cases involving “phishing” - where a consumer is tricked, often by email, into handing over sensitive financial information to a fraudster. Since then, “phone” or “voice” phishing - “vishing” - has received a considerable amount of media coverage. Case study 116/9 involves a consumer who has been “vished”. We keep up-to-date with emerging technology - and the scams they make possible - so we can deal effectively with complaints that might involve them.

We often have to remind businesses of the rules about their liability for disputed transactions - and in particular the differences between credit cards and debit cards. Some cases we see - for example, case study 116/2 - involve transactions made using both. Many businesses told us they found our conference on disputed transactions (held last year in Birmingham) very helpful in improving their understanding. You can find more information about our general approach to complaints involving disputed transactions in our online technical resource.

issue 116 index of case studies

  • 116/1 - consumer complains bank won't refund unauthorised transactions because cardholder was "grossly negligent"
  • 116/2 - consumer complains bank won't accept liability for transactions made after purse is stolen
  • 116/3 - consumer complains that bank won't refund payments made through games console - which he says he didn't authorise
  • 116/4 - consumer complains about unsuccessful chargeback for disputed online gambling transactions
  • 116/5 - consumer complains that bank won't refund transactions made on a card he didn't receive
  • 116/6 - consumer complains bank has failed to recall payment made to scam holiday company
  • 116/7 - consumer complains that bank won't refund transactions made in a club
  • 116/8 - consumer complains that bank won't refund her after an account-emptying scam
  • 116/9 - consumer complains that bank won't refund her money after she gives scammers her card and bank details
  • 116/10 - consumer complains that bank refused to stop repayments to payday lender
  • 116/11 - consumer complains that bank refused to investigate unauthorised transactions that took place 18 months earlier

116/1
consumer complains bank won't refund unauthorised transactions because cardholder was "grossly negligent"

In early 2012 Mrs L had a stroke. Her husband, Mr L, called an ambulance and Mrs L was taken to hospital. Sadly, she had a second stroke and died two weeks later.

A few days later Mr L discovered that 22 unauthorised withdrawals amounting to more than £6,000 had been made from his wife’s bank account. Their granddaughter, Miss L, later confessed to making the withdrawals using Mrs L’s debit card - which she had stolen on the day of Mrs L’s first stroke while other family members were helping Mrs L.

Mr L contacted Mrs L’s bank to ask for the unauthorised withdrawals to be refunded. But the bank refused. They pointed out that Mr L had mentioned that his wife had kept the card in her bedside table - along with the letter that showed its PIN. They said that they considered that Mrs L hadn’t taken reasonable care of her card - and in fact had acted in a “grossly negligent” way. The bank said that in their view, Mrs L was liable for the transactions - whether she had authorised them or not.

Mr L complained. But when the bank wouldn’t reconsider, he referred the matter to us on behalf of his wife’s estate.

complaint upheld

The bank told us that they accepted that Mrs L hadn’t authorised the transactions. So we needed to consider whether, as they suggested, she had been “grossly negligent” with her card.

We asked Mr L how long his wife had had the account - and how she had used it. Mr L explained that Mrs L had had the account for about five years, but hadn’t ever withdrawn money from it. He said that she had kept the card - with the PIN letter - in the same drawer all that time.

We understood that Miss L had been prosecuted for theft in the meantime. Mr L told us that he and Mrs L had lived next door to their son and his family for a few years - and this had been the first instance of anything being stolen, or of any attempted theft.
We explained to the bank that, in other circumstances, we might have decided that keeping the card with its PIN amounted to “gross negligence” - that is, more than just carelessness. For example, if the card and PIN had been kept together in a wallet and carried about in a public place.

However, we reminded the bank what had happened on the day of the theft. We said we didn’t think it was reasonable to expect the security of her card to be Mrs L’s primary concern while she was waiting for the ambulance to arrive. We pointed out that Mrs L hadn’t knowingly let a thief into her house, and that she couldn’t physically have stopped the theft - even if she’d known it was happening.

