DRN-6259966

The complaint Miss B complains that Santander UK Plc won’t refund the money she lost to a job scam. Also, about their service when she complained. What happened The detailed background to this complaint is well known to both parties. So, I’ll only provide a brief overview of some of the key events here. Miss B was actively seeking employment and was contacted by a representative (one of the scammers) of fake Company C. Miss B explains that she had to provide identification and she thought it was a legitimate remote commission-based job completing ‘simple tasks such as liking videos and sending screenshots as proof’. Miss B was told she had to pay money to complete tasks and, after receiving some small salary payments, she was encouraged to make higher payments to undertake tasks which had a promise of greater returns. Miss B paid the scammers in crypto through Firm M (a crypto exchange). She appears to have opened an account with them and then transferred funds from her Santander account. The following table shows the payments she made: Payment Number Date Payment Method Payee Amount 1 16/11/25 Card Firm M £100 2 16/11/25 Card Firm M £360 3 24/11/25 Card Firm M £280 Total £740 Miss B realised it was a scam when she spoke to her father. She then contacted Santander to claim a refund. But this was rejected. Santander didn’t think they were liable and they informed Miss B that card payments weren’t covered under any code or regulations for fraud or scams. Miss B complained to Santander about their decision but didn’t receive a response and this added to her distress. She then brought her complaint to our service. But our investigator didn’t think Santander ought reasonably to have identified a risk of a scam occurring and intervened at the time the payments were made. Miss B disagreed and when asking for an Ombudsman to make a final decision her points included the following: • ‘The pattern of transactions on my account was not typical. There were multiple payments made within a short period, including an initial failed transaction followed by further attempts’.

-- 1 of 4 --

• ‘Given the known risks associated with cryptocurrency transactions, combined with the pattern, timing, and repeated nature of the payments, I believe Santander should reasonably have identified a potential fraud risk and taken steps such as providing a more specific warning or intervention’. What I’ve decided – and why I’ve considered all the available evidence and arguments to decide what’s fair and reasonable in the circumstances of this complaint. Having done so, my decision is to not uphold this complaint. And I’ll explain why. I should first say that: • I’m satisfied that Miss B was the victim of a cruel scam and I’m genuinely very sorry to hear about her financial loss and the distress that she has experienced. • Unfortunately, the APP Scam Reimbursement Rules, introduced by the Payment Systems Regulator in October 2024, for customers who have fallen victim to an APP scam, don’t apply here. This is because the payments were made by card to Firm M. • Although I couldn’t see any information of Santander’s recovery attempts on the file, as Miss B’s funds went to the scammers in crypto a chargeback from Firm M wouldn’t have been possible as they provided the required service. And I wouldn’t have expected Santander to have been successful in recovering Miss B’s funds. • Regarding the service Miss B received when she made a refund claim and then a complaint. I found that Santander did make and communicate a rejection outcome saying they weren’t liable. Whilst I appreciate Miss B’s dissatisfaction with it, I’m satisfied their communication was clear and made in a reasonable amount of time. Unfortunately, the subsequent complaint emails Miss B sent weren’t received by Santander and, from the file information I’ve seen, this appears to be because of it being sent to a defunct email address. • The Payment Services Regulations 2017 (PSR) and Consumer Duty are relevant here. PSR Under the PSR and in accordance with general banking terms and conditions, banks should execute an authorised payment instruction without undue delay. The starting position is that liability for an authorised payment rests with the payer, even where they are duped into making that payment. There’s no dispute that Miss B made the payments here, so they are considered authorised. However, in accordance with the law, regulations and good industry practice, a bank should be on the look-out for and protect its customers against the risk of fraud and scams so far as is reasonably possible. If it fails to act on information which ought reasonably to alert a prudent banker to potential fraud or financial crime, it might be liable for losses incurred by its customer as a result. Banks do have to strike a balance between the extent to which they intervene in payments to try and prevent fraud and/or financial harm, against the risk of unnecessarily inconveniencing or delaying legitimate transactions. So, I consider Santander should fairly and reasonably: o Have been monitoring accounts and any payments made or received to

-- 2 of 4 --

counter various risks such as anti-money laundering and preventing fraud and scams. o Have systems in place to look out for unusual transactions or other signs that might indicate that its customers were at risk of fraud (among other things). This is particularly so given the increase in sophisticated fraud and scams in recent years, which banks are generally more familiar with than the average customer. o In some circumstances, irrespective of the payment channel used, have taken additional steps, or made additional checks, before processing a payment, or in some cases declined to make a payment altogether, to help protect customers from the possibility of financial harm from fraud. Consumer Duty Also, from July 2023 Santander had to comply with the Financial Conduct Authority’s (FCA’s) Consumer Duty which required financial services firms to act to deliver good outcomes for their customers. Whilst the Consumer Duty does not mean that customers will always be protected from bad outcomes, Santander was required to act to avoid foreseeable harm by, for example, operating adequate systems to detect and prevent fraud. Also, to look out for signs of vulnerability. With the above in mind, I looked closely at the three payments (and the declined payment) together with Miss B’s account activity and file notes (which didn’t show any record of a vulnerability) to consider whether Santander should’ve recognised Miss B could be at risk of financial harm and put in place interventions to protect her. Having done so, I wouldn’t have expected Santander to have intervened. This is because: • Although cryptocurrency transactions were new to Miss B and cryptocurrency does carry an elevated risk, it isn’t unusual for consumers to use or invest in cryptocurrency and it is common for them to use crypto exchange companies as crypto is legal. And Firm M is a legitimate crypto exchange. • I appreciate the payments were large to Miss B. However, Santander process thousands of payments each and every day and, as mentioned above, they have to strike a balance between the extent to which they intervene in payments to try and prevent fraud and/or financial harm, against the risk of unnecessarily inconveniencing or delaying legitimate transactions. • The payments amounts wouldn’t have appeared unusual as Miss B had previously made payments for similar amounts up to £400. • It wasn’t unusual for Miss B to make more than one payment to a payee and in this case there wasn’t a concerning pattern, such as a high velocity of rapid same day payments that were increasing in size. So, having considered the above and all the information on file, although I’m very sorry to hear about her financial loss and distress, I don’t think it is fair or reasonable to require Santander to provide her with a refund. My final decision For the reasons mentioned above, my final decision is not to uphold this complaint against Santander UK Plc. Under the rules of the Financial Ombudsman Service, I’m required to ask Miss B to accept

-- 3 of 4 --

or reject my decision before 15 May 2026. Paul Douglas Ombudsman

-- 4 of 4 --