Financial Ombudsman Service decision

Santander UK Plc · DRN-6264141

Authorised Push Payment (APP) ScamComplaint upheldDecided 1 March 2026
Get your free legal insight →Email to a colleague
Get your free legal insight on this case →

The verbatim text of this Financial Ombudsman Service decision. Sourced directly from the FOS published decisions register. Consumer names are reduced to initials by FOS at point of publication. Not an AI summary, not a paraphrase — every word below is the original decision.

Full decision

The complaint Mrs A complains Santander UK Plc (“Santander”) has declined to offer her a refund after she was the victim of an impersonation scam. What happened I issued a provisional decision in March 2026 to explain why I thought Mrs A’s complaint should be partially upheld. And I said I’d consider anything else anyone wanted to give me before proceeding with my final decision. This is an extract from my provisional decision: “The details of this complaint are well known to both parties, so I won’t go into too much detail again here. However, in summary, Mrs A was the victim of a scam. She received a call from someone who said they were calling from the police but who we now know to be a fraudster. The fraudster told Mrs A her national insurance number had been suspended and she needed to make payments from her Santander account to the Chief of Police in order to prove she wasn’t money laundering and to avoid prosecution. Mrs A was told that once the transfers were complete, the funds would be transferred back into her account. At the time the scam occurred, Mrs A was new to the UK and English wasn’t her first language. She’s told us the person she was speaking with sounded professional and called from a number that was virtually the same as the genuine number used by the police - one digit was different. When Mrs A questioned this, she was told the caller was calling from an extension which accounted for the slight difference. Mrs A therefore accepted she was speaking with the police and went on to make the following payments as part of the scam: Payment No Date Payee Payment method Amount 1 04/05/2021 New Payee 1 Faster payment £998 2 04/05/2021 New Payee 1 Faster payment £1,999 3 04/05/2021 New Payee 1 Faster payment £2,999 When Mrs A was asked to make a fourth payment, she became suspicious and her husband contacted a friend who was able to confirm Mrs A was being scammed. Mrs A contacted Santander and raised a scam claim. Santander looked into Mrs A’s complaint and it acknowledged she had been the victim of a scam but it declined to offer her a refund of the amount lost. It said it had done all it could to prevent her from falling victim to the scam but when asked about the reason for the payments, Mrs A had misled Santander as to what they were for. It went on to say Mrs A had failed to carry out any reasonable checks before agreeing to transfer money out of her account.

-- 1 of 7 --

Unhappy with Santander’s response, Mrs A brought her complaint to this service with the help of a professional representative. One of our investigators looked into things. Our investigator didn’t uphold the complaint. They agreed with Santander that Mrs A had proceeded to make the payments without a reasonable basis for believing she was speaking with a police officer. They also thought Santander had done all it could to provide Mrs A with an effective scam warning at the time but this had not been possible because Mrs A had failed to provide an accurate reason for the payments when asked. Mrs A didn’t agree with the investigators opinion and as an agreement could not be reached, the complaint has been passed to me for a decision. What I’ve provisionally decided – and why I’ve considered all the available evidence and arguments to decide what’s fair and reasonable in the circumstances of this complaint. Having done so, I’m currently minded to reach a different outcome to the one reached by our investigator – I think the complaint should be partially upheld. I’ll explain why in more detail below. In broad terms, the starting position is that a payment service provider (in this case, Santander) is expected to process payments that its customer authorises, in accordance with the Payment Services Regulations, and the terms and conditions of the customer’s account. But where a customer made a payment(s) as a result of the actions of a fraudster, it may sometimes be fair and reasonable for a payment service provider to reimburse its customer, even though the payment(s) were authorised. Under the Lending Standards Board’s Contingent Reimbursement Model (“the CRM Code”), which Santander was a signatory of, it should reimburse customers who are victims of authorised push payment scams, except in limited circumstances. If Santander declines to reimburse its customer in full, it is for Santander to establish that one, or more, of the listed exceptions set out in The Code apply. Those exceptions are: • The customer ignored an effective warning in relation to the payment being made. • The customer made the payment without a reasonable basis for believing that: o the payee was the person the customer was expecting to pay; o the payment was for genuine goods or services; and/or o the person or business with whom they transacted was legitimate There are further exceptions within The CRM Code, but none of these are applicable here. Did Mrs A have a reasonable basis for belief? Santander can choose not to reimburse Mrs A in full if it doesn’t believe she had a reasonable basis for believing that the person she was paying was legitimate. It isn’t enough for Mrs A to have genuinely believed that she was paying a police officer to avoid prosecution, she had to have a reasonable basis for that belief. I have carefully considered the representations put forward by Santander and I agree this exception to reimbursement can be fairly relied on in the particular circumstances of this case. I’m not persuaded Mrs A had a reasonable basis for believing she was speaking with law enforcement. In reaching this conclusion, I’ve had regard to the scene that was set by

