Financial Ombudsman Service decision

TSB Bank plc · DRN-6169199

Unauthorised TransactionComplaint not upheld
Get your free legal insight →Email to a colleague
Get your free legal insight on this case →

The verbatim text of this Financial Ombudsman Service decision. Sourced directly from the FOS published decisions register. Consumer names are reduced to initials by FOS at point of publication. Not an AI summary, not a paraphrase — every word below is the original decision.

Full decision

The complaint Mr J complains that TSB Bank plc did not reimburse the transactions he says he did not authorise. What happened On 5 July 2025, 14 payments debited Mr J’s TSB account and went to a cryptocurrency wallet I’ll refer to as ‘K’. Mr J says he does not recognise these payments and did not carry them out himself. He highlighted that on 4 July, a similar payment to a cryptocurrency wallet was prevented by TSB’s security systems, but the later ones were allowed to go through. Mr J raised a disputed transactions claim with TSB, but they explained that there was no indication of any third-party involvement in the payments, so they declined to reimburse him. They also said that the earlier payment was stopped because the merchant was classed as a cryptocurrency merchant, which TSB does not allow payments to. However, the payments to K were not categorised as cryptocurrency payments, which is why they were processed without any intervention. Mr J referred the complaint to our service and our Investigator looked into it. During the course of the investigation, Mr J found additional payments to K that were made before 5 July, however TSB asked that these be raised as a new complaint so they could be looked into by their fraud team – as a result the Investigator did not include these in the review. Our Investigator issued a view explaining that the device used to make the payments was the same one that had been used on Mr J’s TSB account since December 2024, so it was most likely his own device. As Mr J had had said no one else had access to his device, which needed a PIN to access it, and no one else knew his TSB mobile banking log in details, they could not identify a clear point of compromise. So they thought it was more likely Mr J carried out the payments himself. Our Investigator also explained that it was reasonable TSB allowed the disputed transactions to be made without any intervention on them, as they did not flag as being cryptocurrency and the values were not so high that they appeared suspicious. Mr J disagreed with the findings and highlighted that his previous employers who he was taking to a tribunal had access to his building, and that they had hacked into his e-mail account. He therefore felt they had something to do with the disputed payments. As an informal agreement could not be reached, the complaint has been passed to me for a final decision. What I’ve decided – and why I’ve considered all the available evidence and arguments to decide what’s fair and reasonable in the circumstances of this complaint. Having done so, I have come to the same outcome as the Investigator for largely the same reasons, and there is not much more I can reasonably add to what has already been said. Generally speaking, TSB is able to hold Mr J liable for the disputed transactions if the evidence suggests it’s more likely than not that he made or otherwise authorised them

-- 1 of 3 --

himself. This position is confirmed in the Payment Service Regulations 2017 (PSRs) and the terms and conditions of his account. From the evidence provided by TSB, the payments were made using Open Banking, and these were authorised following a log-in on Mr J’s mobile banking app. While this is important, it isn’t enough on its own to say Mr J is liable for the transactions. TSB also has to show it’s more likely than not that Mr J himself made or otherwise authorised them. TSB has provided the log-in history for Mr J’s online-banking and Open Banking. These show that one device was used to authorise all of the transactions to K. The same device has been used on Mr J’s TSB account since December 2024 and has been used for other, genuine payments which Mr J has not queried. It was also the same device that was used to report the disputed transactions. With this in mind, I am satisfied this is most likely Mr J’s genuine device. Mr J has said his device is locked by a PIN, which no-one else has knowledge of. He has also said that no one else has access to his mobile phone. Mr J raised a claim with the bank that he used to credit his TSB account prior to the disputed payments to K, and he told that bank that that he lives alone. Mr J has also said that no one knows the log-in information to his TSB mobile banking app. With this in mind, there is no clear explanation as to how a third party could have gained possession of his mobile phone device, bypassed his PIN to gain access to the device and then bypassed the security detailed on his TSB mobile banking app to authorise payments to a cryptocurrency wallet, which normally have to be registered under the same name that the crediting account is in, in this case Mr J’s TSB account. All of this leads me to think it is more likely Mr J carried out the transactions himself. Mr J has said that the police are currently looking into his previously employers, as they have bullied him and gained access to his e-mail account, meaning they could also have carried out these transactions. However, I have seen no evidence to confirm what Mr J has said such as any documentation from the police of the tribunal service. In addition, TSB did not identify any malware or screen-sharing software that was in use on the device that made the payments. Finally, even if someone did gain access to Mr J’s e-mail account, it does not follow that they could also gain access to his mobile banking app as there are several additional layers of security that would need to be breached, but there is no evidence that happened. Mr J has also argued that as the initial payment on 4 July 2025 was stopped by TSB, the other payments to a cryptocurrency merchant on 5 July should also have been stopped. I can see that these payments were to two different merchants and TSB has explained that the initial merchant was categorised as ‘cryptocurrency’ on their systems, meaning any payments attempted to them were automatically stopped. However, K does not only deal with cryptocurrency and as a result, they were not categorised as ‘cryptocurrency’ on TSB’s systems. It is not my role to determine if TSB has fairly categorised merchants, and I can see they followed their internal processes when they did not automatically block the payments to K. Having looked at the overall value of the payments, I do not think they were high value or unusual enough to have warranted any other kind of intervention from TSB. I therefore think it is reasonable that TSB did not intervene in any of these payments, so I do not think they missed an opportunity to prevent any of these payments from being made. Having carefully considered all the evidence available to me, I think TSB have acted fairly in declining Mr J’s claim for the disputed transactions, on the basis I think it’s more likely he authorised for the payments to be made. My final decision I do not uphold Mr J’s complaint against TSB Bank plc.

-- 2 of 3 --

Under the rules of the Financial Ombudsman Service, I’m required to ask Mr J to accept or reject my decision before 28 April 2026. Rebecca Norris Ombudsman

-- 3 of 3 --