Financial Ombudsman Service decision

NATIONAL WESTMINSTER BANK PUBLIC LIMITED COMPANY · DRN-6251085

Unauthorised TransactionComplaint not upheld
Get your free legal insight →Email to a colleague
Get your free legal insight on this case →

The verbatim text of this Financial Ombudsman Service decision. Sourced directly from the FOS published decisions register. Consumer names are reduced to initials by FOS at point of publication. Not an AI summary, not a paraphrase — every word below is the original decision.

Full decision

The complaint Mr F complains NATIONAL WESTMINSTER BANK PUBLIC LIMITED COMPANY (“NatWest”) declined a legitimate card transaction he had attempted and that it has failed to provide a specific and comprehensible explanation for this. To put things right, Mr F wants (1) NatWest to provide a clear explanation, and at the least the category for why the transaction was declined; (2) NatWest to explain what steps Mr F can take to prevent similar legitimate transactions from being declined; and (3) consideration of an appropriate remedy for the disruption and inconvenience he’s been caused What happened The details of this complaint are well known by both parties, so I won’t repeat them again here in detail. Instead, I’ll focus on setting out some of the key facts and on giving my reasons for my decision. In November 2025, Mr F attempted to make a payment using his debit card to a merchant he had made payments to before. NatWest declined the payment. Mr F immediately raised this with NatWest, who told him it was due to bank policy. NatWest didn’t uphold Mr F’s complaint. In summary, NatWest made the following key points in several related responses: • NatWest’s system worked correctly when declining Mr F’s payment due to its policy. Bank policies are in place to protect both NatWest’s customers and it from harm, and to meet NatWest’s regulatory requirements • NatWest cannot provide specific details regarding the internal decision-making process or the exact policy under which the transaction was declined. That’s because such information relates to NatWest’s internal risk and security frameworks, which cannot be disclosed for security and regulatory reasons • The decision was made in line with NatWest’s obligations to comply with applicable laws, regulations, and internal risk management standards designed to protect customers and the financial system • The decision was based on NatWest’s internal security checks, which are designed to protect customers and the bank from potential fraud or misuse. These checks sometimes block transactions that appear unusual or carry certain risk indicators, even if the transaction is genuine • The block was not related to suspected fraud or sanctions, but rather a precautionary measure based on risk patterns. Whilst NatWest can confirm the reason at a high level, NatWest cannot share the exact factors or methods used, as doing so could weaken the effectiveness of these security measures • Transaction approvals can vary based on dynamic risk factors assessed at the time

-- 1 of 4 --

of processing. These factors may include, but are not limited to, transaction patterns, merchant risk profiles, and real-time security indicators. Therefore, previous approvals do not guarantee future outcomes, as each transaction is evaluated independently • NatWest is unable to provide any additional details beyond what it’s already communicated. Disclosing specific risk categories or internal criteria could compromise the integrity of NatWest’s security measures and fraud detection systems, which are designed to protect both its customers and the wider financial ecosystem. As per the Payment Services Regulations, NatWest are permitted to withhold certain information where disclosure would objectively compromise security. ln this case, providing further details would pose such a risk Mr F referred his complaint to our service. One of our Investigator’s looked into Mr F’s complaint, and they recommended it wasn’t upheld. In summary, the key findings they made were: • NatWest’s explanation is fair, and whilst it doesn’t provide a detailed reason for the block on the transaction, NatWest acted in line with its policy and terms. NatWest took the correct precautionary action to protect both Mr F and NatWest • Mr F hasn’t said any of his other payments failed, and this service isn’t able to make a finding on a hypothetical situation • NatWest acted fairly when suggesting alternative ways for Mr F to make payments to the merchant Mr F didn’t agree with what our Investigator said. In short, some of the novel points he made were: • NatWest confirmed in writing the transaction was declined not due to suspected fraud, sanctions, or criminal activity, but as a precautionary action under an internal discretionary security policy • Mr F’s concern is therefore not that NatWest intervened to prevent fraud or misuse, but that it confirmed the decision was discretionary. Whilst refusing to provide any meaningful explanation, even at a high-level category, for why the payment was declined • Under Regulation 97 of the Payment Services Regulations 2017, where a payment service provider refuses to execute a payment order, it must provide the payer with the reasons for the refusal unless doing so would be unlawful Our Investigator explained that they wouldn't be recommending NatWest provide any more information regarding their security policies and when these are applied. This information is commercially sensitive and providing details of when and how they are applied can leave a business and its customers vulnerable. As there was no agreement, this complaint has been passed to me to decide. What I’ve decided – and why I’m very aware that I’ve summarised the events in this complaint in far less detail than the parties and I’ve done so using my own words. No discourtesy is intended by me in taking this approach. Instead, I’ve focussed on what I think are the key issues here. Our rules allow

