Financial Ombudsman Service decision

TSB Bank Plc · DRN-5715430

Unauthorised TransactionComplaint upheld
Get your free legal insight →Email to a colleague
Get your free legal insight on this case →

The verbatim text of this Financial Ombudsman Service decision. Sourced directly from the FOS published decisions register. Consumer names are reduced to initials by FOS at point of publication. Not an AI summary, not a paraphrase — every word below is the original decision.

Full decision

The complaint Mr I complains that TSB Bank Plc is holding him liable for transactions from his credit card account which he says he didn’t authorise. What happened The detailed background to this complaint is well known to both parties. So, I’ll only provide a brief overview of some of the key events here. Mr I says that towards the end of 2023, he responded to an advert on social media about an investment opportunity. He expressed an interest and was contacted by someone who subsequently threatened to harm him and his family and to ruin his credit score if he didn’t give them his banking details. He says he gave the third-party personal information as well as access to his phone and wallet/bank cards, which enabled them to take out loans in his name and to make transactions from his accounts, which he says he didn’t authorise. In August 2024, he discussed the matter with his family and decided to inform his banks. He has since complained to this service about ten online card payments from his TSB credit card totalling £2,120.75 dated between 8 December 2023 and 23 January 2024. TSB has explained that Mr I had said he’d made the payments but that he was acting under duress, and so it was satisfied they were authorised. It confirmed the card payments had been made from IP addresses which matched those seen on its online audits, and the evidence showed the required security had been passed, supporting that Mr I had made the payments himself. Our investigator recommended the complaint should be upheld in part. He was satisfied the payments were authenticated using the correct card details and that Mr I had confirmed to TSB that he made the payments himself. He noted that all but one of the disputed payments were online card payments processed using an iPhone device which Mr I had repeatedly denied owning or having any knowledge of. He explained that the iPhone was registered to Mr I’s TSB account for online banking in December 2023. In addition, there was a call with Bank TB on 25 March 2024, where he confirmed he’d attempted a payment which was made from the same iPhone. So, he was satisfied Mr I at least knew about the iPhone. Our investigator further explained that during a call with Bank N on 6 August 2024, Mr I said he went into branch a couple of weeks before and that was when he first learned there was fraud on his account, but this wasn’t consistent with his description of having been physically assaulted by a third party. And on18 September 2024, Mr I told Bank N that he gave his card and PIN to the third party under duress, yet in an email to Bank M on 31 August 2024 he wrote: “The fraudster forcefully dragged me into his vehicle, locked the doors, and trapped me inside, leaving no opportunity for escape. While confined in the car, the fraudster explicitly threatened to harm my family if I refused to comply with his demands. During this time, he subjected me to relentless verbal and physical abuse, leaving me no choice but to obey out of fear for my loved ones”.

-- 1 of 4 --

He also observed that during the calls he’d listened to, Mr I sounded calm and relaxed, which wasn’t consistent with him having been coerced or threatened. He concluded that in the absence of evidence to prove that Mr I was threatened, assaulted and forced to make the payments, he couldn’t conclude they were unauthorised. Finally, our investigator wasn’t satisfied TSB had clear and rigorous evidence to justify applying a CIFAS marker against Mr I, and so he recommended that the marker should be removed. But he didn’t think Mr I was entitled to any compensation. Mr I has asked for his complaint to be reviewed by an Ombudsman, and TSB has said it wouldn’t look to remove the marker because the marker was added because Mr I was spending funds he wasn’t entitled to spend. What I’ve decided – and why I’ve considered all the available evidence and arguments to decide what’s fair and reasonable in the circumstances of this complaint. Having done so, I’ve reached the same outcome as our investigator. I would like to say at the outset that I have summarised this complaint in far less detail than the parties involved. I want to stress that no discourtesy is intended by this. If there is a submission I have not addressed, it is not because I have ignored the point. It is simply because my findings focus on what I consider to be the central issues in this complaint. Authorisation Authorisation has two limbs – authentication and consent. So, TSB needs to show the transactions were authenticated as well as showing Mr I consented to them. Authentication TSB has shown that the transactions were authenticated in the app using Mr I’s security credentials, and Mr I has told TSB that he made the payments himself (albeit under duress). So, I’m satisfied they were authenticated. Consent Most often the consumer will give consent to a payment transaction themselves by completing the agreed form and procedure. But the PSR 2017 do allow for payment transactions to be initiated by someone acting on behalf of the consumer. Where the evidence suggests that the consumer or their agent gave consent to a disputed payment transaction, we’ll usually find it was authorised for the purposes of the PSR 2017. If I accepted these transactions were made by an unauthorised third party, I could conclude they weren’t consented to, but I’ve carefully considered what Mr I has said and I’m afraid there isn’t enough to persuade me that HSBC has acted unreasonably in refusing to refund them. I have reached this conclusion for a number of reasons, including: • Mr I has suggested that he didn’t know about the disputed transactions until he contacted his banks, but this isn’t consistent with his account that a third-party threatened him to hand over his personal information, phone, wallet and bank cards. • Mr I says he didn’t own or know about the iPhone device that was used to process