We decided it was reasonable for Mrs L to have thought that the drawer was a secure place to keep her card. She had done so for years without anything going wrong - and she’d had no reason to suspect that someone in her family had criminal intentions.

Taking everything into account, we didn’t feel that Mrs L had acted in a “grossly negligent” way. We upheld the complaint, telling the bank to put her account in the position it would be in if the unauthorised withdrawals hadn’t been made. We also told the bank to pay Mrs L’s estate £250 in compensation for the distress and inconvenience Mr L had been caused by having to pursue the complaint.

116/2
consumer complains bank won't accept liability for transactions made after purse is stolen

Miss K phoned her bank to cancel her credit card and debit card. She explained that her purse had been stolen as she travelled to work on the Tube. However, she had only noticed when she got to work - by which time, she said, several transactions had already been made on the accounts.

The bank asked Miss K how she thought her purse had been taken. She said that there had been a suspicious-looking man standing close to her in the carriage, and she thought he had probably stolen it from her bag. When asked how the thief could have known her PINs, Miss K said she didn’t know - and she insisted that she hadn’t kept a record of them.

The bank told Miss K that they thought it was “highly unlikely” that her purse could have been taken without her noticing. They also said that - if Miss K hadn’t made them herself - the only way the transactions could have been made was if she had kept her PINs with her cards. Either way, the bank said that Miss K was liable.

Miss K disagreed - and complained. When the bank rejected her complaint, she asked us to step in.

complaint partly upheld

We established that Miss K had given an account of what had happened to three people - to British Transport Police, at a tube station ticket window, and to her bank. Having looked through these separate reports, we were satisfied that they were consistent with each other.

But we still needed to decide whether Miss K’s version of events was plausible. So we asked her for copies of statements for the accounts - so we could establish where and over what period of time the disputed transactions took place. We saw that withdrawals had been made at two cash points very close to where Miss K believed her purse had been stolen. This was a busy interchange station, where she would have needed to make a connection to get to work.

We also noted that since she’d had the account, Miss K had never made a withdrawal as large as the transactions in question - which were each at her daily limit of £250.

We felt the bank was wrong to say it was “highly unlikely” that Miss K wouldn’t have realised she’d been pickpocketed. We pointed out to them that during that year, there had been more than 7,000 reported thefts on the Underground. We found no reason to doubt that Miss K’s purse had been stolen as she said.

It still wasn’t clear, though, how the transactions could have been authorised without the PINs. We asked the bank for its system notes - which confirmed that the genuine cards had been used to make the transactions. The last authorised withdrawal using Miss K’s debit card had taken place in her home town on the day before the theft. In our view, it was unlikely that the thief would have been watching her there - to find out the PIN in advance. We also noted that Miss K hadn’t yet used the credit card that had been stolen.

The terms and conditions of Miss K’s debit card said that if a cardholder had been negligent with their PIN, the bank couldn’t be held liable for any unauthorised transactions. We decided that - on the balance of probabilities - the most likely explanation for what had happened was that Miss K had kept her PINs with her cards. We felt that - as a regular commuter - she should have realised that this was careless, and could lead to problems.

However, the Consumer Credit Act says that a consumer can’t be held liable for unauthorised transactions made by someone who has the card without the cardholder’s consent. This meant that in the case of Miss K’s credit card, the issue of whether she’d recorded her PIN was irrelevant.

So we upheld Miss K’s complaint in part. We told the bank to refund the withdrawals that had been made on her credit card. However, we felt she hadn’t taken sufficient care of her debit card and its PIN - so we didn’t tell the bank to cover the debit card withdrawals.

116/3
consumer complains that bank won't refund payments made through games console - which he says he didn't authorise

When he got his credit card statement for October, Mr T noticed several transactions on there that he didn’t recognise. The beneficiary on the statement was a games company that Mr T had an account with. He had bought his son a games console for Christmas and set up the account at the time.

Apart from when he’d set up the account, Mr T couldn’t remember authorising any payments to the company. But when he looked back over his previous statements, he realised that a lot of transactions had been made each month since Christmas. Although each one was small, they amounted to more than £1,000 over ten months.

