Fraud

Payment service providers must intervene in transactions presenting fraud risk and provide proportionate warnings, and under the CRM Code must reimburse fraud victims unless specific exceptions apply, such as the customer ignoring an effect

Financial institutions must take reasonable steps to protect customers from fraud, but customers must also exercise reasonable care and heed warnings; liability may be apportioned where a customer's contributory negligence is established.

A financial institution must evidence that the account holder knowingly applied for or benefited from the account; mere technical access or shared household use does not establish liability for fraudulent accounts.

Under the Contingent Reimbursement Model (CRM Code), a bank must reimburse customers who are victims of authorized push payment scams where the customer transferred funds believing they were for legitimate purposes that were actually fraudu

A lender is not liable for a business loan when the company director knowingly consented to the borrowing, even if the director was subsequently defrauded regarding the use of funds.

A bank should put a customer back as close as possible to their position before an error occurred, but cannot be held responsible for fraudulent actions of third parties or distress caused by circumstances beyond the bank's control.

Payment service providers must implement systems to detect and prevent fraud, and in some circumstances must provide additional warnings or checks before processing payments, even when customers have authorised them.

A bank must intervene with a telephone call when a transaction appears out of character, and such intervention could have prevented the fraud.

An Electronic Money Institution must monitor accounts and intervene to prevent fraud when payment patterns become suspicious, even if technically authorized by the customer.

Payment service providers must monitor accounts for signs of fraud and scams, and in some circumstances must intervene with additional checks or warnings before processing payments, even if the customer authorized them.

A lender must have proper evidence that a credit agreement was opened with actual or apparent authority of the consumer before pursuing them for the debt.

A lender is responsible only for delays within their control when removing a fraudulent CCJ; court processing delays remain the borrower's responsibility.

A regulated firm must carry out proper checks when setting up merchant services agreements and take responsibility for fraudulent applications made in a consumer's name, including mitigating subsequent harm.

A customer who authorises payments under duress remains legally responsible for those payments under the Payment Services Regulations 2017, as duress does not negate authorisation.

An EMI must take reasonable steps to detect and prevent unusual transactions that may indicate fraud, even when the customer has technically authorized the payment.

A bank signatory to the CRM Code must reimburse customers who fall victim to APP scams where funds are transferred to accounts opened by fraudsters using the customer's shared personal information.

A bank signatory to the CRM Code must reimburse customers for authorised payments made as a result of scams, unless specific exemptions apply.

A firm signatory to the CRM code must reimburse customers who are victims of scams where funds were transferred for what the customer believed were legitimate purposes but were in fact fraudulent.

A firm signatory to the CRM Code must reimburse customers who are victims of scams where funds were transferred for purposes believed legitimate but which were in fact fraudulent.

A bank may be liable to reimburse a customer for authorized payments made as a result of fraud if it failed to intervene when transactions were unusual and out of character.

A payment to a third party's client account held by an electronic money institution does not constitute electronic money held by the consumer, and the institution is not responsible for the third party's misuse of those funds.

Under the CRM Code, firms must reimburse customers for fraud losses on the balance of probabilities, and it is not necessarily appropriate to defer a decision pending completion of external law enforcement investigations.

A bank must refund unauthorised payments unless the consumer authorised the transaction or failed with gross negligence to protect their security details.

A bank must exercise reasonable skill and care to identify customers at risk of fraud and intervene before processing payments that show a pattern consistent with known scams.

Banks must monitor accounts for unusual transaction patterns consistent with known scams and take proportionate intervention steps, including additional checks and warnings, even for authorised payments when fraud risk is evident.

Banks must intervene in payments only where they have sufficient grounds to suspect fraud and such concerns would have been apparent through basic checks at the time of the transaction.

Payments authorised by a customer under the Payment Services Regulations, even if made as part of a civil dispute rather than an APP scam, fall outside the Faster Payment Scheme Reimbursement Rules and do not require reimbursement by the ba

A payment service provider must refund unauthorised transactions unless the account holder intentionally or with gross negligence failed to keep their security credentials safe.

A consumer who receives loan proceeds and uses them, even if obtained through fraud, may be held liable for the principal sum where evidence does not support claims of duress or coercion.

An EMI must monitor transactions for fraud risk and intervene proportionately when transactions appear unusual, but intervention should be proportionate to the circumstances and not all cryptocurrency payments warrant intervention.

Banks must identify and prevent sufficiently unusual or uncharacteristic payments to protect customers from fraud, but this must be balanced against not disrupting legitimate transactions.

A bank is not liable for fraud losses when the customer provides plausible explanations during fraud prevention checks, even if those explanations contain minor inconsistencies.

A payment only constitutes an Authorised Push Payment (APP) scam under the CRM Code if the recipient had a fraudulent purpose from the outset, which requires clear evidence of intent to defraud rather than mere civil dispute or poor service

A bank is expected to monitor accounts for fraud risks and intervene where payments are unusual or indicative of scams, but is not obliged to do so where payments are not sufficiently out of character or unusual.

A customer is generally responsible for a payment they have authorised, and a bank is not obligated to refund authorised card payments absent specific regulatory circumstances.

A financial institution is not liable for fraudulent account opening where the application appeared legitimate at the time, and the ombudsman does not award compensation for distress to estates of deceased complainants for events occurring

Authorized Push Payments made to the customer's own account fall outside FPS/CHAPS reimbursement rules, and a firm's intervention duty does not automatically create liability if the customer would likely have proceeded regardless.

A recipient bank owes no contractual obligation or duty of care to the payer of funds, and can only be held liable for losses if its failure was the direct and effective cause of the loss.

A hire agreement applicant can be held liable where the application used correct personal details, required banking app authorization, and the goods were accepted at delivery with a PIN sent to the applicant's verified mobile number.

An EMI must not take a customer's authorisation at face value where the pattern of transactions suggests the customer may be at risk of financial harm from fraud, particularly involving cryptocurrency.

A customer must provide sufficient evidence of their own losses to a scam, including clear documentation of payment sources and credits received, for a bank to fairly consider reimbursement.

An authorised push payment (APP) scam must be established with persuasive evidence before a bank can fairly be required to reimburse a consumer.

Banks are not liable for all romance scam losses when the consumer fails to act with reasonable care, particularly regarding unusual payment patterns and cryptocurrency transfers.

Authorized payments to legitimate suppliers for incomplete or defective work constitute civil disputes rather than fraud and are not covered by the CRM Code or Reimbursement Rules.

A bank must not process payments at face value when there are circumstances suggesting the customer may be at risk of fraud, particularly when payments show patterns typical of known scams.

A payment to a legitimate supplier for goods that are defective or unsatisfactory constitutes a civil dispute, not an APP scam, and falls outside the scope of the CRM Code reimbursement obligation.

An Electronic Money Institution must monitor accounts for fraud risks and provide warnings on initial suspicious payments, but is not responsible if a customer, deeply manipulated by a scammer, would not have heeded such warnings.

A bank is not obligated to provide a refund for buyer/seller disputes unless there is evidence of actual fraud or scam where funds are being lost to fraudulent activity.

A bank must exercise reasonable skill and care to identify potentially fraudulent transactions, but is not required to prevent all authorized payments even where a pattern suggests fraud risk.

A bank should intervene in payment authorization when it identifies customers may be at risk of fraud, particularly with cryptocurrency payments, even if the customer has authorized the transaction.