Santander UK Plc · DRN-5760665

The complaint Miss A complains that Santander UK Plc won’t refund money she lost when she was a victim of a scam. Miss A is represented by a firm I’ll refer to as ‘C’. What happened Miss A fell victim to job scam in October 2024. She’s explained that she saw an advert for a remote working opportunity on a legitimate job site. Having provided her contact details, the scammer then contacted Miss A and explained the role involved helping a well-known retailer increase the visibility of their products by completing ‘review’ tasks. In return, Miss A would receive commission along with a salary dependant on the number of days she worked. As part of the scam, Miss A received ‘package’ tasks that provided greater commission but also put her account into a negative balance. To rectify this, Miss A had to fund her account by purchasing crypto from a legitimate crypto provider that I’ll refer to as ‘X’ – which she then forwarded to the scam platform. Miss A transferred £6,840 to X, across seven transactions, between 9 and 12 October 2024. Miss A realised she’d been scammed when she continued to receive further package tasks and was being pressured into depositing more funds. It then became apparent she wouldn’t receive the promised returns. C complained, on Miss A’s, behalf to Santander in March 2025. They didn’t think Santander did enough to protect Miss A from falling victim to the scam. To settle the complaint, they wanted Santander to reimburse Miss A her loss from the scam – along with 8% simple interest and £300 compensation. Santander rejected the complaint, saying that the payments weren’t covered by any code/regulation which enables them to reimburse their customers as the funds were sent to an account in Miss A’s own name. They advised Miss A to contact the receiving bank/crypto provider. The complaint was referred to the Financial Ombudsman. Our Investigator upheld it in part. She said Santander should’ve carried out additional checks before processing some of the payments – with automated questioning and warnings provided for the fourth transaction, and a human intervention carried out for the sixth transaction. She thought the scam would’ve been uncovered had the human intervention happened. But she thought Miss A should take some responsibility for her loss too. So, she said Santander should refund 50% of the last two payments plus 8% simple interest. C confirmed Miss A’s acceptance. Santander disagreed with our Investigator. In short, they said: • These payments aren’t covered by the Payment Service Regulator’s (PSR) mandatory reimbursement scheme.

-- 1 of 5 --

• When the claim was raised, they directed C to contact the payment service provider (‘CB’) that processed the payments on behalf of X – as the loss arose from that account, not themselves. • CB are best placed to investigate the events that took place, including whether they’re covered by the mandatory reimbursement scheme. And so, they consider this is the best route for Miss A to obtain a full reimbursement. • Santander shouldn’t be liable for any of Miss A’s loss as it remained in her ownership when it was transferred. The matter has been passed to me to decide. What I’ve decided – and why I’ve considered all the available evidence and arguments to decide what’s fair and reasonable in the circumstances of this complaint. Having done so, I’ve come to the same outcome as our Investigator and for similar reasons. I’ll explain why. As Santander have said, these payments aren’t covered by the PSR’s mandatory reimbursement rules – as they were made to Miss A’s own account, with X, which is excluded. I’ve therefore considered whether it would otherwise be fair and reasonable to hold Santander responsible for Miss A’s loss. It isn’t disputed that Miss A authorised the payments from her Santander account. Generally, consumers are liable for payments they authorise and Santander are also expected to process authorised payment instructions without undue delay. However, taking into account the regulatory rules and guidance, relevant codes of practice and good industry practice, including the Consumer Duty, there are circumstances where it might be appropriate for Santander to take additional steps or make additional checks before processing a payment to help protect customers from the possibility of financial harm from fraud. I’ve therefore considered whether the payment instructions given by Miss A to Santander (either individually or collectively) were unusual enough to have expected additional checks to be carried out before they were processed. When considering this, I’ve kept in mind that banks process high volumes of transactions each day. And that there is a balance for Santander to find between allowing customers to be able to use their account and questioning transactions to confirm they’re legitimate – as it wouldn’t be practical for banks to carry out additional checks before processing every payment. By the point of these payments, Santander ought to have been familiar with the increased risk of multi-stage scams involving crypto for some time. I’m mindful that a significant majority of crypto purchases made using a Santander account will be legitimate and not related to any kind of fraud. However, we’ve also seen numerous examples of consumers being directed by fraudsters to move their money to a crypto provider before forwarding it on, a fact that Santander is aware of (and which is what happened here). So, taking into account all of the above I am satisfied that prior to the payments Miss A made, Santander ought fairly and reasonably to have recognised that their customers could be at an increased risk of fraud when using their services to purchase crypto, notwithstanding that the payment would often be made to a crypto wallet in the consumer’s own name.