Mr T called his bank to say he thought his credit card had been used fraudulently. The bank said it would investigate - and got in touch with the games company to find out what had happened. The games company told the bank that, as far as they were concerned, the transactions weren’t fraudulent; they related to purchases of “points” needed to play games, and had been made while Mr T’s account was signed in.

On the basis of this advice, the bank told Mr T that they weren’t willing to refund him. He complained, but the matter was eventually referred to us to sort out.

complaint not upheld

Mr T told us that he rarely used the credit card - and had set up a direct debit to pay off the full balance each month. So we appreciated how the small transactions could have built up without his knowledge - and we could understand why he hadn’t noticed them immediately. However, we needed to establish whether, as he suspected, they were fraudulent.

We asked Mr T how he had set up the account initially. He explained that, on Christmas Day, he had sat down with his son in front of the games console and followed the online process. At the final stage, Mr T had read out the credit card details to his son - who had entered them directly into the console. Mr T said that this had been the first and only time any payment details were put in. The account was in his son’s name - but his son didn’t have access to the credit card.

We understood the bank had already made enquiries with the games company. However, we got in touch with the company directly to find out some more information - in particular, whether Mr T’s card details could have been stored in the console for any reason. The games company explained that the payment details used by a customer to set up their subscription couldn’t be removed until the subscription expired. They also showed us the terms and conditions of the subscription. We noted that by consenting to these, a customer was authorising the account-holder to use the payment details that had been provided.

In light of this information, we thought it was unlikely that the transactions on Mr T’s account were fraudulent. In our view, the most likely explanation was that Mr T’s son had been able to buy “points” without Mr T knowing because the card details were stored in the games console.

The Consumer Credit Act 1974 says that someone can be held liable for transactions made using their card by someone they have authorised to use it. And we took the view that this applied in Mr T’s case. The account with the games company was in the name of Mr T’s son - so Mr T had confirmed, by accepting the terms and conditions, that he authorised his son’s use of the card.

We appreciated that Mr T had unwittingly spent a lot of money. But we explained that, in the circumstances, we didn’t think it was fair to make his bank refund the transactions. We didn’t uphold his complaint.

116/4
consumer complains about unsuccessful chargeback for disputed online gambling transactions

Mrs B called her bank to tell them that three unauthorised transactions had been made with her debit card - each on the same date and each of around £2,000. Within a week, the bank had refunded the transactions into her current account. They then began the “chargeback” process to recover the money from the “merchant” business - in this case, a gambling company.

Shortly afterwards Mrs B’s bank got in touch with her. They explained that the gambling company had disputed the chargeback - saying that Mrs B had an online account with them, which had been securely logged in to their website at the time the transactions were made. The bank told Mrs B that, based on this information, they believed she had authorised the transactions - and that they would be re-debiting the money from her current account.

Unhappy with the situation, Mrs B complained. She said she accepted that she’d had an account with the gambling company, but she insisted that she’d closed it before the transactions were made. However, she couldn’t explain how someone else could have used her online account. The bank refused to change their decision, and the complaint was referred to us.

complaint not upheld

We needed more information about Mrs B’s account with the gambling website - and how she had used it - to decide whether the bank’s decision was reasonable. So we asked the gambling company to provide us with a statement of Mrs B’s recent activity. This showed that Mrs B had opened her account a month before the disputed transactions took place. We noted that, over time, the deposits she had made had grown progressively larger. And that several of the more recent transactions that Mrs B wasn’t disputing were of a similar size to those that she was.

We also found that Mrs B had closed her online account a few days after the disputed transactions happened. This wasn’t consistent with the sequence of events she had given to her bank. When we asked, Mrs B couldn’t provide any evidence that someone else had used her account.

We explained to Mrs B that a bank isn’t obliged to continue with a chargeback that they believe will be unsuccessful. In the circumstances, we felt her bank had taken the process as far as they could.

We decided, on the balance of probabilities, that the transactions had been authorised - and that the bank shouldn’t have to refund the money. We didn’t uphold Mrs B’s complaint.

