Financial Ombudsman Service decision

Kroo Bank Ltd · DRN-5780355

Unauthorised TransactionComplaint not upheld
Get your free legal insight →Email to a colleague
Get your free legal insight on this case →

The verbatim text of this Financial Ombudsman Service decision. Sourced directly from the FOS published decisions register. Consumer names are reduced to initials by FOS at point of publication. Not an AI summary, not a paraphrase — every word below is the original decision.

Full decision

The complaint Mr M complains that Kroo Bank Ltd allowed transactions on his account which he says he didn’t authorise. Background The facts of this complaint are well known to both parties so I will only briefly summarise them here. Mr M says he received a call from somebody claiming to be from the FCA (based in Canary Wharf London). The scammer told him that there had been a fraudulent payment attempt on his account in Chicago. And that his card details might have been cloned at an airport. Mr M found the scammer very convincing and that he was calm and reassuring. He believed that this was a plausible story as he was in Italy at the time, had recently been at an airport and said he saw the declined Chicago transaction when he logged into his account. He has also explained that the scammer knew all of his card details which he had kept secure and didn’t share unless he was making a payment. He says that following the scammer’s advice, he was persuaded to transfer the funds to a different account that he thought was safe. Mr M says that he thought he was transferring funds to a safe account with the same bank. And that the name of the other financial institution was the name of the Kroo account Mr M was transferring funds to. Our investigator was persuaded that Mr M had, using his banking app, taken the steps needed to approve the transactions and that he understood that money was leaving his Kroo account. She was therefore persuaded that Kroo had acted fairly by treating the payments as authorised. She also wasn’t persuaded that the payments were suspicious enough in nature to warrant Kroo intervening before allowing the payments. Mr M disagreed and has requested an ombudsman review. What I’ve decided – and why I’ve considered all the available evidence and arguments to decide what’s fair and reasonable in the circumstances of this complaint. Under the relevant law – the Payment Services Regulations 2017 (PSRs) – the starting point is that Mr M is liable for authorised payments and Kroo is liable for unauthorised payments. So, I’ll address this point first. Can Kroo fairly treat the disputed payment as authorised? I accept that Mr M was the victim of a scam. He was told his Kroo account was unsafe and that he needed to approve a payment to move his money to a “safe” account. Mr M recalls taking steps in his mobile banking app, including pressing a button displaying the payment amount to allow a transaction to proceed. He believes that the funds were being transferred to another Kroo account and that the merchant’s name was the name of the account.

-- 1 of 3 --

Mr M said that the scammer already knew his card details and I think that is likely. There are many ways a fraudster could obtain this information without Mr M’s knowledge and I’m persuaded that that’s most likely what happened here, as Mr M only remembers approving payments in app and references the scammer knowing his card details. It doesn’t appear to be disputed that Mr knew he was approving payments knowing that the funds would be leaving his account. Kroo has provided evidence of the process Mr M would have followed to approve the payment in app. This included receiving a notification to confirm or cancel a payment, this notification had the amount and the merchant’s name, logging into the Kroo app using his security credentials, clicking “review” when the payment was showing in his pending transactions and being taken to a new screen. This screen was titled “please review your payment” and contains details of the payment amount and merchant for which Mr M would have needed to have clicked “confirm”. Kroo’s internal notes show that the confirm button was pressed for both transactions and that the payments were completed though Mr M’s app after he successfully logged in using his security credentials (it appears to have been his password). And as a result I’m satisfied, Kroo reasonably concluded that Mr M had authenticated the payments. I accept that Mr M was manipulated by a scammer and did not intend to send money to a third party. However Mr M knew that he was approving payments and I think it was reasonable for Kroo to rely on him confirming the payments as him giving consent to them, and therefore in treating them as authorised. The reasons for why he was making the payments, his understanding of the circumstances of the payment, or whether he appreciated that the funds would be permanently lost, aren’t relevant factors under the PSRs for determining whether Mr M consented to the payments. This is not intended to minimise the distress caused to Mr M – or the fact that he was the victim of a scam. However, applying relevant legislation – the PSRs, and for the reasons explained I’m satisfied that Kroo has fairly treated the payments as authorised. Did Kroo miss an opportunity to prevent Mr M’s loss? Having taken into account longstanding regulatory expectations and requirements, and what I consider to be good industry practice, Kroo ought to have been on the look-out for the possibility of fraud and made additional checks before processing payments in some circumstances. This is while meeting their obligation to promptly process payments that its customer instructs it to make. Kroo’s internal notes show that between 1.22pm and 1.25pm there were numerous transactions to the same merchant as the disputed transactions. Each of these transactions were for £0.00. Mr M has also provided screenshots showing the same. On the face of it this is unusual and we have asked Kroo for further information about this. Kroo has said that the reason the transactions were declined was because the billing address didn’t match the address on the Mr M’s account. The first disputed transaction for £629 happened at 1.33pm and the next disputed transaction for £161.99 occurred at 2.09pm. I’ve thought carefully about whether it is fair to say on balance Kroo should have intervened weighing up its obligations to process payments and carry out additional checks when it has fraud concerns. Having done so, I’m not persuaded that Kroo needed to intervene and do additional checks before allowing the payments. I say this considering the amounts involved, and the steps that Mr M needed to take to verify the payments in app on a device he had used previously (which would have reassured Kroo that he was aware he was making the payments). Even considering the numerous declined payments for £0, I don’t think this is

-- 2 of 3 --

enough to say that the two later payments to the same merchant were suspicious as to warrant further intervention by Kroo. In addition, while Mr M reported the payments relatively quickly, Kroo wouldn’t have been able to stop them as they had already been processed. This is the case even if they showed as pending. And this is reflected in Kroo’s terms which say “once you have instructed us to make a one-off payment you cannot cancel that instruction”. Should Kroo have done more to recover Mr M’s funds? Given they were card payments, the applicable route to recover the payments would have been the chargeback process. The rules are set by the relevant card scheme to settle disputes with the merchant. Kroo would only be expected to raise a chargeback if it thought it had a reasonable prospect of success. Given how the payment was authenticated, it’s unlikely a chargeback on the grounds of fraud would have been successful under the scheme rules. And as the payment appears to have gone to a genuine merchant (a digital money remittance service), there’s no evidence to suggest they didn’t provide goods or services in return for the payment - even if this was to someone else. So, a claim raised on that ground would also likely be unsuccessful. For these reasons, I don’t think Kroo needed to do more to attempt to recover Mr M’s funds once aware of the issue Kroo’s handling of Mr M’s request for reimbursement. I can understand Mr K’s frustration at what was a difficult and worrying time. However, I think his distress was primarily caused by falling victim to a cruel scam, rather than Kroo’s handling of his request for reimbursement. As such I’m not recommending compensation. I’ve also noted that Mr M has raised issues around a card being sent to him after he requested it not be. The investigator has directed Mr M to contact Kroo directly about this – as it’s a separate matter I will not be addressing this point within this decision. My final decision My final decision is that I do not uphold this complaint. Under the rules of the Financial Ombudsman Service, I’m required to ask Mr M to accept or reject my decision before 8 May 2026. Sureeni Weerasinghe Ombudsman

-- 3 of 3 --