Financial Ombudsman Service decision

Monzo Bank Limited · DRN-6104238

Unauthorised TransactionComplaint not upheld
Get your free legal insight →Email to a colleague
Get your free legal insight on this case →

The verbatim text of this Financial Ombudsman Service decision. Sourced directly from the FOS published decisions register. Consumer names are reduced to initials by FOS at point of publication. Not an AI summary, not a paraphrase — every word below is the original decision.

Full decision

The complaint Mr M complains that MONZO BANK LIMITED is holding him liable for transactions from his account which he says he didn’t authorise. What happened The detailed background to this complaint is well known to both parties. So, I’ll only provide a brief overview of some of the key events here. Mr M complained to Monzo because it was holding him liable for five card payments from his account dated on 15 October 2025 totalling £2,938.70, which he says he didn’t authorise and which shouldn’t have been allowed to debit his account. Monzo said that merchant category codes are assigned by the merchants themselves and if a company doesn’t have a gambling merchant code, it has no way of knowing that it's a gambling transaction unless the customer tells it. So, it wasn’t at fault for processing the transactions. It further stated that the account was being closed in accordance with its Terms and Conditions, and it wouldn’t be able to provide more information about the reasoning behind that or reverse the decision. Mr M wasn’t satisfied and so he complained to this service, explaining that he is sixteen years old and he didn’t authorise the transactions. He also complained about the decision to close his account. Responding to the complaint, Monzo said the transactions were authorised biometrically by 3DS, and there was only one device registered to the account, which was the same device Mr M had used to report the claim. So, an unauthorised third party would need to have had access to the Monzo app via Mr M’s phone to approve the transactions. It said that on 15 October 2025, £3,000 was credited to the account from Mr M’s own external account and he was required to send a video selfie, confirming he wanted to make a large payment. It pointed out that the fraud report was made on 15 October 2025, but Mr M later had said he didn’t discover the transactions until the following day. It said it had rejected the fraud claim and closed the account because it suspected first party fraud. Our investigator didn’t think the complaint should be upheld. She explained that Mr M’s banking app, genuine device and card details were used to make the transactions, so she was satisfied they were authenticated. She noted that when Mr M reported the payments, he confirmed his mobile phone and debit card were in his possession and that Monzo had shown that only one device was registered on the account, and that biometrics were enabled on the device. She also commented that there were two other transactions made during the relevant time which weren’t reported as fraudulent, showing Mr M had access to his mobile phone and accessed his banking app to make those payments.

-- 1 of 3 --

She explained that Mr M had transferred funds to the account from another account in his name on 15 October 2025, and the transactions were approved biometrically in the Monzo app. She said there was no explanation for how an unauthorised third party could have accessed the Monzo app and approved the transactions using Mr M’s biometrics, so she was satisfied the payments were authorised. Our investigator further explained that the merchants didn’t have MCC codes for gambling, so Monzo wouldn’t have known the transactions were being made to gambling merchants. And she was satisfied the account closure was in line with the terms and conditions of the account. Mr M has asked for his complaint to be reviewed by an Ombudsman. He’s argued that, due to his age, he cannot lawfully consent to gambling transactions. And he feels Monzo ought to have blocked the transactions because they were high value and occurred in rapid succession, almost entirely draining the account. He feels it’s unfair to conclude he authorised the transactions because he had his phone with him, arguing that the use of biometrics and 3DS approvals doesn’t conclusively prove he personally authorised the payments because devices can be compromised in multiple sophisticated ways. What I’ve decided – and why I’ve considered all the available evidence and arguments to decide what’s fair and reasonable in the circumstances of this complaint. Having done so, I’ve reached the same conclusion as our investigator. And for largely the same reasons. I know Mr M feels strongly about this complaint, and this will come as a disappointment to him, so I’ll explain why. I would like to say at the outset that I have summarised this complaint in far less detail than the parties involved. I want to stress that no discourtesy is intended by this. If there is a submission I have not addressed, it is not because I have ignored the point. It is simply because my findings focus on what I consider to be the central issues in this complaint. The disputed transactions Authorisation has two limbs – authentication and consent. So, Monzo needs to show the transactions were authenticated as well as showing Mr M consented to them. Monzo has shown Mr M’s banking app, genuine device and card details were used to make the transactions. So, I’m satisfied they were authenticated. But a payment out of someone’s account can only be treated as authorised if the payer has consented to it. So, I’ve gone on to consider whether I think Mr M consented to the payments and therefore whether they were authorised or not. Significantly, Monzo has shown that there was only one device registered to the account and Mr M has confirmed that his phone and card were in his possession. It was also used to approve two undisputed payments on 15 October 2025, and Mr M sent a selfie video earlier in the day when he asked Monzo to increase a payment limit to facilitate a larger payment. So, I’m satisfied the registered device was in his possession. Further, there was a credit into the account from another account in Mr M’s name a few minutes before the first disputed transaction, suggesting that whoever made the transactions also had access to Mr M’s external accounts. And Monzo has shown the transactions were

-- 2 of 3 --

authenticated on Mr M’s phone using biometrics. So, whoever, made the transactions accessed the Monzo app on Mr M’s phone biometrically to approve them. Overall, I consider there is no plausible explanation for how an unauthorised third party could have gained access to Mr M’s phone and approved the payments in the app biometrically and, having considered the evidence Monzo has produced, I think its more likely than not that Mr M made these transactions himself and therefore I’m satisfied it has shown they were authorised. Prevention Mr M feels that Monzo ought to have intervened to stop the payments, but I don’t think there was anything suspicious about the payees, it wouldn’t have known he was paying gambling merchants, and even though he was making multiple payments on the same day, there were sufficient funds in the account and the amounts such that Monzo ought to have made enquires before processing them. Finally, I’m satisfied the closure of the account in line with the terms and conditions of the account. For the reasons I’ve explained, I don’t think Monzo did anything wrong and so I can’t fairly tell it to do anything to resolve this complaint. My final decision My final decision is that I don’t uphold this complaint. Under the rules of the Financial Ombudsman Service, I’m required to ask Mr M to accept or reject my decision before 28 April 2026. Carolyn Bonnell Ombudsman

-- 3 of 3 --