116/5
consumer complains that bank won't refund transactions made on a card he didn't receive

Mr H noticed several unexpected transactions on his bank statement for June. These had been made at a variety of shops and cash machines in London - and came to more than £1,500 in total. Worried that he was a victim of fraud, Mr H called his bank to find out what he should do - and how to get the money back.

The bank looked into the situation. They told Mr H that the transactions had been made using a replacement card they had issued in March. Mr H was confused. He said that he hadn’t been expecting a new card - and that his existing one was still working. In fact, he said, although he only used that particular account for direct debits, he had recently used his card to make a balance enquiry at a cash point.

Mr H explained to the bank that he lived in London at the weekends - but worked in Liverpool during the week. He said that his London flat had a shared post-box system - and there had been some trouble in the past with post being interfered with. He also pointed out that if something he didn’t even know about had gone missing, it wasn’t his fault.

However, the bank told Mr H that he should have made sure his new card and PIN were secure, and that they weren’t willing to refund the transactions. Mr H didn’t think this was fair, and he eventually asked us to step in.

complaint upheld

We asked the bank to send us the terms and conditions of Mr H’s current account. These said that a customer couldn’t be held liable for unauthorised transactions - unless they had acted fraudulently or hadn’t taken reasonable care of their card and PIN. There was no indication that Mr H had acted fraudulently. So we needed to decide whether he had been careless with the card and PIN - or whether he had authorised the transactions in some way.

The bank told us that they believed the new card had been in Mr H’s possession at the time the transactions took place. However, they couldn’t tell us whether the old one was still active - because they had already removed it from their system.

We then asked the bank for evidence of where and how the disputed transactions took place. We noted the pattern and nature of the transactions - made over a short period, in a localised area, and with several failed attempts. This was consistent with how an opportunist fraudster might behave.

We had no reason to doubt Mr H’s explanation of the postal problems at his flat. And because his old card was still working, he’d had no reason to expect a new one in the post - and wouldn’t have noticed that it had gone missing.

In these circumstances, we thought it was unreasonable for the bank to say that Mr H hadn’t taken reasonable care of the new card and PIN. We thought it was likely that Mr H had never received the card - which meant he couldn’t be held liable for the transactions made with it. We upheld the complaint - telling the bank to refund all the disputed transactions.

116/6
consumer complains bank has failed to recall payment made to scam holiday company

One evening, Miss E was searching online for summer holidays. She found a Spanish villa that she was interested in - and filled in an enquiry form on the owner’s website. However, she then found the same villa - at a discounted rate - on a third-party holiday website. The website’s booking page said that to secure the date they wanted, customers needed to pay the rental money upfront. So Miss E logged in to her online bank account and made an international “SWIFT” transfer of €1,900 to the company.

Early the next morning Miss E received a phone call from a Spanish number. It was the owner of the villa - asking whether she was still interested in renting it. Miss E explained that she’d already made a booking through the holiday website. When the owner told her that he only accepted direct bookings, Miss E began to worry that something wasn’t right. When she looked online she found that people were reporting that the holiday website was a scam.

Miss E phoned her bank straight away to explain what had happened. She was told that an attempt to recall the SWIFT payment would be processed immediately. Three days later, the bank phoned Miss E back. They said that the request to recall the payment had been sent to the wrong department - and hadn’t been processed in time. And they hadn’t been able to contact the Spanish bank that the recipient’s account was with. This meant that the SWIFT payment couldn’t be cancelled.

Miss E was angry and upset - and made a complaint. The bank acknowledged their mistake. However, they insisted that they’d done all they could - and that their mistake hadn’t affected the chances of recovering the money. They offered Miss E £150 to compensate her for the inconvenience. But Miss E rejected the offer and brought the complaint to us.

complaint upheld

We needed to decide whether the bank had done everything it could to cancel the SWIFT payment. We asked to see their system notes so we could establish what had happened after Miss E had got in touch with them.

Miss E told us that she used the website on the Thursday evening. This was consistent with the bank’s records - which showed that the SWIFT payment process had been initiated at 9am on Friday morning. Looking at the bank’s notes, it was only an hour after this that Miss E phoned to ask them to recall the payment. However, we saw no evidence that they had made any attempt to do so - in spite of assuring Miss E that the request would be processed immediately.

