Wise Payments Limited · DRN-6259855

The complaint Mr M complains that Wise Payments Limited won’t reimburse money he lost to a scam. What happened On 13 March 2026 I issued my provisional decision on this complaint. I wanted to give both parties a chance to provide any further evidence and arguments before I issued my final decision. That provisional decision forms part of this final decision and is copied below. What happened On 16 May 2024, Mr M received a call from someone claiming to be Wise’s fraud department. The caller explained that there had been some unusual activity on his account and that a payment of £7,000 was about to credit an account at a different payment service provider (“PSP”), which I’ll call “R” – but the caller would help him get the money back. Instead, the caller, a fraudster, used Mr M’s Wise debit card details to make a series of online card payments – first to R and later to two different online retailers. For each successful payment (and some of those which failed) Mr M was sent a text message by Wise which contained a code needed to confirm the payment. Mr M admits he gave those codes to the caller. A table of the payments is set out below. Payment number Time Amount Payee/Merchant 1 12:39 £7,000 PSP “R” 2 12:48 £7,200 PSP “R” 3 12:56 £7,500 PSP “R” 4 13:12 £2,714 L Holiday Company 5 13:13 £1,286 L Holiday Company 6 13:23 £3,192 L Holiday Company 7 13:34 £483.01 L Holiday Company 8 13:52 £292.87 Z Fashion Retailer Total £29,667.88 Mr M reported the matter to Wise while the transactions were still pending. Wise said it couldn’t stop the pending payments. In response to his claim, Wise said that while Mr M had authorised the payments, it should have prevented the scam from the second transaction, but that Mr M should also bear some responsibility for what had happened. It paid Mr M 50% of the loss from the second disputed payment. Mr M referred the matter to our service. One of our investigators looked into the complaint and concluded that: - Mr M hadn’t authorised any of the payments in dispute. - Some of the payments Mr M made ought to be reimbursed because they involved

-- 1 of 8 --

“non-excepted distance contracts” but Wise could hold Mr M responsible for the rest because he’d failed to keep his account secure with “gross negligence”. - Had Wise warned Mr M when he made payment 2, the scam wouldn’t have come to light because Mr M was too under the thrall of the fraudster. - £100 in compensation should be paid to Mr M to reflect some service failings on its part. Wise disagreed. It argued that it had already paid more than the investigator thought it should have done, so it didn’t understand why it was being asked to pay more. Mr M also disagreed. He argued, in summary: - Labelling him as grossly negligent in circumstances where he was subject to manipulation was unfair, unsound and offensive. - Wise’s transaction monitoring systems were at fault for what happened and it was in breach of a broad range of regulations, rules and guidance. - He should be paid £4,500 in compensation for severe distress, reputational damage due to being described as grossly negligent and complaint handling costs. As no agreement could be reached, the case was passed to me for a final decision. What I’ve provisionally decided – and why I’ve considered all the available evidence and arguments to decide what’s fair and reasonable in the circumstances of this complaint. It’s important to stress that there are two potential bases for Wise to be held responsible for Mr M’s loss, namely: - Under the Payment Services Regulations 2017, the payments in dispute were not authorised by Mr M and he neither acted fraudulently or failed with intent or gross negligence to keep his personalised security credentials relating to his payment instrument safe and use his payment instrument in accordance with the terms and conditions governing its use. - Wise caused Mr M’s loss, for example by failing to recognise that he was at risk of financial harm from fraud and warning him before he attempted the payments. Did Mr M authorise the payments in dispute? In most cases authorisation will mean that an account holder has made a payment themselves or has given someone else permission to make a payment on their behalf. But there might also be circumstances where it is fair to treat a payment as authorised, for example where an account holder has told its payment service provider that they want a payment to go ahead (even if they did this accidentally or believing they were doing something else). There doesn’t appear to be any dispute that Mr M didn’t enter his card details onto the various different merchant’s websites. So he didn’t make the payments himself. It’s less clear whether Mr M gave permission for someone else to make the payments. Mr M denies this and it appears to be at odds with the premise of the scam (that Mr M needed to act to protect his funds and recover a fraudulent payment that had already taken place, rather than move his funds elsewhere). But Mr M took several different actions which, on the face of it, would be consistent with someone agreeing to the payments. He shared codes

