Authorised or Unauthorised?


f you have been the victim of fraud on your bank account, the first thing that you need to establish is: ‘Did you authorise the payment?’

It might appear to be a simple question but it is not uncommon for banks to claim that the customer authorised the payment when in fact they did not.

The FCA (Financial Conduct Authority) say that ‘consent’ (i.e. authorisation) must be “clear, specific and informed”.

In the case of a payment from a bank account I interpret this to mean that the message that you get from the bank asking for your authorisation must clearly show that:

  • you are authorising a payment
  • the value of that payment
  • a reference to the payee (the person or business to whom you are making the payment)

So, if you get a message reading: “Do you authorise the creation of a new payee?” this does not mean that you are authorising a payment to that payee.

If you didn’t authorise the payment then the Payment Services Regulations (PSR) say the bank must refund you unless you have “acted fraudulently or failed with intent or gross negligence to comply with the terms and conditions of your account”. (see section on Gross Negligence)

If you authorised the payment then the bank does not have to refund or reimburse you, but most banks have agreed to a voluntary scheme called CRM (Contingent Reimbursement Model) which means that if the fraud happened after 28th May 2019 and you have complied with certain simple conditions, then the banks will reimburse you if you are an individual, small business or small charity.

CRM is not retrospective, so I am challenging the banks to introduce a scheme to reimburse most historic cases of ‘Authorised (Push) Payment Fraud’ (APF) since January 2014. (see sections 10 Reasons and Banks - Grossly Negligent)