Financial Ombudsman Service decision

Trading 212 UK Limited · DRN-6033471

Unauthorised TransactionComplaint not upheld
Get your free legal insight →Email to a colleague
Get your free legal insight on this case →

The verbatim text of this Financial Ombudsman Service decision. Sourced directly from the FOS published decisions register. Consumer names are reduced to initials by FOS at point of publication. Not an AI summary, not a paraphrase — every word below is the original decision.

Full decision

The complaint Mrs C complains Trading 212 UK Limited (“Trading 212”) allowed transactions amounting to £2,400 to debit her account which she did not make or otherwise authorise. What happened The details of this complaint are well known to both parties, so I won’t repeat them in detail again here. However, in summary, on 11 September 2025, three transactions debited Ms C’s Trading 212 account which she says she did not make or otherwise authorise. The payments were made using a virtual card added to an unknown mobile phone that had gained access to Mrs C account. Mrs C says she only became aware of what was happening when she started to receive notifications on her genuine mobile phone about the activity on the account. Mrs C says she immediately reported what had happened to her to Trading 212. Mrs C said: • She had no idea how the fraudsters had gained access to her account, she believed she must’ve been hacked. • She didn’t make or otherwise authorise the transactions herself. • She was at the gym at the time the transactions were made and wasn’t aware anyone had gained access to her account. • No one had contacted her prior to the transactions, asked her to click on anything in her Trading 212 app or called her to try and gain access to her security information. She hadn’t clicked on any links received via text message or emails that may have led to the compromise of her account. • No-one had access to her mobile phone which was protected with biometrics and a numeric passcode. Trading 212 looked into Mrs C’s complaint. However, once it had completed its investigation, it declined to refund the disputed transactions. Trading 212 said that another device had accessed Mrs C’s account to but in order to do this, an unknown person would’ve needed her account username and password - and Mrs C had confirmed she hadn’t shared this with anyone. Trading 212 also said it had technical evidence which showed that the use of the new mobile device had been authorised using a code sent to Mrs C’s genuine mobile device – which Mrs C had also said no one had access to. For these reasons, Trading 212 was of the opinion that the transactions couldn’t have been completed without Mrs C’s input. Unhappy with Trading 212’s response, Mrs C escalated her concerns to our service and one of our investigators looked into things. Our investigator didn’t recommend that Mrs C’s complaint be upheld. In summary, they said they hadn’t been provided with a plausible explanation as to how Mrs C’s details / security information could’ve been compromised to allow unauthorised access to the account. Mrs C had said no one had access to this information other than her.

-- 1 of 3 --

Mrs C said she did not agree. She said she believed that the account had somehow been hacked. As no agreement could be reached, the case was passed to me for a final decision. What I’ve decided – and why I’ve considered all the available evidence and arguments to decide what’s fair and reasonable in the circumstances of this complaint. I’ve considered all the available evidence and arguments to decide what’s fair and reasonable in the circumstances of this complaint. Having done so, I have reached the same conclusion as our investigator and for broadly the same reasons. I have very little to add over and above what they have already said. However, I’ve set out a summary of my reasoning below. The starting position in line with the relevant legislation – The Payment Services Regulations 2017 – is that Trading 212 would be liable for any unauthorised payments, and Mrs C is liable for any authorised payments. A common situation in which a payment would be considered authorised is where a customer has made a payment themselves. But there are other circumstances in which a payment can fairly be considered authorised – such as where a customer has given permission for someone else to make a payment on their behalf, or where a customer has told their payment service provider that they want a payment to go ahead. In this case, I haven’t been provided with any explanation as to how Mrs C’s device and security information could have been compromised, so I can’t say that Trading 212 has acting unreasonably in not providing Mrs C with a refund. • Trading 212’s technical information shows me that another mobile device was able to gain access to Mrs C’s account but in order to do so, whoever was using the device would’ve needed her username and password, but Mrs C has said she didn’t share this information with anyone. So, it’s unclear how someone other than Mrs C could’ve gained access to her account. She was the only person who knew the security details. • In order to authorise the use of the other mobile device on Mrs C’s account, an authentication code was sent to Mrs C’s genuine device. So, whoever had gained access to Mrs C’s account using her genuine username and password would also have needed access to her genuine mobile device in order to authenticate the use of the new device. However, Mrs C has said her mobile phone was always in her possession and no one else had access to it at the time. She’s also said that it was protected with biometrics and a numerical passcode – which no one but her knew. So, based on Mrs C’s testimony, it wouldn’t have been possible for anyone else to gain access to her genuine device without her input or without her having shared her security information with them, which she’s told us she didn’t do. So, overall, I haven’t been presented with a plausible explanation as to how an unknown third-party could’ve gained access to Mrs C’s account security information including her username and password and then also be able to gain access to her genuine mobile device in order to make the transactions without her knowing. And like the investigator, without an

-- 2 of 3 --

explanation as to how an unknown third-party could’ve gained access to this information, I can’t say that Trading 212 has acted unreasonably in declining to offer Mrs C a refund of the amount that left her account now. So, whilst I am very sorry to disappoint Mrs C, I haven’t been able to identify a point of compromise that would allow access her account and so it wouldn’t be fair and reasonable for me to reach the conclusion that the transactions left the account without her authorisation My final decision For the reasons set out above, I do not uphold this complaint. Under the rules of the Financial Ombudsman Service, I’m required to ask Mrs C to accept or reject my decision before 28 April 2026. Emly Hanley Hayes Ombudsman

-- 3 of 3 --