Bank wont refund me

[joelast]

Hello!
So i have a dispute with my bank regarding some payments taken out of my account. The bank says the Payment services regulations 2017 means that because a successful login has taken place at the time of these payments that means consent of these transactions?

does anyone know if this is true? What can I say to the bank to this? I have tried to say this is not me and they are refusing to refund me.

Can you give some more information about what exactly happened?

When you say you’re in dispute, Are you saying you didn’t make the payments?

OP what kind of payments are we talking about here?

Are we talking about bank transfers to other accounts or payments by card where authorisation was needed, and given by the account holder logging into the account?

yes i didnt make the payment but the records show someone logged into my online banking

Ok, as the OP hasn’t been back, if it’s shown that you have logged in at the time the transactions were made and that the transactions were authorised it’s going to be very difficult to prove that you didn’t authorise them.

Online banking has strict authentication, so for someone to have logged in as you they would need to have access to your login information.

If someone has accessed your device to authorise a transaction with face or finger print ID then you will have needed to give them access to it.

From what you’re saying here this is a case of someone actually having logged into your account to make these transactions, not someone who has cloned your card details to make them.

If someone other than you had access to your phone and potentially access to your banking app then you are culpable for any activity that happens on it. This is precisely why the banks state that no-one else should have a fingerprint or Face ID stored on your devices, because it can put the security of your banking at risk.

Could anyone else have access to your banking?

I was told they were international transactions made from my online banking transfer

Who has access to your device OP?

DP had this albeit with a card. Foreign transactions for a gaming service - PC games not betting.

Santander picked it up and left us a message as it was highlighted as not something we normally spend money on.

Refunded and new card issued.

What exactly were the sums you mention for?

Could a teenager have used your credentials or have you saved them on a PC someone else has access to?

why didnt they recognise it as a suspicious transaction? and do they usually make you do phone verification when you pay online?

no they did not inform me or send me any notification for approval. only after i complained have do they send me texts and passcodes whenever i login

A card is different. Unfortunately sometimes cards are cloned if you go on to a non secure website, or if you shop on a site which has had its data compromised.

OP says this was bank transfers, for someone to do that they would have to have access to her banking credentials, either by having access to her phone with fingerprint or Touch ID, or to her internet banking credentials such as names, customer references, banking passcodes or passwords or memorable data depending on who she banks with.

It is almost impossible to bypass that.

OP time to get the police involved, so you can get a crime reference number, then the bank will start taking you more seriously

Thank you for reply, I've been really stressed out ever since this has happened am also going to switch banks because of this. I have launched an appeal but banks want a good enough reason than me saying 'it wasnt me'' i guess my money is lost :(

Could anyone else have access to your online banking? This is really key.

How do you access your banking ? Via fingerprint? Is anyone else's fingerprint on your phone?

OP I would do a subject access request for your login data.

The bank will have a record of you having logged in, and they will be able to see details such as your device type, the browser if you logged in via the website, the IMEI of your device, if you logged into internet banking via a different device, the IP address where the logins occurred.

And I would be prepared for the possibility that this has happened closer to home and that something as simple as someone having access to your phone through face or fingerprint ID has meant that someone you know is responsible for this.

But if the data is different for those times then you will be able to see it and match it up. But chances are that the bank have already done so.

They will have reason to have rejected this claim, it’s likely because of the person actively having logged in which is virtually impossible.

every thing i read online says this

The onus is on your bank to prove why they’re refusing to refund you. Your bank will need evidence to prove you:

• authorised the transaction - but your bank can’t just say because your password, card or Pin were used that you authorised it.
• are at fault because you were ‘grossly negligent’. This is quite a high test.
• told your bank more than 13 months after the unauthorised transaction.

You can challenge the first and second points.

I think you need to concentrate your efforts on finding out who used your laptop/phone/pc/ipad to log in and make the transactions, which is the most logical explanation.

Where were your devices at the time the logins happened, who was in your house at that time? OH? Children? Friends? Childrens' friends? Workmen??

Do you ever use a works computer to do online banking? Would there have been anyone at work on the day/time of the logins who could have used your works PC?

Did you have your login details written down anywhere? Home? Work? Do you have "auto complete" turned on in any of your devices. Could someone have found your login details written down somewhere and copied/photographed them to use later?

If pressed, your bank will be able to provide you with IP address which will show where the log in occurred, which you can trace, i.e. whether it's your home or your workplace. They'll already know which is why they're refused to refund - if it was a login from abroad, it would flag up as such via the IP address that it wasn't one of your usual login locations.

This is why the OP needs to do a subject access request for the login data.

If the authorisation has happened on the OP’s own device that is proof that she authorised the transaction. This isn’t about having a pin or card details, this is about online banking.

Also if the OP has given fingerprint access to a 3rd party this could be considered to be grossly negligent, but if the login happened from the OP’s own device then number1 means that number2 doesn’t need to be proven.

If it’s been done on online banking, they’ll be able to see every single detail about the payments and the actual log in. They can even see what device was used. You’d have to do a dsar to get this information though, it wouldn’t be sent as part of the investigation.
If you’ve said no one knows your details or has access to your device, then you won’t be refunded as how could the payment shave been done?
You need to think whether anyone knows your details to have been able to make the payments. Even a friend or partner, as hard of a realisation that may be.

Thank you! i searched the sentence and it lead me to the FCA i will add this to my letter to them <3

So if it's a transfer done via online or the app, they will be able to see the registered devices and frequent IP address logins. There's also the biometrics in place if it's the app such as Face ID or print depending on your phone.

I would imagine they have checked the IP address of when the transactions were made and it matches the IP address for when you've successfully logged into the device as well. Likewise, they will be able to tell the browser and/or the phone make and model for the registration if it was an app transaction.

Is there anyone who has access to your phone? Is the country of the funds as you've said it was international transfers known to you/your family? Was it online transfers, transfers from their app or did you mean card payments to an international company?

Before you write to them, it is worth establishing if anyone could have accessed the accounts or not. That is what their position will rest on so no point ignoring it.

I think the OP knows who has used her bank account. But they won’t give the money back and so the OP has (wrongly) assumed that she can just go to the bank and claim that it’s fraud and they’ll give the money back no questions asked.

Fraud aren’t going to just hand back the money, they will investigate, and as soon as they have established that someone has logged into the OP’s account using her credentials they have clear evidence that the transactions were authorised on the OP’s device.

It may even be that the OP has transferred the money herself and has fallen out with the person she transferred it to, and again, has figured that going to the bank and claiming fraud means she’ll get the money back.