Unauthorised Transaction

Under the Payment Services Regulations 2017, a consumer is not liable for unauthorised payment transactions if they did not consent to or authorise the payment.

A bank is liable for unauthorised payment transactions unless the customer authorised them, and banks should raise chargebacks when there is any reasonable chance of success in recovering disputed funds.

A payment service provider is not liable for authorised transactions under the Payment Services Regulations 2017, even if the payer claims ignorance of the transaction details, where the formal procedure for authorization (using card and PI

Under the Payment Services Regulations 2017, a payment service provider is liable for unauthorised payments unless the consumer failed with intent or gross negligence to keep secure information safe.

A Lasting Power of Attorney grants legal authority to make transactions on an account, and such transactions are authorised under the Payment Services Regulations 2017 unless the bank is notified otherwise.

A financial services provider cannot hold a consumer liable for transactions they did not authorise where the provider fails to provide evidence of authorisation.

A cardholder who reports card loss through a family member within reasonable circumstances is not fairly held liable for unauthorised transactions that follow, even if not reported by the cardholder personally.

A payment transaction requires both authentication and consent; authentication alone is insufficient where evidence suggests the consumer did not consent to the payment.

In authorised push payment (APP) fraud cases, shared liability may be appropriate where the bank fails to identify unusual payment patterns despite the customer being deceived into approving the transaction.

An Electronic Money Institution must reimburse unauthorised transactions by customers who did not act with intent or gross negligence, unless specific regulatory exemptions apply.

A bank must verify that a person has actual authority to make transactions, and transactions made after that authority has ceased (such as after the account holder's death) are unauthorised regardless of technical authentication.

A bank must refund unauthorized transactions unless it can prove the customer made them or consented to them.

A financial institution is liable for distress and inconvenience caused by its mistake that enabled an unauthorised transaction, even where the immediate harm was perpetrated by a third party.

A card issuer must fairly assess whether a chargeback has reasonable prospect of success based on the applicable card scheme rules and the evidence available, including whether the merchant adequately disclosed its refund policy at the time

A financial services provider is not liable for unauthorized credit agreements resulting from third-party fraud, but must handle subsequent complaints and service recovery fairly and with appropriate diligence.

A financial institution is not liable for all reasonably foreseeable consequences of providing incorrect information; compensation should reflect the direct and reasonably foreseeable impact on the consumer, not remote or indirect consequen

Under the Consumer Credit Act 1974 section 84, a debtor can be held liable for credit card use by someone to whom they voluntarily gave possession of the card, even if induced by fraud.

A chargeback or fraud claim for a civil dispute between parties does not justify a building society debiting funds from an account when there is no evidence of actual fraud or mistake in the payment.

A bank that has refunded disputed fraudulent transactions fairly in full, including interest, has met its obligations where the fraud involved knowledge of the customer's PIN and telephone banking security details.

A financial institution must promptly process and refund clearly disputed fraudulent transactions and correct any resulting adverse credit reporting.

A bank is liable for unauthorised payments unless it can evidence the customer authorised them; for continuous payment authorities, the customer is liable for subsequent charges if they knowingly entered into the CPA with clear terms displa

A bank must not reinstate a disputed transaction after the chargeback period has expired without proper justification, and must communicate account changes securely and with adequate notice.

Under the Payment Services Regulations 2017, the payment service provider must prove a payment transaction was correctly executed, including that funds were dispensed without error.

A payment signed in a customer's name without their signature is unauthorised even if the signatory had general authority to transact on the account, and the bank must reimburse such payments regardless of strict time limits where the custo

A payment service provider is liable for unauthorised payments unless the consumer authorised them or failed with gross negligence to keep their card and security details safe.

A bank must prove that a cash withdrawal transaction was correctly executed and the cash was actually dispensed; absent such evidence, the consumer is not liable for unauthorized loss.

Payment service providers must refund unauthorised transactions as soon as practicable and no later than the end of the business day following awareness, regardless of merchant dispute procedures.

A service provider must prove both authentication and consent to establish authorisation; where a consumer reports theft and demonstrates plausible circumstances, the burden shifts to the provider to show the consumer consented to the trans

Payment service providers are liable for unauthorised transactions unless the consumer acted with gross negligence in safeguarding credentials or failed to notify without undue delay.

Payment Service Providers must reimburse victims of Authorised Push Payment scams unless they can demonstrate an exception applies, such as gross negligence in disregarding fraud interventions.