-- 2 of 7 --

the scammer and the impact I believe this reasonably had on Mrs A when acting ‘in the moment’. In particular, I have considered the following: • Mrs A appears to have believed the story presented to her by the scammers without seeking to independently verify what she was being told - despite the story provided to her being implausible. • It’s unclear how making payments out of her account would prove Mrs A wasn’t money-laundering - but Mrs A doesn’t appear to have questioned this. It’s also not clear why a police officer would need a member of the public to transfer money out of their bank account in order to support an investigation into their activities. • Mrs A was asked to not tell the bank the real reason for the payments when it asked. A genuine police officer would not ask a customer to lie to their bank but Mrs A doesn’t appear to have questioned this. Overall, I’m satisfied all of the above should’ve caused Mrs A to question what she was being told and prompted her to seek some additional verification from a trusted third-party before proceeding – especially given she was being asked to transfer the funds to a personal account in the name of an unknown person. So, whilst I acknowledge that Mrs A was unfamiliar with the UK banking system at the time and the number the scammer was calling from had essentially been spoofed, I’m satisfied Mrs A ought reasonably to have had concerns about what she was being asked to do and the reasons why right from the outset. There were several red flags here that should’ve reasonably given some cause for concern. Having taken everything into account, I’m satisfied Mrs A should’ve done more to ensure that what she was being told was genuine. Had she done so, I don’t think she would’ve proceeded to make the payments. And so, I can’t fairly say Mrs A had a reasonable basis for believing that the person she was speaking with was legitimate now. Santander’s obligations under The CRM Code The CRM code says that, where a firm identifies APP scam risks, it should provide “Effective Warnings” to their customers. It sets out that an Effective Warning should enable a customer to understand what actions they need to take to address a risk and the consequences of not doing so. And it says that, as a minimum, an Effective Warning should be understandable, clear, impactful, timely and specific. I’m not persuaded that there was anything about Payments 1 and 2 that should’ve put Santander on notice that Mrs A was at risk of financial harm from fraud. It follows that I don’t think Santander needed to provide Mrs A with effective warnings in relation to these payments. However, I am satisfied that Santander should’ve had concerns about Payment 3. This was now the third higher value payment being made to a new payee in the space of an hour, with the amounts steadily increasing in value each time. I think these are clear signs of possible financial harm and I therefore think Santander ought to have identified Mrs A could be at risk of an APP scam and it should’ve provided her with an effective warning in relation to this payment in line with the provisions of the CRM code. During the payment process, Mrs A was prompted, on screen, to select a reason for the payment from a list. Santander has said Mrs A chose “Paying family / paying a friend” from this list and was then shown a scam warning appropriate for the payment reason she had

