Financial Ombudsman Service decision

Santander UK Plc · DRN-6190711

Authorised Push Payment (APP) ScamComplaint upheldDecided 30 January 2026
Get your free legal insight →Email to a colleague
Get your free legal insight on this case →

The verbatim text of this Financial Ombudsman Service decision. Sourced directly from the FOS published decisions register. Consumer names are reduced to initials by FOS at point of publication. Not an AI summary, not a paraphrase — every word below is the original decision.

Full decision

The complaint Mr B complains that Santander UK Plc (Santander, hereinafter) hasn’t refunded the losses he’s incurred when falling victim to an Authorised Push Payment (APP) job task scam. What happened The facts are well known to both parties, so I have outlined the key details. Mr B had fallen victim to a separate scam only a couple of months before this one. In summary, Mr B says he was approached by the scammer on a social media messaging platform and was offered a job. He was told he could earn commission from completing tasks that involved reviewing items on online shopping sites. Mr B says he researched the company online and it appeared to have a genuine website. He was also added to a chat group with others who were similarly completing the tasks. As part of the scam, Mr B was convinced to send funds to the scammer. Mr B was guided by the scammer to open a cryptocurrency wallet with a genuine provider I’ll refer to as C and send his funds to them from there. Mr B didn’t have any prior cryptocurrency trading experience. Mr B funded the scam through money he withdrew from his own business account. From his Santander account, Mr B made the following payments: Date Time Payment Type Amount 10/09/2024 22:45 Faster payment to Mr B’s wallet with C £25.00 11/09/2024 13:39 Faster payment to Mr B’s wallet with C £400.00 11/09/2024 15:38 Faster payment to Mr B’s wallet with C £150.00 11/09/2024 17:14 Faster payment to Mr B’s wallet with C £600.00 12/09/2024 13:33 Faster payment to Mr B’s wallet with C £3,000.00 12/09/2024 14:20 Faster payment to Mr B’s wallet with C £6,500.00 12/09/2024 16:24 Faster payment to Mr B’s wallet with C (DECLINED) £13,000.00 12/09/2024 N/A Credit from Mr B’s wallet with C £998.10 14/09/2024 N/A Credit from Mr B’s wallet with C £433.94

-- 1 of 9 --

Total £9,242.96 Mr B realised he had fallen victim to a scam when Santander intervened on a £13,000 faster payment he attempted on 12 September 2024. He was then able to recoup £1,432.04 from his cryptocurrency wallet with C. Mr B raised a scam claim with Santander, but the bank refused to refund him because he authorised the payments, they went to an account in his name, meaning the loss stemmed from C rather than Santander, and because it appropriately intervened and unveiled the scam. So, Mr B referred the complaint to the Financial Ombudsman Service. Our Investigator found that Santander should have intervened when Mr B made the fifth scam payment to the scammer for £3,000 on 12 September 2024. Mr B hadn’t been coached by the scammer and Santander’s later warning resonated with him so earlier intervention would have successfully unveiled the scam. Our Investigator however said Mr B was also responsible for his loss because he failed to conduct enough research to verify the job offer was genuine. So, it was recommended liability for the losses should be shared equally by the parties, from payment five onwards. Santander disagreed with our Investigator’s view for the same reasons it refused to refund Mr B in the first place. I’ve issued a provisional decision on this complaint on 30 January 2026. Below is what I said. “I’ve considered all the available evidence and arguments to decide what’s fair and reasonable in the circumstances of this complaint. I’m aware that I’ve summarised this complaint briefly, in less detail than has been provided, and in my own words. No discourtesy is intended by this. Instead, I’ve focused on what I think is the heart of the matter here. If there’s something I’ve not mentioned, it isn’t because I’ve ignored it. I’m satisfied I don’t need to comment on every individual point or argument to be able to reach what I think is the right outcome. Our rules allow me to do this. This simply reflects the informal nature of our service as a free alternative to the courts. Where the evidence is incomplete, inconclusive, or contradictory, I must make my decision on the balance of probabilities – that is, what I consider is more likely than not to have happened in the light of the available evidence and the wider surrounding circumstances. I don’t doubt Mr B has been the victim of a scam here – he has lost a large sum of money and has my sympathy for this. However, just because a scam has occurred, it does not mean Mr M is automatically entitled to recompense by Santander. It would only be fair for me to tell Santander to reimburse Mr M for his loss (or a proportion of it) if: • I thought Santander reasonably ought to have prevented all (or some of) the payments Mr B made, or

