Revolut Ltd · DRN-5855004

The complaint Mrs C complains that Revolut Ltd has declined to reimburse payments she lost as part of a scam. What happened In May 2025 Mrs C received calls from scammers who told her that her money was at risk. They persuaded her to download a remote access app and a money remitter’s app. Mrs C is disputing several payments made to a money remitter totalling over £5,000. Initially Revolut declined to reimburse the payments on the basis they were confirmed in Mrs C’s banking app, and it didn’t have grounds for a valid chargeback. However, after Mrs C referred her complaint to our service, Revolut offered to reimburse half of the disputed payments as a gesture of goodwill considering Mrs C’s vulnerability at the time. Mrs C didn’t accept this offer – her representative said they accepted that our service wouldn’t be considering funds lost in the form of cryptocurrency withdrawals, but said Mrs C wanted Revolut to reimburse all of her loss fiat loss i.e. the card payments made in GBP. The investigator issued their findings on the matter – they explained they thought Revolut’s offer was fair in the circumstances, while they thought Revolut ought to have intervened to prevent Mrs C’s loss, they also thought Mrs C had some responsibility for her loss in the circumstances. Mrs C didn’t agree, her representative said they had provided evidence of the screensharing software used and that Mrs C’s judgement was affected by her cancer treatment making her vulnerable at the time. As an agreement couldn’t be reached the matter has been passed to me for consideration by an ombudsman. What I’ve decided – and why I’ve considered all the available evidence and arguments to decide what’s fair and reasonable in the circumstances of this complaint. I’m sorry that Mrs C has been the victim of a cruel scam and for the impact this has had on her. Having considered everything provided carefully I think Revolut’s offer to reimburse Mrs C 50% of the disputed payments is fair in the circumstances. I’ll explain why. For clarity, our service is only considering the disputed fiat card payments as part of this complaint totalling £5,250. And the offer available is £2,625. Has Revolut acted fairly in treating the disputed payments as authorised? Under the Payment Services Regulations 2017 (PSRs) – the starting point is that Mrs C is liable for authorised payments and Revolut is liable for unauthorised payments.

-- 1 of 5 --

Where a payment is authorised, that will often be because the customer has made the payment themselves. But there are other circumstances where a payment should fairly be considered authorised, such as where the customer has given permission for someone else to make a payment on their behalf or they’ve told their payment service provider they want a payment to go ahead. Here Mrs C says she didn’t make any of the payments herself, rather she received a call from a scammer and downloaded remote access software which gave them control of her device. She also downloaded the app for the money remitter, and this is what was used to make the disputed payments. Mrs C says she didn’t know the scammer could obtain her secure information when she typed in her passcodes. She recalls being told her funds were being returned to her in £350 instalments and was shown successful payments, but now realises these were actually payments from her account to the newly set up account in her name with the money remitter. Revolut says that the payments were made using Mrs C’s card and each payment was also confirmed in Mrs C’s banking app as part of a stronger authentication process known as 3DS. It has provided evidence that Mrs C’s banking app was accessed using her passcode and that this is where the payments were confirmed on Mrs C’s device. Revolut also declined some payments and blocked the merchant, but this was unblocked when the payments were confirmed as genuine in Mrs C’s banking app. It has shown that the user in Mrs C’s banking app went through an automated process where they were asked a series of questions about the payment purpose and shown warnings. Revolut concluded that Mrs C took these steps herself under the coaching of the scammer and said it has systems in place that restrict what can be seen in its banking app when remote access is detected – this includes it’s 3DS screen and scam warnings. Where evidence is incomplete, missing or contradictory, I need to determine what I think is more likely than not to have happened. I do this by weighing up what I do have and making a finding on the balance of probabilities. Unfortunately, we may never know exactly what happened, but I’ve considered carefully what Mrs C’s representative has provided about remote access software alongside what Mrs C recalls from the time and the evidence presented by Revolut. I’m mindful that Mrs C was on the phone to the scammer for a long time and by her own admission followed their instructions blindly due to her belief that they were helping her. I understand she acted out of panic as she was told someone was taking her money. Having done so, I think it’s more likely than not that it was Mrs C who logged into her Revolut banking app and confirmed the disputed payments. I accept she did this under the heavy coaching of the scammer and from how she has described events she likely did so believing she was confirming refunds into her account rather than out of it. It’s possible the scammer used Mrs C’s card information in her app with the money remitter to give the initial instruction and that her role was limited to confirming them in her Revolut app. This is because Revolut has told our service that it’s 3DS screen would automatically appear blank if screen sharing or remote access software was detected. Mrs C has also told our service that her screen didn’t go blank, rather she recalls being shown verification for several £350 payments and being told this was going back into her account. This doesn’t mean that I don’t believe that Mrs C gave the scammers remote access to her device. It’s possible they disconnected and reconnected during the call to facilitate what they were doing.