-- 3 of 7 --

selected. Santander has acknowledged that this warning is unlikely to have be considered ‘effective’ under the CRM code but it doesn’t think it should be held liable for this because it was not possible for it to provide Mrs A with a warning specific to the scam she was falling victim to because he hadn’t been truthful about the reason she was making the payment. Whist I acknowledge the arguments put forward by Santander, the fact remains that under the CRM Code, Santander has an obligation to provide its customers with an ‘effective warning’ should it identify an APP scam risk in the payment journey. And, in this case, as the warning provided by Santander wasn’t specific to the type of scam Mrs A ultimately fell victim to, I’m not persuaded that the warning could be considered an ‘effective warning’ under the Code. So, I’m not satisfied Santander has been able to establish that Mrs A should not be reimbursed on the basis that she ignored an effective warning. I’ve taken into consideration what Santander has said about Mrs A deliberately misleading it about the payment reason in order to circumnavigate its security measures. However, I’m not persuaded that this is what happened here. Mrs A had very little knowledge of the UK banking system at the time of receiving the scam call and I’m not persuaded Mrs A had really thought about what she was being asked to or that she’d realised the significance of the question being asked. And so, in this particular case, I’m not persuaded Mrs A set out to deliberately mislead Santander, I think she was just following the instructions of the scammer. I also don’t think her actions prevented Santander from providing her with an effective scam warning. It follows that I’m not persuaded Santander can now rely on this exception to reimbursement. Could Santander have done anything else to prevent the scam? Overall, I’m persuaded Santander ought to have done more than it ultimately did to try and protect Mrs A from financial harm from fraud. Payment 3 was the third higher value payment being made to a new payee from this account in a short timeframe. Had Santander reached out to Mrs A, as I’m satisfied it should’ve done when she attempted Payment 3, and spoken with Mrs A about the payment at the time, I think the scam would’ve likely come to light. I’ve not seen any evidence that persuades me Mrs A wouldn’t have been truthful with Santander had she spoken with someone proactively and in real time. I’m therefore satisfied Santander would have been able tell Mrs A that she was most likely falling victim to a scam. However, that doesn’t mean I think Santander should be held entirely responsible for Mrs A’s loss now. As I’ve set out above, I think Santander met its obligations under the CRM Code in regard to Payments 1 and 2. I’m also satisfied it has been able to establish Mrs A didn’t have a reasonable basis for believing that what she was being told was legitimate. So I’m satisfied that a fair and reasonable outcome, in all the circumstances, would be for Santander to refund Mrs A 50% of her loss in regard to Payment 3 plus interest at the rate of 8% simple (calculated from the date the payment left the account to the date of settlement) and for Mrs A to bear responsibility for the remainder of her loss.” What I’ve decided – and why I’ve considered all the available evidence and arguments to decide what’s fair and reasonable in the circumstances of this complaint. Having done so, I’m minded to reach the same overall conclusion as I reached in my provisional decision. I’ll explain why below.

-- 4 of 7 --

Both Mrs A and Santander responded to say they didn’t agree with the findings reached in my provisional decision. Mrs A said: • It was the second payment and not the third that should’ve triggered an intervention by Santander and therefore her complaint should’ve been upheld from this payment onwards. • It was unreasonable to reach the conclusion that Mrs A should share liability for her loss with Santander. Mrs A was vulnerable to this particular impersonation scam at the time - she was new to the UK and not familiar with the UK banking system. She had also been taught to respect the absolute authority of requests from law enforcement so it was unreasonable to now reach the conclusion that she should have been able to protect herself from falling victim to this particular type of impersonation scam. Santander said: • It didn’t think this complaint should be upheld at all. It had presented Mrs A with on screen warnings at the time that prompted her to “make sure she hadn’t been contacted to move money, even by Santander”. This warning was specific enough to Mrs A’s circumstances that it should’ve made her stop, think and carry out some further checks on the person she was speaking with before she agreed to make payments. • Mrs A was able to consult with a solicitor when a further payment was requested. There was no reason why this action couldn’t have been taken before any payments at all were made. • There was no explanation in the provisional decision as to why I believed any other warning would’ve stopped Mrs A from making payments given that Mrs A had been instructed to lie to the bank – it took a conversation with a solicitor to ultimately uncover the scam. • It’s unlikely Santander would’ve been able to spot the scam given that Mrs A had lied about the payment reasons when asked. • The investigator had agreed with Santander that given what Santander knew about the payments at the time, it wouldn’t have been apparent to Santander that Mrs A was falling victim to a scam and that Santander had done all it could. They’d also agreed that the payments were not so unusual that Santander needed to contact Mrs A before they were processed on her behalf. The third payment wouldn’t have triggered Santander’s security systems as by this point as the payee had become a “trusted payee”. I’ll address each point in turn: I don’t agree with Mrs A that the second payment should’ve triggered intervention by Santander. It’s not unusual for customers to make multiple payments of this value in a day and I’m not persuaded that a pattern of fraud had started to emerge by this point. It was only when the third, consecutive higher value payment was requested that I think suspicions should’ve been raised. I also haven’t seen any evidence that persuades me Mrs A was vulnerable to the point she wasn’t able to protect herself from the scam. It’s clear Mrs A was able to question what she was being asked to do, she did so when the scammer requested a fourth payment and at this point, she was able to spot that something might not be quite right and reach out to a family friend to seek support. It would therefore be unreasonable to now reach the conclusion that Mrs A was unable to question what the scammers were asking her to do and speak with a trusted third-party when this was ultimately how the scam was uncovered.