-- 2 of 9 --

• Santander hindered the recovery of the payments Mr B made whilst ultimately being satisfied that such an outcome was fair and reasonable for me to reach. I’ve thought carefully about whether Santander treated Mr B fairly and reasonably in its dealings with him, when he made the payments and when he reported the scam, or whether it should have done more than it did. Having done so, I’ve provisionally decided to uphold Mr B’s complaint, but in a different way from our Investigator. I’ll explain why. I have kept in mind that Mr B made the payments himself, and the starting position is that Santander should follow its customer’s instructions. So, under the Payment Services Regulations 2017 (PSR 2017) he is presumed liable for the loss in the first instance. And I’ve given serious consideration to Santander’s argument that banks generally have a contractual duty to make payments in compliance with the customer’s instructions, as the Supreme Court has recently reiterated in Philipp v Barclays Bank UK PLC. In that case, the Supreme Court considered the nature and extent of the contractual duties owed by banks when making payments. Among other things, it said, in summary: • The starting position is that it is an implied term of any current account contract that, where a customer has authorised and instructed a bank to make a payment, the bank must carry out the instruction promptly. It is not for the bank to concern itself with the wisdom or risk of its customer’s payment decisions. • The express terms of the current account contract may modify or alter that position. For example, in Philipp, the contract permitted Barclays not to follow its consumer’s instructions where it reasonably believed the payment instruction was the result of APP fraud; but the court said having the right to decline to carry out an instruction was not the same as being under a duty to do so. In this case, Santander’s terms and conditions gave it rights (but not obligations) to block payments if it suspected criminal activity on a customer’s account or if it were protecting them from fraud. The terms and conditions explain if Santander blocks a payment, it will let its customer know as soon as possible, using one of its usual channels. So, the starting position at law was that: • Santander was under an implied duty at law to make payments promptly. • It had a contractual right not to make payments where it suspected criminal activity. • It could therefore block payments, or make enquiries, where it suspected criminal activity, but it was not under a contractual duty to do either of those things. Whilst the current account terms may not oblige Santander to make fraud checks, I do not consider any of these things (including the implied basic legal duty to make payments promptly) precluded Santander from making fraud checks before making a payment. And, whilst Santander was not required or obliged under the contract to make checks, I am satisfied that, taking into account longstanding regulatory expectations and requirements and what I consider to have been good practice at the time, it should fairly and reasonably have been on the look-out for the possibility of APP fraud and have taken additional steps, or made additional checks, before processing payments in some circumstances – as in practice all banks, including Santander, do.

-- 3 of 9 --

So, overall, considering the relevant: law and regulations; regulators’ rules, guidance and standards; codes of practice; and, where appropriate, what I consider to be good industry practice at the time – Santander should fairly and reasonably: • Have been monitoring accounts and any payments made or received to counter various risks, including anti-money laundering, countering the financing of terrorism, and preventing fraud and scams. • Have had systems in place to look out for unusual transactions or other signs that might indicate that its customers were at risk of fraud (among other things). This is particularly so given the increase in sophisticated fraud and scams in recent years, which payment service providers are generally more familiar with than the average customer. • In some circumstances, irrespective of the payment channel used, have taken additional steps, or make additional checks, before processing a payment, or in some cases decline to make a payment altogether, to help protect customers from the possibility of financial harm from fraud. • Have acted to avoid causing foreseeable harm to customers, for example by maintaining adequate systems to detect and prevent scams and by ensuring all aspects of its products, including the contractual terms, enabled it to do so. Was Santander required to intervene earlier than it did? So, I’ve thought about whether the transactions should have highlighted to Santander that Mr B might be at a heightened risk of financial harm due to fraud or a scam. Having done so, I believe Santander should have intervened earlier than it did, specifically, by the time Mr B made the £3,000 payment on 12 September 2024. I say this because: • The value of the payment, both on its own and combined with the previous ones, was substantial, and Mr B didn’t have a history of regularly making high value transactions from his account. • Looking at the pattern of activity, it was the fifth payment in a row over three days to go to the same payee, with individual amounts progressively increasing. So, by this payment, Santander should have identified a pattern of fraud to have likely emerged. • It went to an identifiable cryptocurrency provider, and whilst Santander has argued that C was not subject to limits or concerns at the time of these payments, it was widely known and accepted in the industry that payments involving cryptocurrency can carry higher risks than other types of payments. Therefore, due to the prevalence of scams involving cryptocurrency payments, I think it would be reasonable to expect Santander to have been on the lookout and monitor its customers’ accounts against the risks associated with those payments, by the time these events took place in September 2024. To be clear, I’m not suggesting that Santander should provide a warning for every payment made to cryptocurrency. Instead, as I’ve explained above in detail, I think it was a combination of the characteristics of the £3,000 payment (combined with those which came before it, and the fact the payment went to a cryptocurrency provider) which ought to have prompted a warning about the risk of scams involving cryptocurrency.