-- 2 of 5 --

In those circumstances, as a matter of what I consider to have been fair and reasonable, good practice and to comply with regulatory requirements, Santander should have had appropriate systems in place for making checks and delivering warnings before they processed such payments. Here, while the first three payments Miss A made were identifiably going to a crypto provider, they were of a relatively low value. And so, considering there is a balance for Santander to find between questioning transactions and allowing customers to use their account without unreasonable friction, I don’t think Santander would’ve had enough reason to suspect Miss A was at risk of financial harm from fraud. This however, in my view, changed at the point of the fourth payment (£2,000) as it was a significant increase in value. The payments were also being made in a short period of time and incrementally increasing in value too – which can be indicators of fraud or a scam. And so, I think Santander should’ve warned Miss A before processing this payment. I’ve considered what type of warning would’ve been proportionate in this situation. And at that time, I think it would’ve been reasonable for Santander to have provided a scam warning tailored to the risk associated with the payment – doing this by asking a series of automated questions designed to narrow down the type of scam risk. But even if Santander had done this, I’m not persuaded this would’ve uncovered the scam or prevented Miss A from making the payment. This is because I’m aware, when asked about the purpose of the first payment, Miss A selected ‘Transfer to own account’. So, I think she would’ve answered similarly if questioned about the fourth payment. And while not an inaccurate response, it wouldn’t have put Santander on notice that Miss A was likely falling victim to a job scam. And I don’t think some of the common features of crypto scams that I would’ve reasonably expected Santander to bring to Miss A’s attention – such as celebrity endorsements, adverts on social media or the use of remoted desktop software – would’ve resonated with her as they weren’t relevant to her situation. So, I think Miss A would’ve likely gone ahead with the payment. I do however consider that a human intervention would’ve been appropriate, and proportionate to the risk associated to the payment activity, by the point of the sixth payment (also £2,000). This is because, by this point, Miss A had transferred over £5,000 to X – a newly added crypto payee – in less than 24 hours across five transactions. I think this type of account activity was unusual and out of character for Miss A and thereby warranted further intervention by Santander to better understand the surrounding circumstances of the payment (and those that preceded it). And I think a human intervention would’ve likely exposed the scam. I’ve no reason to consider Miss A wouldn’t have been open and honest with Santander if questioned about the purpose of the payment. And so, through appropriate questioning to establish the surrounding circumstances of why Miss A was making the payment, I think Santander would’ve become aware that she was purchasing crypto as part of a job that involved reviewing products. Santander ought to have identified Miss A was falling victim to a scam and, accordingly, it would’ve been reasonable for them to have warned Miss A against making any further payments. I think Miss A would’ve likely heeded such advice and so, I think Santander could’ve prevented her loss from this point onwards. I’ve thought about whether it would be fair to hold Santander responsible for Miss A’s loss. I’ve taken into account that the payments were made to Miss A’s crypto wallet with X before being forwarded on to the scam. But as I’ve set out in some detail above, I think that Santander still should have recognised that Miss A might have been at risk of financial harm from fraud when she made the sixth payment, and in those circumstances, they should have declined the payment and made further enquiries. If they had taken those steps, I am satisfied they would have prevented the loss Miss A suffered. The fact that the money wasn’t lost at the point it was transferred to Miss A’s own crypto wallet doesn’t alter that fact and I think Santander can fairly be held responsible for Miss A’s loss in such circumstances. I