We noted that the payment from Miss E’s bank account to the scam company’s bank account had been facilitated by an intermediary bank. We got in touch with the intermediary bank to ask about their own process for recalling SWIFT payments. They confirmed that if Miss E’s bank had contacted them, they could have sent a “SWIFT message” to the recipient bank the same day - telling them to return the payment or to treat it as null and void. But there was no record of Miss E’s bank trying to contact the intermediary bank. Nor had they contacted the recipient bank - as they had told Miss E they had.

We couldn’t say for certain that Miss E would have been able to recover the money she transferred to the scam company. However, given how quickly she contacted her bank, we thought it likely that she would have recovered it.

We decided that the bank’s lack of action was a major factor in the recall being unsuccessful. So we told them to refund her the full €1,900 plus 8% interest - as well as paying her the £150 compensation that they had already offered.

116/7
consumer complains that bank won't refund transactions made in a club

Mr B was about to turn forty, and he and some friends went abroad for a long weekend to celebrate.

On the Monday, when Mr B was back home, his bank got in touch with him to say that he had gone over his overdraft limit. The bank said that a series of transactions - made on the Saturday night - had come to over £3,000. Mr B said that he had been in a club with friends, but hadn’t spent anywhere near that amount of money - and that someone at the club must have used his card fraudulently.

The bank asked Mr B what he thought had happened. Mr B said he’d had his card in his pocket the whole evening - and hadn’t left it behind the bar. He suggested that maybe a waitress had taken his card without him seeing and used it at the bar - and then returned it to him. He also said it was possible that someone at the bar had cloned his card when he had paid for some drinks - and used it to make the payments. The bank told Mr B that they would investigate and let him know what they found.

A few days later the bank got in touch with Mr B. They told him that his genuine card had been used for each transaction - and that each payment had been authorised by his signature. They said that on this basis, Mr B was liable for the transactions.

But Mr B said he hadn’t authorised the payments, and he complained to the bank, saying that they must have made a mistake. When the bank refused to reconsider, Mr B asked us to step in.

complaint not upheld

Mr B talked us through what had happened. He told us that he hadn’t left his card behind the bar and that it had been in his pocket the whole time. When we looked at the information the bank sent us, we noted that Mr B had signed to authorise various payments during the evening - and that it looked as though he had eventually left his card behind the bar and accumulated a large tab, that he had signed to authorise at the end of the evening.

We thought it was unlikely that Mr B’s card had been taken from his pocket and then returned without his noticing. We also decided that the chances of his card having been cloned were slim. There had been no other reports of this sort of activity happening at the club, and the bank’s records showed that Mr B’s card had been used to authorise each payment.

Taking everything into account, we decided it was likely that Mr B had left his card behind the bar and accumulated a large tab without realising how much money he was spending. Under these circumstances, we decided that the bank couldn’t be held liable for the transactions - and we didn’t uphold Mr B’s complaint.

116/8
consumer complains that bank won't refund her after an account-emptying scam

Ms L received a phone call from her bank. The person she spoke to said there had been some “suspicious activity” on her account - and asked her if she had made certain purchases. When Ms L said she hadn’t, the person on the phone said that she should call a different department at the bank straight away to sort the problem.

Ms L called the number on the back of her debit card. The person she spoke to asked her some security questions and then confirmed that suspicious activity had taken place. They said that Ms L should immediately transfer all the money from her account to a different account - and he gave her the details of that account over the phone. Ms L transferred the money straight away.

When Ms L told her partner what had happened, he was worried. He suggested she call her bank to check she’d done the right thing.

It turned out that Ms L had been the victim of a scam. The fraudster had put a technical fix in place so that when Ms L ended the first call and rang the number for her bank, she’d actually just reconnected with the fraudster.

Ms L had transferred the money to an account at a different bank. When her own bank tried to recover the money, it was too late.