-- 4 of 9 --

In the individual circumstances of this case, I would have expected a proportionate intervention to take the form of a tailored online warning, based on the reason Mr B had given for the payment. Furthermore, I think Santander should have also taken further steps to protect Mr B from the risks of financial harm when he made the following payment for £6,500, by blocking the payment and calling Mr B to query it in more detail. In coming to this finding, I’ve considered that the payment value doubled in size, and it was made less than an hour after the previous one. Would Santander’s intervention have made a difference? The question for me to answer next is whether, on the balance of probabilities, Santander would have been able to prevent Mr B’s further losses, had it intervened during the scam, in the way I’ve described above. I’ve considered that point carefully and I think a tailored warning of the type I’ve described would not have, alone, unveiled the scam for Mr B. I say this because I think a good, tailored warning would have advised Mr B to verify the company that had contacted him genuinely existed. But the scammer did impersonate a representative from a genuine job agency, and Mr B explained in the call of 12 September 2024 that he had already checked the company online before getting started, so I believe this would have satisfied him he was dealing with a genuine job offer from a genuine agency. Moreover, in that same call with Santander’s fraud specialist, Mr B said he had been making some money already on the job task platform, which would have further reinforced his belief he was dealing with a genuine job opportunity. Mr B remained sceptical about the scam not being real, even after he verified with the genuine job agency that the scammer was posing as one of their recruiters, and it took a while for the fraud specialist at Santander to persuade him he should stop all payments to the scammer. So, I don’t believe that, on balance, a tailored written warning, whilst making the payment on the Santander app, would have instilled enough doubt in Mr B to make him realise he’d fallen victim to a scam. I’ve come to a different conclusion about the £6,500 payment, as I’ve explained it was high value and out-of-character enough to require human intervention, and not just a warning. The scam chat transcripts show that Mr B wasn’t coached by the scammer on what to tell banks as he was making the payments. The fraud intervention call further shows how Mr B didn’t mislead Santander as to the true purpose of his transactions, which led to the fraud specialist being able to give him a warning tailored to job task scams. Even if Mr B was in disbelief to begin with, due to having received some returns from the scam, he heeded the fraud specialist’s advice, took independent steps to research the scam off the back of that advice, and stopped making payments to the scammer from then on. So, I’m persuaded that, had Santander intervened by calling Mr B as he was making the £6,500 payment, that intervention would have most likely prevented Mr B’s losses. Based on the above, I believe Santander should not be liable to refund the £3,000 payment. However, it should be liable to refund the £6,500 one. Did Mr B contribute to his own losses?