-- 5 of 7 --

Turning now to Santander’s additional points. I explained in my provisional decision why I had reached a different conclusion to the one reached by our investigator. Whilst I acknowledged that Mrs A was provided with on-screen warnings by Santander at the time the payments were being made, I don’t think this was good enough given the clear risk that Payment 3 presented. Scammers are often able to manipulate their victims into moving past on-screen warnings and I’m satisfied that the activity on this account warranted a more tailored intervention. As I said in my provisional decision, Payment 3 was now the third consecutive higher value payment being made to the same new payee in a very short period. The value of the payments was increasing and a known pattern of fraud had started to emerge. The activity looked like Mrs A was being asked to make multiple payments to a new payee that were just under the value threshold to trigger a bank intervention. And so, I don’t agree that Santander did all it could given what it knew about the payments at the time. By the time Payment 3 was attempted, I’m satisfied that a known pattern of fraud had started to emerge and therefore Santander should’ve contacted Mrs A to discuss the payment with her directly before it was allowed to leave her account. Had a telephone conversation taken place with Mrs A, I’m satisfied the scam would’ve come to light. I also don’t agree that it “took a conversation with a solicitor” to uncover the scam. When Mrs A became suspicious of what she was being asked to do she called a family friend, in this case a solicitor, who would likely be able to give her some advice and at this point, the scam came to light. I’ve seen no evidence that persuades me that the same thing wouldn’t have happened had Santander had a similar conversation with Mrs A at the point she attempted to make Payment 3. Being asked to select payment reasons from a drop-down list on screen is very different to proactively discussing the activity on the account with a Santander agent. I haven’t seen any evidence that persuades me Mrs A would’ve lied to Santander had this conversation taken place. Santander would’ve been able to discuss common scam scenarios with Mrs A and provide with her with advice as to how to protect herself – as her friend did soon after. Mrs A hasn’t mentioned anything about being provided with a cover- story to give to the bank should it question her. And so, I’m satisfied that had Santander contacted Mrs A to discuss Payment 3, as I think it should’ve done, the scam could’ve been prevented from this point onwards. For the reasons I’ve set out above, I’m still of the opinion that this complaint should be partially upheld from Payment 3 and that Santander and Mrs A should share liability for the success of the scam from this point onwards. Putting things right I require Santander to refund Mrs A: • 50% of Payment 3 • Pay interest on the above calculated at a rate of 8% simple per annum calculated from the date the payment left the account to the date of settlement* *If Santander considers that it’s required by HM Revenue & Customs to deduct income tax from that interest, it should tell Mrs A how much it’s taken off. It should also give Mrs A a tax deduction certificate if she asks for one, so she can reclaim the tax from HM Revenue & Customs if appropriate. My final decision My final decision is that I partially uphold this complaint.

-- 6 of 7 --

Under the rules of the Financial Ombudsman Service, I’m required to ask Mrs A to accept or reject my decision before 28 April 2026. Emly Hanley Hayes Ombudsman

-- 7 of 7 --