A bank must conduct additional due diligence checks on unusual payments made under a Power of Attorney to verify they are being made for the account holder's benefit and with their knowledge.

A chargeback under debit card scheme rules is limited to refunding the unused portion of cancelled services, not the full amount paid for a service that was substantially completed despite quality defects.

A customer is responsible for payments they have authorised using their genuine card and PIN, even if they were misled about the amount, unless the bank failed in its obligations under the Payment Services Regulations 2017.

Financial institutions must demonstrate successful execution of cash machine transactions under the Payment Services Regulations 2017; where evidence is insufficient, the consumer's consistent testimony should be credited.

A bank must handle fraud claims reasonably and provide fair compensation for distress and inconvenience, but compensation should be proportionate to the actual failings rather than all inconvenience experienced.

A bank is not liable for fraudulent transactions it didn't cause, but must act promptly to block compromised cards and issue replacements when notified of potential fraud.

Compensation for distress and inconvenience caused by a bank's errors in handling fraud complaints should aim to restore the consumer to their original position rather than being punitive.

A card issuer should keep a cardholder informed of chargeback claim progress and share merchant responses in a timely manner, though this procedural failure doesn't automatically make the bank liable for the underlying claim outcome.

A bank must provide sufficient evidence that an ATM transaction was properly executed and the cash dispensed; where evidence is incomplete, the burden of proof rests on the bank to demonstrate the consumer is liable.

A transaction requires both authentication and consent; consent is withdrawn when a cardholder declines a transaction, and a subsequent transaction without further authorisation is unauthorised.

A bank can decline to refund unauthorised transactions made with a physical card and PIN if there is no reasonable explanation for how a third party could have obtained them, but must refund unauthorised online transactions lacking addition

A bank may hold a customer liable for chip and PIN transactions only if they can demonstrate both that the customer's physical card was accessed and that there is a plausible explanation for how the PIN was obtained without the customer's k

A payment is authorised only if the customer gives consent in the agreed form and procedure; sharing OTPs does not necessarily constitute authorisation, and gross negligence (not mere carelessness) is required to hold a customer liable for

A bank must communicate clearly with customers about card replacement and fraud inquiries, but may reasonably require phone contact for security-sensitive matters rather than relying solely on email or chat.

A bank need not refund an unauthorised transaction if the genuine payee can return the funds to the account holder, resulting in no financial loss to the consumer.

A payment service provider must refund unauthorised transactions under The Payment Services Regulations 2017, but consumers are liable for transactions they authorised, even if subscription terms were unclear.

Under the Payment Services Regulations 2017, it is for the payment service provider to prove that a disputed payment transaction was authenticated, accurately recorded, and correctly executed.

A bank is required to refund unauthorised payments unless it can demonstrate the transactions were authorised by the cardholder, assessed on the balance of probabilities.

A payment is authorised when a customer approves it through strong customer authentication, regardless of whether they were deceived about the transaction's context.

A payment is only authorised under the Payment Services Regulations 2017 if the cardholder genuinely consented to the transaction in the form and procedure agreed with the bank.

A bank is entitled to hold a consumer liable for transactions that are technically authorised through proper security authentication, even if completed by a third party without the consumer's knowledge or consent.

A bank is not liable for unauthorised transactions where technical evidence, including 3DS verification and device identity verification, demonstrates the account holder likely authorised the transactions themselves.

A bank is only obligated to protect customers from financial harm where funds are demonstrably lost to fraud or scam; regulatory concerns about an investment type do not establish that a specific platform is operating fraudulently.

A bank is not obliged to refund losses from investment scams unless there is clear evidence the firm was operating fraudulently, rather than merely being a high-risk or unregulated investment platform.

A chargeback claim under MasterCard code 4853 must be made within 120 days of delivery or settlement date, not 540 days, and the 540-day limit applies only to specific ongoing service situations.

A bank can hold a consumer liable for disputed transactions if evidence shows it is more likely than not that the consumer made or authorised them themselves, as confirmed by the Payment Service Regulations 2017.

Account holders are liable for payments they have authorised; banks are liable for unauthorised payments under the Payment Services Regulations 2017, and the burden is on the complainant to demonstrate transactions were not authorised.

A bank is not liable for unauthorised payments if the account holder is unable to demonstrate that the transactions were genuinely fraudulent rather than authorised by them, particularly when security procedures were in place and followed.

A payment service provider may withhold details of its security decision-making where disclosure would objectively compromise security, even if the transaction was legitimate and not suspected fraud.