-- 2 of 4 --

me to do this. This simply reflects the informal nature of our service as a free alternative to the courts. If there’s something I’ve not mentioned, it isn’t because I’ve ignored it. I’m satisfied I don’t need to comment on every individual argument to be able to reach what I think is the right outcome. I do stress however that I’ve considered everything Mr F and NatWest have said before reaching my decision. I’ve considered all the available evidence and arguments to decide what’s fair and reasonable in the circumstances of this complaint. Having done so, I have decided not to uphold Mr F’s complaint. I’ll explain why. Banks in the UK, like NatWest, are strictly regulated and must take certain actions in order to meet their legal and regulatory obligations. They are also required to carry out ongoing monitoring of an existing business relationship, which includes transaction monitoring. Such measures allow NatWest and the wider banking system to protect its customers, and themselves, from financial harm. Unfortunately, that sometimes means banks need to restrict or refuse specific payments. The crux of this complaint is that Mr F feels NatWest has made an arbitrary and/or discretionary decision to not process his payment instruction to a merchant who he had made payments to before unhindered. Mr F has also pointed to specific regulations that he says compels, in these circumstances, NatWest to give him a detailed, specific and comprehensible reason. Mr F has pointed to regulation 97 of the Payment Services Regulations 2017. But that relates to how a PSP (Payment Service Provider) should process data: “A payment service provider must not access, process or retain any personal data for the provision of payment services by it, unless it has the explicit consent of the payment service user to do so”. It’s noteworthy that NatWest has given Mr F more detail on its decision to refuse his payment. I have distilled some of the key components here: - NatWest can’t give specific details as such information relates to its internal risk and security frameworks, which cannot be disclosed for security and regulatory reasons - NatWest’s checks sometimes block transactions that appear unusual or carry certain risk indicators, even if the transaction is genuine - The declination was a precautionary measure based on risk patterns - Transaction approvals can vary based on dynamic risk factors assessed at the time of processing. These factors may include, but are not limited to, transaction patterns, merchant risk profiles, and real-time security indicators - Disclosing specific risk categories or internal criteria could compromise the integrity of NatWest’s security measures and fraud detection systems, which are designed to protect both its customers and the wider financial ecosystem - As per the Payment Services Regulations, NatWest are permitted to withhold certain information where disclosure would objectively compromise security. ln this case, providing further details would pose such a risk NatWest has provided this service with more detail and supporting evidence as to why it refused to process Mr F’s payment. Having considered this, I’m satisfied NatWest acted fairly and reasonably in preventing the payment – and in the level of detail it gave Mr F about why it acted in this way.

-- 3 of 4 --

In reaching this determination, I’m satisfied that by giving any further information to Mr F could put NatWest’s security processes - which monitor payments for potential fraud and other related harm - at risk. This is commercially sensitive information which I think NatWest are obligated to protect. In reaching this finding, I’ve also considered the provisions of the account terms and conditions. In relation to this matter, section 5.3 “Limiting the use of your account or your services” says: We may suspend or restrict the use of your accounts, or certain services (such as your debit card or online banking) if: • we reasonably believe that your security details or debit card details haven’t been kept safe: • we reasonably suspect that your security details or your debit card have been used fraudulently or without your permission. • as a result of a change in the way you use your account or in your financial circumstances, we reasonably believe that you may have difficulty in meeting your commitments: • a restriction applies to your account (for example. we’re told about a dispute between Joint account holders. which means the account can’t be used until the dispute is resolved): • we reasonably believe it’s appropriate in order to protect your account: • you are no longer resident in the UK (and we are unable to operate your account in the same way as when you were resident in the UK): • you’ve broken any term of this agreement in a serious way, • we reasonably suspect that your account or any other account you had with us (or another member of NatWest Group) has been. is being or is likely to be used for an illegal purpose. • we reasonably suspect you’re involved in fraud or other serious criminal activity, or • we reasonably suspect thot by not taking these steps we might breach of law or regulation with which we must camply. We’ll explain why we’ve taken any of these steps, unless were unable to contact you or there’s a legal or security reason which means we can’t provide an explanation” I’m satisfied from the information I’ve been given, and that I am treating in confidence, that NatWest reason for not giving a more detailed reason is reasonable given the security risks posed to it. I’m also satisfied NatWest applied the terms of the account fairly when declining the payment instruction from Mr F. Treating information in confidence is a power afforded to me under the Dispute Resolution Rules (DISP), which form part of the Financial Conduct Authority’s regulatory handbook. As I don’t think NatWest did anything wrong, I see no basis to direct it to pay Mr F any compensation for the disruption and inconvenience he has suffered. My final decision For the reasons above, I have decided not to uphold this complaint. Under the rules of the Financial Ombudsman Service, I’m required to ask Mr F to accept or reject my decision before 28 April 2026. Ketan Nagla Ombudsman

-- 4 of 4 --