-- 2 of 4 --

many of the disputed transactions, but he told TSB that he accepted having made transactions from that account which were made using the iPhone, and he accepted in a call with Bank TB on 25 March 2024 that he’d made a payment which had been attempted using the iPhone. So, I consider he has given misleading testimony about this device. • In a call on 28 June 2024, Bank F told Mr I that his account was in a negative balance, but he didn’t mention being physically assaulted by a third-party. In a further call with Bank F on 6 August 2024, he said a fraudster had forced him to hand over his online banking login details, but it was only when Bank F noted on 8 November 2024 that all the transactions were card payments, that he said the third party had physically taken his wallet. • Mr I hasn’t produced any evidence to support his complaint, for example messages from the third-party. I accept the social media platform might have deleted any messages that were exchanged on the platform and that the messages wouldn’t have been recoverable, but I think it’s implausible that he wouldn’t have any other evidence at all to corroborate what he has told us, especially as he says it occurred over several months. • In a call with Bank TB on 5 September 2024, Mr I said ‘the fraudster had me on the thing where basically he was gonna pay me back all the money he took off me, but he never did, [he] threatened me manipulated me but he was also nice to me at the same time’. This is inconsistent with Mr I not having consented to the transactions. • Many of the disputed transactions are transfers to accounts in Mr I’s own name and the spending took place over several months, which isn’t consistent with fraud. I accept this would have been a very stressful and confusing situation and that this might account for some inconsistencies in what Mr I has said to this service and to his different banks. But I can only base my decision on what I think it most likely to have happened, and I agree with our investigator that there are several instances where Mr I has given testimony which is either inconsistent or implausible and this makes it difficult for me to treat his testimony as reliable. Because of this, I don’t think it’s unreasonable that TSB treated these transactions as authorised, so I can’t fairly ask it to refund the money. The CIFAS marker TSB has explained that the CIFAS marker was loaded due to uncleared effects fraud, but to file such a marker, it would need show that there are grounds for more than mere suspicion or concern. Mr I's credit card statements show there was only one occasion when a direct debit was reversed, temporarily available funds were spent and, following the direct debit reversal, the account balance was over the credit limit. I’m not satisfied this is sufficient to meet CIFAS' standards because we would want to see a pattern of behaviour to show Mr I's was acting with intent and that he knew the direct debit would bounce, allowing him the opportunity to use the available funds. So, I agree with our investigator that TSB should remove the marker from Mr I’s credit file. I also agree with our investigator that Mr I isn’t entitled to any compensation. My final decision My final decision is that I uphold this complaint in part and direct TSB Bank Plc to remove the CIFAS marker from Mr I’s credit file.

-- 3 of 4 --

Under the rules of the Financial Ombudsman Service, I’m required to ask Mr I to accept or reject my decision before 30 March 2026. Carolyn Bonnell Ombudsman

-- 4 of 4 --