Ms L asked the bank to refund the money. But the bank said that although they recognised that this was a highly distressing matter, the transfer had been a legitimate request and she had carried it out herself. The bank pointed out that because Ms L had been logged into her online banking account and had authorised the transfers herself, they weren’t liable.

Ms L was unhappy with the bank’s decision, and she complained. She said that her account should be covered by the bank’s fraud guarantee. She also said that the bank knew about this type of scam and should have warned her - and that she hadn’t acted recklessly, because she’d thought she was following the bank’s instructions.

The bank refused to reconsider its position - so Ms L referred her complaint to us.

complaint not upheld

There was no disagreement about what had happened. Ms L had been tricked into giving away a large amount of money. We could see that this was an awful situation for Ms L, and could understand why she was so upset. Our job was to decide whether the bank had acted unfairly - and to handle things as sensitively as we could.

We listened to both sides of the argument. We could understand why Ms L thought the bank ought to refund the money - because she’d thought she was following the bank’s instructions. But she had logged in to her account herself using her usual details. She herself had asked the bank to transfer the money, and the bank had fulfilled her request. So there hadn’t been any unauthorised access to Ms L’s account.

We thought it would be difficult for banks to alert their customers to scams - simply because of the sheer number and variety of scams that are out there. Banks aren’t obliged to tell their customers about scams they might come across. And in any case, we decided that the bank hadn’t contributed to the problem by not telling Ms L that she might be contacted by fraudsters.

We were very sorry that Ms L had been the victim of a scam. But we decided that the bank hadn’t acted unfairly, and we didn’t uphold her complaint.

116/9
consumer complains that bank won't refund her money after she gives scammers her card and bank details

Mrs J received a phone call from her bank to tell her that her card had been cloned - and that she should ring another department at the bank immediately.

Mrs J put the phone down and rang the number on the back of her debit card. The person she spoke to asked her the usual security questions before they would discuss anything with her.

Mrs J was then asked to give some more details - including the log-in details for her online banking account - and to type her PIN into her phone’s keypad. Once she’d done this, the person on the line told Mrs J that they were sending a courier to pick up her existing card, and that a replacement would be sent out within five working days. Mrs J did everything she was asked to do, and the courier collected her card later that day.

But after three days Mrs J started to get worried. She hadn’t received a new card and nobody from the bank had contacted her. So she checked her account online, and saw that several large transactions had been made. She realised that she had probably been the victim of a scam.

She got in touch with her bank and asked them to get the money back. But the bank said that they weren’t responsible for what had happened - and that Mrs J hadn’t taken care of her security details. They refused to refund the money.

Mrs J complained, but the bank refused to reconsider. So Mrs J decided to refer her complaint to us.

complaint upheld

We looked carefully at the terms and conditions of Mrs J’s account, and we noted that unauthorised transactions would normally be covered by the bank. But the bank was saying that this was a case of “gross negligence”.

The bank said that Mrs J should have known better than to disclose her log-in details and hand over her card. They pointed out that their online banking site, which Mrs J often used, warned people never to give out their full passwords - even to the bank. They also said that Mrs J should have read the security leaflet they’d sent her, which included some information on telephone scams.

We took the bank’s arguments into account. But we decided that although Mrs J’s actions had allowed the scammers to use her card fraudulently, she herself hadn’t authorised the transactions.

The person who had called Mrs J had stressed the urgency of the situation - and that she needed to act to make sure her account and card were safe. Mrs J had phoned the number she believed to be her bank’s immediately. The conversation had started with security questions, so Mrs J had had no reason to think that anything was wrong.

Taking everything into account, we took the view that Mrs J hadn’t acted in a grossly negligent way. And we were satisfied that she clearly hadn’t authorised the transactions herself. In these circumstances, we told the bank to refund her all the money in question.

116/10
consumer complains that bank refused to stop repayments to payday lender

Mrs C was short of money, so she decided to take out a payday loan. The application process went smoothly. Mrs C gave her debit card details to the lender so they could take the repayment from her account at the end of the month.

But as the repayment date approached, Mrs C realised that she had less money than she’d thought. She asked her bank to stop the repayment from leaving her account, but they said they couldn’t help. They explained that because this was a single payment - rather than a recurring one - only the loan company could do something about it.