-- 5 of 9 --

I’ve thought about whether Mr B should bear any responsibility for his losses. In doing so, I’ve considered what the law says about contributory negligence, as well as what I consider to be fair and reasonable in all of the circumstances of this complaint, including taking into account Mr B’s own actions and responsibility for the losses he has suffered. I recognise that, as a lay person, there were aspects to the scam that would have appeared convincing to Mr B, such as the scammer stating they were working for a specific and genuine recruitment agency, and the scam platform coming across as legitimate looking in the first instance. However, the scam opportunity also presented itself with some very clear red flags from the outset, which I believe should have given Mr B great cause for concern. I’ll explain why. Firstly, I believe Mr B ought reasonably to have had concerns about the legitimacy of the job offer, given the requirement to send funds to acquire the profits he’d supposedly earned. Particularly as he was paying significantly more money to the scammer than he had been expecting to receive back. Moreover, Mr B had fallen victim to a scam only a couple of months before. Santander provided evidence to show that when Mr B reported the scam, the bank warned him against the possibility of scammers approaching him again via different scam scenario, and to be wary of contact out of the blue. So, I think receiving an unsolicited job offer via a social media messaging app, whilst he wasn’t looking for a job, should’ve been seen as even more unusual to Mr B, and should have led to him to look more deeply into this job offer. Even more so, when the scammer told him he could start working right away, without the need to carry out any ID checks, or sign an employment contract. The call with Santander supports that Mr B didn’t conduct any checks to verify the recruiter and trainer’s credentials and the moment he took such steps, the scam was easily unveiled. Overall, looking at the circumstances, I think Mr B should have, on balance, realised there was a possibility the situation was not genuine and acted accordingly, much earlier than he did. As such, it would not be fair to require Santander to compensate him for the full amount of his remaining losses. Weighing the fault that I’ve found on both sides, I’ve concluded, on balance, that a fair deduction would be for Mr B to bear 50% of his losses. Recovery I have thought about whether Santander could have contacted C to recover Mr B’s funds. But Mr B said he had moved the funds on from his cryptocurrency wallet to the scammer, so any recovery action from the point of reporting the scam to Santander would have not been successful, as no funds were left in Mr B’s wallet with C. So, I don’t think Santander could have done more to recover Mr B’s funds in this instance. Calculating the refund Before I proceed to explain how I think Mr B’s refund should be reasonably and fairly calculated, I’d like to address Santander’s concerns that Mr B hasn’t proved he sustained a loss through the scam. I disagree this is the case. Mr B has provided enough evidence to show that he was sadly targeted by unscrupulous

-- 6 of 9 --

scammers, by also sending screenshots of his cryptocurrency wallet app and what the scam platform looked like. Many of said screenshots show he converted his funds in cryptocurrency and then sent them to a third-party wallet, whose address was provided via chat by the scammer. Mr B’s scam chat transcripts further support that, since, up to the point of Santander’s intervention, they detail how Mr B had been following the scammer’s guidance to send funds to the scam platform. This supports the funds left Mr B’s wallet with C. Finally, Mr B didn’t have any experience trading cryptocurrency, and this is supported by his testimony during the fraud detection intervention with Santander, and the lack of cryptocurrency-related transactions from his account statements. Mr B was honest throughout his interactions with Santander and moved his funds from his wallet with C back to his Santander’s account immediately after the scam was unveiled. So, I find it implausible he would have kept any other funds within his cryptocurrency wallet to hide them from Santander. All of the above persuades me that, on balance, the transactions Mr B reported as fraudulent were genuinely lost to the scam. Moving on to the calculation of the redress, as mentioned above, Mr B received money back into his Santander’s account from his cryptocurrency wallet with C. Given Mr B was falling victim to a scam and his ‘job’ wasn’t genuine, I don’t think this money should be attributed to any specific payment. Instead, I think this money should be deducted from the amount lost by apportioning it proportionately across all of the payments Mr B made to the scam. This ensures that these credits are fairly distributed. To work this out, Santander should take into account all of the payments Mr B made to the scam, which I’ve set out in the table above. In this case, the ‘profit/returns’ received equals £1,432.04 and the total amount paid to the scam equals £10,672.00. Santander should divide the ‘profits/returns’ by the total amount paid to the scam. This gives the percentage of the loss that was received in ‘profits/returns’. Deducting that same percentage from the value of the £6,500 payment, gives the amount that should be reimbursed. Here the ‘profit/returns’ amount to 13.42% of the total paid to the scam. It follows that the outstanding loss from the £6,500 payment should be reduced by the same percentage. That means Mr B’s reimbursable loss is 86.58% of £6,500. However, As I’ve explained above, I also think that the amount reimbursed should be reduced by 50% to reflect Mr B’s contributory negligence. Please note that, for ease of reading, I’ve rounded the relevant percentages down to two decimal places, but Santander should perform the calculation I’ve set out above to arrive at a more precise figure, as I have done to arrive at the figure below. I therefore calculate the overall reimbursement due to Mr B to be £2,813.90.” Mr B accepted my provisional decision, but Santander has made some further submissions which I’ve summarised as follows: • It didn’t agree that the £6,500 payment required intervention.