A payment service provider is entitled to hold a customer liable for transactions made with their genuine card and PIN in the absence of evidence of compromise or fraud.

Under Payment Services Regulations 2017 section 75, it is for the payment service provider to prove that a payment transaction was authenticated, accurately recorded, and correctly executed.

Under the Payment Services Regulations 2017, the payment service provider must prove a payment transaction was authenticated, accurately recorded, and correctly executed.

A consumer is responsible for transactions made with their genuine card and PIN that they authorized, even if coerced under threat of violence, as such payments constitute authorized consent under payment regulations.

A consumer is liable for authenticated transactions completed on their device unless they can demonstrate they were genuinely unauthorised and the bank failed in its obligations.

A payment services provider must process payments that a customer has authorised via chip and PIN, and cannot be held liable for merchant overcharging without proof of the agreed amount.

A payment is only unauthorised if it was not made or consented to by the account holder; the balance of probabilities determines liability based on available evidence.

Under the Payment Services Regulations 2017, a consumer is liable for authorised payments unless they can demonstrate the payment was made without their consent and they did not voluntarily disclose their security credentials.

Authentication via biometrics and digital wallet combined with the consumer's physical presence and initiation of transactions constitutes authorization even if the consumer was unaware of the transaction amounts.

A bank can hold a consumer liable for disputed transactions if evidence shows it is more likely than not that the consumer authorised them, even if made via their genuine device without clear evidence of compromise.

A payment transaction is authorised if authenticated with correct credentials and the payer consented to the use of their card details, even if they dispute the amount charged.

A consumer claiming unauthorised transactions must provide clear identification of disputed transactions and evidence that the card was compromised, not merely inconsistent accounts of who made the payments.

Under the Payment Services Regulations 2017, a payer authorises a transaction when the agreed procedure for payment is completed by the payer or someone acting on their behalf, regardless of whether the payer was aware of or understood the

Banks must refund unauthorised transactions under the Payment Services Regulations 2017, but are not required to prevent all unauthorised transactions from being processed if they comply with international card scheme rules.

A payment is only authorised if the payer both authenticates it (through their device and credentials) and consents to it; authentication alone does not establish authorisation.

A bank is not liable for unauthorised transactions authenticated with correct credentials if the consumer acted with gross negligence in storing security information accessibly.

A payment service provider is only liable for unauthorised payments if the customer did not authorise them, either directly or by sharing security credentials; where a customer cannot demonstrate a plausible explanation for how unauthorised

Under the Payment Services Regulations 2017, authorised payments made by the customer are the customer's liability, and consent is established when the payer completes the agreed procedure regardless of whether they acted under duress.

Card issuers must apply chargeback rules mechanically based on card scheme provisions, not consumer protection law, and may reasonably accept a merchant's defence when evidence is presented.

A bank must handle chargeback claims fairly and reasonably according to card scheme rules, though it is not required to guarantee success of the dispute.

A chargeback must be processed in accordance with Visa scheme rules using the correct dispute condition code, and the card provider must reasonably assess the likelihood of success based on available evidence.

A consumer is only responsible for transactions they have authenticated and consented to; authentication alone is insufficient to establish authorisation.

A consumer is only responsible for payments they have authorised or instructed, and must provide credible evidence of unauthorisation rather than testimony that is contradicted by contemporaneous recorded evidence.

Bank transfers to legitimate businesses that subsequently fail to deliver services are not covered by chargeback or fraud protections, so banks have no obligation to refund such payments.

Banks may block debit cards and transactions for suspected fraud without prior notice if security reasons prevent advance disclosure, provided they comply with account terms.

Under The Payment Services Regulations 2017, the payment service provider must prove that a disputed payment transaction was authenticated, accurately recorded, and correctly executed.

A bank is entitled to hold a consumer liable for transactions that are properly authenticated via chip and PIN, provided the consumer consented to the payment.

A private civil dispute between a consumer and a payee for non-delivery of goods or services does not constitute an Authorised Push Payment (APP) scam under the Reimbursement Rules, as APP scams require criminal deception about the identity

A consumer can be held liable for disputed transactions if they authorised them or allowed them to be made with their apparent authority, even if they did not physically execute them themselves.

Under the Payment Services Regulations 2017, it is for the payment service provider to prove that a disputed cash withdrawal transaction was correctly executed, to be determined on the balance of probabilities.

A consumer must provide credible evidence that disputed transactions were unauthorised and made without their knowledge or consent.