-- 3 of 5 --

don’t think there is any point of law or principle that says that a complaint should only be considered against the firm that is the point of loss. I’ve also considered that Miss A has only complained against Santander. I accept that it’s possible that other firms might also have missed the opportunity to intervene or failed to act fairly and reasonably in some other way, and Miss A could instead, or in addition, have sought to complain against those firms. But Miss A has not chosen to do that and ultimately, I cannot compel her to. In those circumstances, I can only make an award against Santander. At which point, I would like to clarify that Miss A’s payments, while processed by CB, were made to X. CB acted as X’s payment service provider to facilitate transactions to their platform. I understand that Santander has argued that Miss A should contact CB as they consider they are best placed to investigate what happened, and to determine whether the payments are covered by the PSR’s mandatory reimbursement scheme. Although I’m not considering the actions of CB as part of this complaint, it seems unlikely that these payments would be covered under the reimbursement scheme – as, for the same reasons why Santander transactions aren’t covered by it, the funds were sent to an account in Miss A’s own name (which is excluded). In any event, I’m also not persuaded it would be fair to reduce a consumer’s compensation in circumstances where: the consumer has only complained about one respondent from which they are entitled to recover their losses in full; has not complained against the other firm (and so is unlikely to recover any amounts apportioned to that firm); and where it is appropriate to hold a business such as Santander responsible (that could have prevented the loss and is responsible for failing to do so). That isn't, to my mind, wrong in law or irrational but reflects the facts of the case and my view of the fair and reasonable position Ultimately, I must consider the complaint that has been referred to me (not those which haven’t been or couldn’t be referred to me) and for the reasons I have set out above, I am satisfied that it would be fair to hold Santander responsible for Miss A’s loss from the sixth payment onwards (subject to a deduction for Miss A’s own contribution which I will consider below). As I have explained, the potential for multi-stage scams, particularly those involving crypto, ought to have been well known to Santander. And as a matter of good practice and as a step to comply with their regulatory requirements, I consider Santander should have been on the look-out for payments presenting an additional scam risk including those involving multi-stage scams. I’ve thought about whether Miss A should bear any responsibility for her loss. In doing so, I’ve considered what the law says about contributory negligence, as well as what I consider to be fair and reasonable in all of the circumstances of this complaint including taking into account Miss A’s own actions and responsibility for the losses she has suffered. When considering whether a consumer has contributed to their own loss, I must consider whether the consumer’s actions showed a lack of care that goes beyond what we would expect from a reasonable person. I must also be satisfied that the lack of care directly contributed to the individual’s losses. Here, I consider that there were sophisticated aspects to this scam – including, for example, the scam platform showing Miss A’s funds being used to complete the tasks. I’m also mindful that Miss A found the opportunity through a legitimate job site, and so she would’ve understandably been reassured by this. I must however also take into account that Miss A was told she could earn a salary of £4,000 per month for working 30 to 60 minutes per day, as well as commission for completing the

-- 4 of 5 --

tasks. This amount of remuneration should’ve been seen as too good to be true for both the type of work – completing relatively simple tasks – and the little amount of time the job required. I also haven’t seen anything to show Miss A received a contract of employment before starting the job – which I consider a legitimate employer would be expected to provide. And the concept of falsely promoting products also ought to have been seen by Miss A as likely illegitimate. Furthermore, I think it would’ve been reasonable for Miss A to have questioned the legitimacy of the job opportunity given the requirement for her to purchase crypto to deposit into her account - as it is highly irregular for someone to have to pay to earn money (especially the amount Miss A did) as part of a job. Because of this, and taking everything into account, I think Miss A ought to have questioned the legitimacy of the job and taken steps to protect herself from the scam at the time – such as carrying out an online search on the employer or this type of employment. If she had, I think she would’ve become aware it was a scam and prevented her own losses. Therefore, on balance, I think it would be fair to reduce the amount Santander pays Miss A because of her role in what happened. Weighing the fault that I’ve found on both sides, I think a fair deduction is 50%. Putting things right I think it is fair that Santander refund 50% of the last two payments (£2,000 and £1,500) – £1,750. I also think Santander should add 8% simple interest to the payments to compensate Miss A for her loss of the use of money. My final decision My final decision is that I uphold this complaint in part. I direct Santander UK Plc to pay Miss A: • £1,750 – that being 50% of the last two payments. • 8% simple interest, per year, from the date of each payment to the date of settlement less any tax lawfully deductible. Under the rules of the Financial Ombudsman Service, I’m required to ask Miss A to accept or reject my decision before 26 February 2026. Daniel O'Dell Ombudsman

-- 5 of 5 --