Financial Ombudsman Service decision

Revolut Ltd · DRN-5794543

CryptoComplaint not upheld
Get your free legal insight →Email to a colleague
Get your free legal insight on this case →

The verbatim text of this Financial Ombudsman Service decision. Sourced directly from the FOS published decisions register. Consumer names are reduced to initials by FOS at point of publication. Not an AI summary, not a paraphrase — every word below is the original decision.

Full decision

The complaint An individual I’ll refer to as X complains that Revolut Ltd is hold her liable for payments which she says she didn’t authorise, and which were lost to a scam. What happened The details of this complaint are well known to both parties, so I won’t repeat them all again here. Instead, I’ve summarised the key events. X responded to an online advert for an investment opportunity which unfortunately appears to have been a scam. She says she initially paid £200, and also recalls being told she should invest £5,000, but didn’t agree to make further payments. X says she then saw the following funds had been exchanged to cryptocurrency (ETC) from her Revolut account and withdrawn to an external wallet: Transaction number Date Description 1 24 March 2025 £5,000 exchanged to ETH 2 24 March 2025 2.99654305 ETH withdrawn 3 25 March 2025 £19,000 exchanged to ETH 4 25 March 2025 6.36193454 ETH withdrawn 5 25 March 2025 5.14498493 ETH withdrawn 6 28 April 2025 £6,700 exchanged to ETH 7 28 April 2025 4.75932604 withdrawn X reported the matter to Revolut in May 2025 but it didn’t agree to refund her. Unhappy with its decision, she referred the matter to our service. Revolut disputed our jurisdiction to consider it, saying neither the exchanges from fiat to cryptocurrency (transactions 1,3 and 6) nor the cryptocurrency withdrawals (transactions 2,4,5 and 7) were a regulated activity or an ancillary activity. Our investigator agreed that our service didn’t have jurisdiction to consider the cryptocurrency withdrawals. But they concluded we could consider the earlier exchanges – in brief, explaining this was ancillary to payments services/regulated activities (such as accepting deposits). However, the investigator didn’t uphold the aspect of X’s complaint which we could consider. They didn’t think there was an explanation for how someone other than X could have completed these exchanges. And they also weren’t persuaded Revolut ought to have been able to uncover the scam – noting Revolut had requested information and spoken to X on 25 March 2025, and she had told it not to question her about what she was doing. X has appealed the investigator’s outcome. In summary, she says she wasn’t aware the calls with Revolut were about cryptocurrency, and also thought it was only about the £5,000 transfer (whereas it was prompted by transaction 4). She disputes making the payments – and says Revolut should have done more to protect her.

-- 1 of 4 --

What I’ve decided – and why To start, I want to make the scope of what I am considering clear. I can’t look at the cryptocurrency withdrawals; this isn’t a regulated activity. But what I can consider is Revolut’s actions and liability in relation to the cryptocurrency purchases made from X’s e- money account. I’ve considered all the available evidence and arguments to decide what’s fair and reasonable in the circumstances of this complaint. Having done so, I agree with the investigator’s overall conclusions that Revolut isn’t liable for the loss X is claiming for. I’ll explain why. In reviewing this case, I’m conscious X has provided detailed and extensive submissions on this matter. I want to highlight that, while I have carefully considered everything that has been submitted, my decision is focussed on the points I consider key to my determination – meaning not all information provided will be cited or commented on. This isn’t intended as a discourtesy, but reflects the informal nature of our service. In cases like this, I can’t be certain about what happened. So I’d also highlight that, where information is unclear or contradictory, I’ve decided what is more likely to have happened on the balance of probabilities. Is it fair for Revolut to treat the payments as authorised? X denies making any of the transactions aside from the initial £5,000 transfer – saying the remainder were made by the scammer. However, having weighed up all the information provided, I don’t consider there to be a plausible and likely explanation for how someone else could have made the remaining payments. This is because: • Revolut has provided audit information relating to how X’s account was being used during this period. This support that the transactions were being made from X’s usual device. From what we know about X’s device and its operating system, it looks unlikely a scammer would have been able to use software to gain full control of it remotely. • Even if such software was used, and the usual security was overridden to allow a third party remote control of X’s phone, Revolut has security in place to detect remote access software. This results in key screens showing blank – including some that were required to be completed to make the transactions X says were made by the scammer. So, it seems unlikely a scammer could have independently made these payments. • Having listened to X’s calls with Revolut, and having reviewed the in-app chat messages exchanged at the time, I don’t consider it credible that X wasn’t aware of the payments being sent on externally from Revolut. It was discussed that the funds were being sent on to a cryptocurrency wallet – and that she would need to provide records of this (which were then provided via in-app chat). • In relation to transaction 2, X says she was told she would need to then “sign” for the payment to go through – but she declined it. As above, I can’t look at the withdrawal specifically. However, I’d point out that from what I’ve seen from Revolut’s records, a truth statement would have been completed as part of processing the payment which required X to input her name.

