Card Fraud

Banks must take reasonable steps to protect customers from fraud by monitoring for suspicious transactions and intervening where there are signs of financial harm, even for authorized payments.

Banks must balance their obligation to execute authorised payments promptly against their duty to intervene when transactions show signs of fraud under the Payment Services Regulations and Consumer Duty.

A financial institution must handle payment errors promptly, communicate clearly with the consumer, and cannot charge interest during a period where the firm's own error caused the problem.

A lender must take reasonable care that information reported to credit reference agencies is fair, accurate, complete and up to date, guided by industry principles for reporting arrears and defaults.

Banks must intervene with tailored warnings when cryptocurrency payments present an obvious risk of financial harm from common scam types.

Under the Payment Services Regulations, authorized payments are the customer's liability in the first instance, but liability may be shared where the bank failed to intervene despite having an obligation to identify potentially fraudulent t

A payment service provider must intervene and provide appropriate warnings when a customer's transaction pattern indicates elevated fraud risk, particularly for cryptocurrency payments involving significant sums.

A bank must intervene on authorised payments when it identifies clear fraud risk indicators such as cryptocurrency transactions, even if the customer authorises the payment.

A financial institution must intervene when payment activity gives reasonable grounds to suspect fraud risk, but liability may be shared where the consumer failed to recognise obvious warning signs.

Banks have a regulatory obligation to protect customers against fraud through Strong Customer Authentication and background security checks, and are not liable for inconvenience caused by legitimate security blocks.

A payment service provider must identify heightened fraud risk and intervene to prevent foreseeable harm, even where payments are technically authorised through valid authentication.

Financial institutions must make reasonable adjustments for vulnerable customers and provide clear, responsive customer service when security measures restrict access to funds.

Businesses must operate fraud-prevention systems to safeguard customers' money, and card restrictions triggered by automated fraud detection systems acting as designed are not unfair when the customer has accepted the relevant terms and con

Banks are not required to reimburse authorised payments made by consumers who have been victims of purchase scams, even if the payment was to a new payee or significantly higher than usual transaction patterns.

A financial institution may lodge a CIFAS fraud marker if there are reasonable grounds to believe an identified fraud has been committed and the evidence is clear, relevant and rigorous.

An insurer may cancel a policy where fraud or deliberate misrepresentation occurred, but must exercise this right fairly and reasonably in the particular circumstances.

Banks must balance fraud prevention against legitimate transaction processing, and are only liable if they fail to act on information that would reasonably alert a prudent banker to potential fraud.

Banks must have systems to identify out-of-character or unusual transactions that might indicate fraud risk, but are not required to intervene in all cases of customer-authorised payments.

A bank is not responsible for losses from investment scams unless the payment pattern was unusual enough to warrant additional fraud checks that might have uncovered the scam.

A bank may file a Cifas misuse of facility marker only where it has strong evidence of deliberate complicity in receiving fraudulent funds, not merely unwitting participation.

An EMI must process authorised payments but should intervene where larger payments indicate potential fraud risk, particularly where consumer responses to warnings do not match the actual scam risk.

A bank must have clear, rigorous evidence of deliberate dishonesty and complicity to file a Cifas fraud marker; unwitting receipt of fraudulent funds does not justify a marker.

Financial firms may apply security measures to block transactions as a fraud prevention measure, and the inconvenience caused by such blocks is a reasonably foreseeable consequence that does not automatically warrant compensation.

A lender may fairly record a fraud marker if it has reasonable grounds to believe fraud was committed and clear, relevant, rigorous evidence supports the marker in accordance with the National Fraud Database Handbook.

A creditor may fairly hold a consumer liable for a credit agreement opened in their name unless the consumer can provide sufficient evidence that it was opened without their knowledge or consent as a result of coercive and abusive behaviour

A payments provider must have systems in place to monitor accounts and intervene to prevent fraud, but intervention need only be proportionate to the circumstances and the level of risk indicated by the customer's responses.

A financial institution may fairly load a negative fraud marker on the National Fraud Database if it has clear, relevant and rigorous evidence that financial crime was committed and the account holder was complicit in receiving fraudulent f

Banks must monitor accounts for unusual transactions and intervene in suspected fraud, but are only liable if proportionate intervention would have likely stopped the scam.

Banks must monitor accounts for unusual transactions that might indicate fraud risk, but the starting position is that liability for authorised payments rests with the payer even if duped into making them.

A bank is not required to prevent payment where a customer has authorised a transaction unless the transaction itself appears suspicious based on the customer's account history and patterns.

A bank is not liable for authorised payments made by a customer to a scammer unless the bank failed in specific fraud prevention or recovery obligations.

Under the Payment Services Regulations 2017, authorization is a formal concept completed when the agreed procedure for payment is executed, and consent does not require awareness of transaction specifics or lack of impairment.

A bank may reasonably restrict account access and require payment pre-approval when it has genuine fraud concerns about a customer, provided such restrictions are proportionate and comply with account terms.

Banks are not liable for authorised card payments made by customers who have been duped into making them, unless the bank failed to act on information that ought reasonably to alert a prudent banker to potential fraud.

Banks must protect customers from fraud through adequate monitoring and checks, but customers must also exercise reasonable caution and bear some responsibility when warning signs are present.

A bank must process authorised payments, and a customer is presumed liable unless the bank should have identified a scam risk through additional checks or warnings.

A bank must provide proportionate intervention for suspicious payments, but is not liable for losses that such intervention would not have prevented, particularly where the customer actively evaded fraud checks from other firms.