-- 7 of 9 --

• Even if Santander had intervened, it disagrees that a verbal call was required and in any event there’s no way of knowing whether the scam would have been unveiled at that point. • Mr B should be liable for the entirety of the loss, as Santander had warned him about scams only a few months before. • Santander intervened at the right time. What I’ve decided – and why I’ve considered all the available evidence and arguments to decide what’s fair and reasonable in the circumstances of this complaint. I’ve considered all the available evidence and arguments to decide what’s fair and reasonable in the circumstances of this complaint. Having reviewed Santander’s submissions in full, they don’t make a material difference to my findings. I’ll explain why. Santander doesn’t think that the £6,500 payment required intervention, let alone human intervention, but I disagree for very much the same reasons I’ve already detailed in my provisional decision. As Mr B was attempting this transaction, the combined value of the payments he’d been making towards his cryptocurrency wallet was over £10,000, in less than three days. Mr B didn’t have a history of making any payments to cryptocurrency in the past, and the amounts steadily increased with every transaction. Given the amount, the recipient, and the pattern of payments that had emerged, I’m satisfied that Santander and its fraud detection systems had sufficient information at hand to identify that Mr B may be at risk of suffering financial harm from fraud or a scam. Due to the individual and combined value of the payment, especially when compared to Mr B’s genuine activity in the months before the scam, I believe that the proportionate step for Santander to take would have been to block the payment and query it further with Mr B. Santander argued that there’s no way of knowing that such intervention would have unveiled the scam, but I don’t think the evidence before me supports such finding. We do know that human intervention would have unveiled the scam, since that is precisely what happened when Santander intervened on the following payment for £13,000. Having listened to Santander’s intervention at that point, I think a similar level of questioning was warranted as Mr B was making the £6,500 payment. This is because, other than the difference in payment value, which in any event was still significant, all other fraud indicators were present at that stage already. I believe Santander took a harsh stance by suggesting Mr B should be entirely responsible for his own loss, given he had fallen victim to a scam previously and hadn’t put into practice the scam education he was given by Santander at that point. I have taken into account that Mr B received scam education after he fell victim to the first scam, when coming to the finding that liability should be equally shared between the parties.

-- 8 of 9 --

But I don’t agree that this means no further intervention would have made a difference in this case or that Mr B’s negligence was so serious to relieve Santander of any responsibility. Firstly, because we have tangible evidence that further intervention did break the scammer’s spell. Secondly, Mr B received the scam education a few months before he was scammed again, and I do expect Santander to know that scam warnings must be timely in order to be effective. Moreover, Mr B had fallen victim to a different type of scam previously. So, it would be unfair to exclusively place the onus on him to identify whether he may be scammed in the future when he’s not the industry expert and can’t be expected to be aware of all the different types of scams he may be exposed to. Santander owes a duty of care towards Mr B, and it can’t waive that by simply relying on scam advice it gave Mr B in unsuspecting and unrelated circumstances. In light of all of the above, I think it’s fair and reasonable Santander refunds 50% of Mr B’s £6,500 payment to the scammer, after having apportioned the returns Mr B received from the scam accordingly. Putting things right To put things right, Santander UK Plc should now: • Pay Mr B £2,813.90 along with 8% simple interest per annum from the date of the payment to the date of settlement* I consider that 8% simple interest per year fairly reflects the fact that Mr B has been deprived of this money and that he might have used it in a variety of ways. *If Santander considers that it’s required by HM Revenue & Customs to deduct income tax from the interest I’ve awarded, it should tell Mr B how much it’s taken off. It should also give Mr B a tax deduction certificate if he asks for one, so he can reclaim the tax from HM Revenue & Customs if appropriate. My final decision For the reasons given above, I uphold this complaint in part. Under the rules of the Financial Ombudsman Service, I’m required to ask Mr B to accept or reject my decision before 30 March 2026. Daria Ermini Ombudsman

-- 9 of 9 --