-- 2 of 4 --

• Additionally, looking at the in-app chat discussion from the time, messages from X’s profile show awareness that these funds had been sent on, and didn’t dispute having done this. Some of the subsequent disputed payments were also discussed at this point. For example, X’s profile sent a screenshot showing the £19,000 being exchange to cryptocurrency – and that the funds were being sent on externally. • In the chat, it was also discussed that the funds were being sent to X’s cryptocurrency wallet (as had also been discussed over the phone). It’s difficult to reconcile all of this with X’s assertion that she never used the wallet. • I understand X disputes that she was the one accessing her profile and speaking to Revolut at this time – suggesting this was the scammer. However, I’m not persuaded that is the more likely explanation. From what X has told us about this scam, it’s unclear to me how the scammers could have accessed her profile to speak to Revolut. • Furthermore, while X says the language used isn’t consistent with her, I don’t share that impression. For example, I noticed the (mis-)spelling of Revolut used in the messages X disputes sending matches that used by X in undisputed messages before and after the scam. It would seem unlikely for a scammer to match her language to this level. • While X says she didn’t use the chat at all during this period until disputing the payments (in late May 2025), I can also see information was shared from her profile about a name change she had requested (which was also discussed in the calls). I don’t think a scammer would have sent these messages – which included providing identity information for X. Yet the messages were sent on 26 March 2025 and followed directly on from discussing some of the disputed account activity. I can’t be sure about what happened here. I suspect this may also be the case for X, as it’s clear she was being deceived by the scammers. However, having weighed up what she has told me, I don’t think I can rely on her assertion that she didn’t make these payments. On balance, I consider it more likely that she did authorise them – albeit due to being tricked the scam. Under the relevant regulations – the Payment Services Regulations 2017 (PSRs) – that means the starting position is that she is liable for them. Is Revolut at fault for X’s loss? While I’ve determined Revolut isn’t liable for the payments I can consider under the PSRs, I am persuaded, based on what I have seen, that the payments were the result of X falling victim to a scam. In line with longstanding regulatory expectations and requirements and what I consider to be good industry practice at the time, I’d expect Revolut to have been on the lookout for indications of fraud risks. If it failed to respond proportionately to such a risk, and doing so would have prevented X from incurring a fraudulent loss, it may fairly hold some liability for this. Given my remit here, I’ve considered whether Revolut ought to have done more when the exchanges were made – and whether that was likely to have prevented (some of) X’s loss. While Revolut didn’t complete further checks on the exchanges directly, I’m not persuaded that doing so would have prevented X’s loss. That’s because Revolut did identify some of the withdrawals as risky – and took steps to assess and warn X about this by speaking to her over the phone and via in-app chat.

-- 3 of 4 --

The messages I’ve seen between X and the scammers suggests they had successfully persuaded her to respond to these interventions in a way that didn’t make the true risk clear. In the calls, X was resistant to engaging with Revolut about what she was doing, and was adamant she should be able to make her own choice about how to proceed. I can’t see why X would have responded differently if Revolut had intervened further on the exchanges I can consider. While this is likely due to the social engineering tactics employed by the scammer, the way X responded to Revolut’s questioning made it difficult to get to the bottom of what she was doing – hampering its ability to protect her. I’m therefore not persuaded Revolut is at fault for not preventing X’s loss to the scam. It’s not within our service’s jurisdiction to consider Revolut’s efforts in respect of the cryptocurrency withdrawals, so I’m unable to scrutinise its actions in this respect. But for completeness, my understanding is that cryptocurrency transactions are not reversible – so can’t be recovered in the same way bank transfers sometimes can be (by contacting the receiving bank). I’m conscious X has lost out significantly here due to the cruel actions of a scammer. However, in considering Revolut’s role in what happened, I’m not persuaded it has acted unfairly in not refunding her or in how it has handled this dispute. I’ve therefore decided it doesn’t need to take action to resolve this complaint. My final decision For the reasons given above, my final decision is that I do not uphold this complaint. Under the rules of the Financial Ombudsman Service, I’m required to ask X to accept or reject my decision before 12 May 2026. Rachel Loughlin Ombudsman

-- 4 of 4 --