Financial Ombudsman Service decision

Nationwide Building Society · DRN-6093456

Unauthorised TransactionComplaint not upheld
Get your free legal insight →Email to a colleague
Get your free legal insight on this case →

The verbatim text of this Financial Ombudsman Service decision. Sourced directly from the FOS published decisions register. Consumer names are reduced to initials by FOS at point of publication. Not an AI summary, not a paraphrase — every word below is the original decision.

Full decision

The complaint Mr L has complained Nationwide Building Society had inadequate protection in place to prevent an unauthorised online transaction taking place on his card. What happened In August 2025 Mr L noted a transaction to an international online retailer (who I’ll call A) which he’d not made. He had withdrawn consent from A to use his previously stored card details and was concerned to see these had still been used. Mr L complained to Nationwide, firstly phoning his local branch. Nationwide noted there was no additional authentication carried out to process this transaction apart from the use of the genuine card details and 4-digit card security code. This transaction was refunded on 28 August. Mr L was unhappy with this outcome as he remained concerned about Nationwide’s failure to prevent the authorisation in the first place. He was also unhappy about the way his complaint was handled as he felt his local branch had fobbed off his concerns and was difficult to contact. Mr L brought his complaint to the ombudsman service. Our investigator didn’t agree with Mr L that Nationwide had done anything wrong. She wasn’t going to ask them to do anything further. Mr L disagreed with this outcome. He was still expecting compensation in the region of £300-500. He’d subsequently submitted a subject access request to Nationwide and believed the response he’d received was incomplete. An ombudsman has been asked to consider Mr L’s complaint. What I’ve decided – and why I’ve considered all the available evidence and arguments to decide what’s fair and reasonable in the circumstances of this complaint. Having done so, I’ve reached the same conclusion as our investigator. I’ll explain why. Where there is a dispute about what happened, I have based my decision on the balance of probabilities. In other words, on what I consider is most likely to have happened in the light of the evidence. When considering what is fair and reasonable, I’m required to take into account: relevant law and regulations; regulators’ rules, guidance and standards; codes of practice; and, where appropriate, what I consider to have been good industry practice at the relevant time. The regulations which are relevant to Mr L’s complaint are the Payment Services Regulations 2017 (PSRs). These primarily require banks and financial institutions to refund customers if they didn’t make or authorise payments themselves.

-- 1 of 2 --

Having reviewed the evidence – both Mr L’s testimony and Nationwide’s technical information – I don’t believe Mr L authorised this transaction. I accept he’d removed consent from A to use these card details. That said, he is aware that A’s terms enable them to continue to try to use card details previously stored. That wouldn’t, however, negate his withdrawal of consent to A to use his card details under the PSRs. I don’t know whether Mr L raised a dispute with A. It’s clear that the systems used to process the payment are predominantly within their control, so I believe they are the right avenue for Mr L to use when querying these. It’s important to note that Nationwide also accepted this transaction was unauthorised and refunded Mr L’s account practically as soon as he raised the dispute. I appreciate Mr L is concerned about the principle of Nationwide allowing his transaction to be processed despite it being unauthorised. Both Nationwide and our investigator have confirmed that some merchants are able to process transactions without additional customer authentication which is generally the use of a one-time passcode or authentication through a banking app. A falls into that category. This means that Nationwide is obliged to process the transaction in accordance with international card scheme rules. So I don’t agree that Nationwide failed to prevent an unauthorised transaction as Mr L claims – although I appreciate why he believes this. The important thing is whether Nationwide refunded the unauthorised transaction in line with the requirements of the PSRs. The evidence shows they did. There is no expectation on banks to prevent all unauthorised transactions. The PSRs exist to ensure that customers are refunded in the case where those unauthorised transactions do happen. I believe Nationwide has met the regulatory requirements here. I note Mr L’s concerns about how his complaint was handled. However, I can’t see this can be the case since a refund was provided within 48 hours of the initial transaction. Mr L may have preferred to have his local branch deal with his concern, but financial institutions often set up centralised mechanisms to deal with fraud claims. It is not our service’s role to tell financial institutions how to manage their fraud claim systems. Mr L has referred his complaint to the Information Commissioner’s Office about his subject access request. That is the correct body to deal with the specifics of this concern. I appreciate why Mr L was concerned about what happened. However, I won’t be asking Nationwide to do anything further. My final decision For the reasons given, my final decision is not to uphold Mr L’s complaint against Nationwide Building Society. Under the rules of the Financial Ombudsman Service, I’m required to ask Mr L to accept or reject my decision before 28 April 2026. Sandra Quinn Ombudsman

-- 2 of 2 --