-- 2 of 5 --

Bearing in mind Mrs C’s vulnerabilities at the time, including that she has described having brain fog, I do accept that she didn’t appreciate what was happening at the time. However, Revolut wasn’t aware of this at the time, and it’s 3DS screens are clear that it is asking its customer whether they want a payment to go ahead or not (including information such as the merchant and payment amount). As I’m persuaded Mrs C did confirm this, I think it is fair for Revolut to rely on that as Mrs C consenting to the payments at the time. For these reasons, while I understand Mrs C thought she would be receiving her money back, I think Revolut can reasonably treat the payments as authorised in the circumstances. Did Revolut miss an opportunity to prevent Mrs C’s loss? In broad terms, the starting position at law is that an Electronic Money Institution (“EMI”) such as Revolut is expected to process payments and withdrawals that a customer authorises it to make, in accordance with the PSRs and the terms and conditions of the customer’s account. But, taking into account longstanding regulatory expectations and requirements, and what I consider to be good industry practice, Revolut ought to have been on the look-out for the possibility of fraud and made additional checks before processing payments in some circumstances I wouldn’t have expected Revolut to be concerned by the first payment, due to its relative low value and the fact it was confirmed in Mrs C’s banking app. When a second payment was attempted soon after for the same about Revolut declined it and blocked the merchant. It was only after someone engaged with its questions about the payments, was shown scam warnings, and confirmed they wanted to unblock the merchant (all in Mrs C’s banking app) that the merchant was unblocked and a further payment was allowed. So, I think initially Revolut intervened proportionately. As the payments continued, I think Revolut ought to have recognised Mrs C was at a heightened risk of financial harm from fraud and done more to intervene and establish the circumstances surrounding the payments. However, I’m not going into detail about when, how and why I think this would have prevented Mrs C’s loss because Revolut has already made an offer for 50% of Mrs C’s loss. And so, the issue I must consider is whether it’s fair for Revolut to have held Mrs C responsible for 50% of her loss. Should Mrs C bear any responsibility for her loss? In considering this point, I’ve taken into account what the law says about contributory negligence as well as what’s fair and reasonable in the circumstances of this complaint. I accept that Mrs C was manipulated into taking the steps that she did and I’ve thought carefully about the vulnerabilities Mrs C and her representative have share that impacted her judgement at the time. Mrs C was socially engineered and was acting under pressure on the belief that her money was being taken, so she thought there was an urgency to act. It isn’t my intention to blame Mrs C for what happened as I do understand she is the victim here. In order to be fair and impartial, I must take into account that it was the scammer who created this situation, and when considering what redress to award I’ve needed to take into account where both Mrs C and Revolut’s ought reasonably to have done things differently and as a result have contributed to Mrs C’s loss. I’ve set out above where I think Revolut ought to have done more. But I also think there were several elements about what was happening and what Mrs C was asked to do that would

-- 3 of 5 --

have appeared suspicious to most people. And that a deduction of 50% is appropriate for the following reasons: • The scammer didn’t provide a cover story that would have appeared particularly plausible. While Mrs C was told someone was buying mobile phones using her account, it’s not clear how she thought the caller was able to stop or reverse this. • Mrs C wasn’t told (and didn’t ask) who she was speaking to or take any steps to verify the caller. Essentially the scammer didn’t impersonate anyone official or her banking providers. • The scammer doesn’t appear to have taken any steps to appear credible such as by number spoofing or showing an awareness of Mrs C’s banking information. So, it’s not clear how Mrs C thought they would know what was going on with her accounts or why they would be able to help her. • Mrs C provided remote access to the caller in the above context. She also downloaded apps and used her secure account information to access her banking apps while a third party that she hadn’t verified was accessing her device. This would have presented an obvious risk to most people. For these reasons, I consider Mrs C acted with negligence and as the payments couldn’t have been made without her involvement, in doing so she has contributed to her loss. Could Revolut have done anything else to recover Mrs C’s money? When Mrs C reported the scam, the payments had already been processed. This means Revolut couldn’t have stopped them even if they still showed as pending. As the disputed payments were card payments, the recovery option that would have been available to Revolut was through the chargeback scheme. The process is set by the card scheme provider to resolve payment disputes between customers and merchants – subject to the rules they set. As the scheme is voluntary and limited in scope, Revolut wouldn’t be expected to raise a claim that it thought had no prospect of success. Given how the payment was authenticated, it’s unlikely a chargeback on the grounds of fraud would have been successful under the scheme rules. And as the payments went to a genuine money remitter, they likely provided the relevant services at the time. So, for the reasons explained, I don’t think Revolut needed to do more to attempt to recover Mrs C’s funds once aware of the issue. Putting things right As I’ve explained, I wouldn’t have expected Revolut to have done more to prevent the first couple of successful payments but rather at a later point. And I’ve explained why I think it is fair for Revolut to deduct 50% from any award on the basis that she contributed to her loss. This means that it’s offer is higher than I would have awarded, even if I were to apply interest to the award. So, for these reasons, I think Revolut’s offer is a fair way to settle this matter. My final decision My final decision is that Revolut Ltd should pay Mrs C £2,625. Under the rules of the Financial Ombudsman Service, I’m required to ask Mrs C to accept or reject my decision before 27 April 2026.

-- 4 of 5 --

Stephanie Mitchell Ombudsman

-- 5 of 5 --