Because Mrs C still needed money, she took out another loan out with the same company - and the same thing happened again the following month.

Unfortunately, Mrs C couldn’t find her way out of the situation. She took out a number of loans - and each time asked her bank to stop the repayment from leaving her account. Each time the bank said that they couldn’t help.

Mrs C complained to the bank, saying that they ought to be able to stop the repayments going out. But the bank said they couldn’t do anything about it.

Mrs C was getting increasingly desperate, and she decided to come to us for help.

complaint upheld

We needed to decide whether the repayments to the lender had been authorised.

When Mrs C had given her card details to the lender to allow them to take the repayments from her account, she had authorised the repayments. But when she later asked the bank to stop the repayments, we decided that they became unauthorised.

The bank argued that when Mrs C had taken out subsequent loans, she was authorising the repayments again. But we couldn’t see any evidence to show that this had happened. We could see that Mrs C had given a standing authority for future repayments when she took out the first loan - and the subsequent repayments would have been made under this authority. But when Mrs C asked the bank to stop the repayments, the standing authority should have ended.

In cases where we decide that a bank has made unauthorised payments, we usually tell them to refund the money to their customer. In this case, however, the money wasn’t Mrs C’s - because the money belonged to the lender. If the payments had been stopped, then Mrs C would still have owed the lender money. So Mrs C wasn’t out of pocket because of the bank’s actions.

But we could see that the bank’s refusal to stop the payments had caused Mrs C a lot of distress - when she really needed support. So we told them to pay Mrs C £350 compensation.

116/11
consumer complains that bank refused to investigate unauthorised transactions that took place 18 months earlier

Ms D ran a small business - and had a business account with her bank. When her accountant was going through her records he noticed some payments he didn’t recognise from 18 months earlier. They’d all been made to the same company, and they came to almost £4,000 in total.

The accountant asked Ms D what the payments were for. But Ms D had never heard of the company and was sure she hadn’t authorised the payments. So she got in touch with her bank to see if they could shed any light on things.

Ms D’s bank said that under the relevant regulations, customers can only “seek redress” within 13 months of a transaction happening - otherwise the bank won’t investigate. The bank pointed out that more than 13 months had passed, and in any case, it no longer had any records of the transactions.

Ms D thought this was unfair, and she complained to the bank. She pointed out that she ran a small business, and couldn’t afford to lose this sort of money. She also said she’d thought the bank was there to support her - and she was annoyed that they wouldn’t even look into what had happened to her money.

The bank refused to reconsider, so Ms D got in touch with us.

complaint upheld

When we looked at the terms and conditions of Ms D’s account, they said that “Payments will be made from your Account provided they are authorised by you in a way agreed between you and us…”

So we decided that if a payment hadn’t been authorised, Ms D would be entitled to a refund in line with the terms and conditions of her account.

We also looked at the regulations that the bank had relied on when it refused to investigate the transactions. We disagreed with the bank’s interpretation of the regulations. We saw nothing in them to suggest that the bank shouldn’t investigate Ms D’s complaint. We thought it would have been reasonable for the bank to have contacted the company the payments had gone to - to try and find out what had happened.

But in any case, we decided that Ms D hadn’t been “seeking redress” under any specific regulations. She was querying whether the payments had been authorised in the first place because, under the terms of her account, she’d thought that only authorised payments would leave her account.

It was up to the bank to decide how long they would hold transaction data. But we decided that the bank needed to show it had authorisation to pay the money in question out of Ms D’s account. The bank couldn’t supply any evidence to show this - so we weren’t satisfied that the payments had been authorised.

In these circumstances, we told the bank to refund the money to Ms D’s account, plus interest. We also told them to pay £200 to compensate her for refusing to investigate her complaint.

image: ombudsman news

ombudsman news gives general information on the position at the date of publication. It is not a definitive statement of the law, our approach or our procedure.

The illustrative case studies are based broadly on real-life cases, but are not precedents. Individual cases are decided on their own facts.