-- 2 of 8 --

from text messages that referenced that his card would be used, he increased the payment limits on his account several times over the course of the scam and he moved some money between his account. As I’ll come onto discuss in more detail, Mr M can’t really explain most of these actions – other than that he was told to do them to secure his account. It's quite a finely balanced decision therefore on whether it’s more likely that, as Mr M says, he simply followed the instruction the fraudsters gave without any understanding that they would be making payments using his card or whether his actions are more consistent with someone who, for reasons unknown, agreed to let the payments take place. As Mr M has been entirely consistent in saying that he took each step to receive, rather than make, payments and has never mentioned that the fraudster required him to pay away funds, on balance, I think it’s more likely than not that Mr M did not give permission for these payments to take place. I’ve also thought about whether, despite this, it would be fair for Wise to treat the payments as authorised. There’s no evidence Mr M directly told Wise he wanted the payments to take place and I note that the text messages don’t contain details of the specific payment or the amount being paid. All things considered, I don’t think it would be fair or reasonable to conclude that by handing over the codes to the fraudster (or taking any of the other steps Mr M did), Wise could treat the payments as being authorised by him. So, I’m not persuaded that Mr M authorised the payments in dispute. Can Wise hold Mr M responsible for the unauthorised payments under the PSR 2017? Under the PSR 2017, a PSP can’t hold an account holder responsible if their payment instrument is used in connection with a distance contract, other than an “excepted contract”. I agree with the investigator that some of the payments are likely to have involved non- excepted distance contracts – namely those payments to a holiday provider and a fashion retailer. While it’s possible that the payments to the holiday provider might have been for package holidays (which are excepted contracts), that merchant offers a range of services and I haven’t seen enough evidence to say this is more likely than not. That means that Wise are responsible for payments 4-8. For the other transactions, I need to consider whether Mr M failed with intent or gross negligence to take all reasonable steps to keep safe his personalised security credentials or to use his payment instrument in accordance with the terms governing its use. I don’t think that Mr M failed with intent to keep his payment instrument or security details safe – he believed that he was acting to protect his account and speaking to his own PSP. On gross negligence the FCA says “we interpret ‘gross negligence’ to be a higher standard than the standard of negligence under common law. The customer needs to have shown a “significant degree of carelessness.” In relation to gross negligence, I’m only considering Mr M’s actions in relation to the first three payments – not anything that happened later. In terms of time, these are the events between approximately 12:29 (when Mr M first increased his card spending limit) and 12:56. During this period Mr M shared three one-time passcodes, increased the card spending limit on his account twice and moved some money between his accounts. I know that Mr M has been upset and offended by the use of the term gross negligence. But it is the wording used in the relevant regulations and it is the test that I must apply. To be absolutely clear, a finding of gross negligence is certainly not one of collusion. And being the victim of a scam, even one that involves impersonation and manipulation, as this one did,

-- 3 of 8 --

does not preclude me from reaching a finding of gross negligence. However, in this case, considering all of the facts, I’ve provisionally decided that Mr M was not grossly negligent. It’s important to keep in mind that Mr M had nothing to gain by following the fraudster’s instructions, other than keeping his money safe and ensuring the safe return of the money that he believed had already left his account. His actions must be considered in light of the fact that someone was actively misleading him, he was subject to significant social engineering and he was never presented with a counter-narrative by Wise that he was, in fact, falling victim to a scam. Mr M has said that he was “confused”, “in a bit of a state” and very concerned by the prospect of losing £7,000 – precisely the state of mind that the fraudster sought to engineer and one that was likely to make Mr M less able to clearly think through the actions he was taking. Mr M has, in my view, been limited in his recollections of exactly why he took certain actions. He’s said he was simply following the instructions of the fraudster in order to have money returned to his account. But I find it unlikely that he was given no reason at all to carry out those actions. More likely, I think, is that Mr M is no longer able to precisely recall why he was asked to complete those steps. I find that unsurprising. It wasn’t until April 2025 that one of our investigators had their first meaningful conversation about the events. Several more conversations followed, but on each occasion the events of May 2024 inevitably became more and more distant. It’s evident that Mr M was mistaken about certain aspects of the call with the fraudster when he spoke to us in 2025 – including its length (which he believed to be around 10 minutes). I think this illustrates how, through the passage of time, much of the detail has been lost. The most useful testimony, as far as I’m concerned, is that given by Mr M in the immediate aftermath of him reporting the scam. On 17 May 2024 there was an exchange of emails. Wise asked Mr M a series of eight questions about what had happened. While some of the answers Mr M gave are illuminating, the questions asked didn’t require Mr M to give very much detail and there were no follow-up questions. Wise did not ask Mr M about why he’d moved money between his accounts, increased his spending limits or why he’d given away the codes for so many different transactions. Had it done so at the time, I suspect Mr M would have been able to offer more of an explanation for those actions than he is able to do so now. That means his lack of detailed explanation for these actions now is not something that I put a huge amount of weight on. Mr M’s recollection is that the number he was called on showed as withheld (and that’s what he told Wise at the time) – so there was no immediate reason for him to believe the caller was genuine. However, he says that the caller knew certain personal information about him – including his name and card details. I think this is, on balance, likely to be true – his card details would have been necessary to process any payments and he denies giving the full details to the fraudster. Mr M has also said that the fraudsters appeared to be able to view the balances of his accounts, but it’s less clear how they would have been able to do this. Seemingly satisfied by the caller’s identity based on the information they knew about him, as well as seemingly alarmed by the attempts to take money from his account, Mr M then shared a code that Wise sent to him (prompted by an attempted payment). The text messages that Mr M received had the following format: This code will let you pay with your Wise card: [CODE] Never share this code with anyone, even a Wise employee

-- 4 of 8 --

During that email exchange in May 2024, Mr M told Wise that he said he “couldn’t give the number” to the fraudster, which suggests that he did read and understand the message (and given its length, it seems unlikely that he couldn’t have done). Mr M appears to have accepted the fraudster’s suggestion that the code was needed to verify that they were calling from Wise. Part of the reason for that acceptance, I think, is his belief that the messages were coming from the caller. I can understand why he thought this – those messages would have appeared just as the fraudsters claimed that they would and, in the moment, I can see why Mr M didn’t have any appreciation of the alternative explanation – that the fraudsters were generating the codes by attempting card payments. Moreover while it’s clear that the message was not for the purpose alleged by the fraudster and it contains a prohibition against sharing, it doesn’t contain the details of a specific transaction or an amount. It’s somewhat ambiguous as to exactly what will happen if the code is shared. Quite why Mr M shared the two further codes is unclear – but the first three codes were all sent in about 7 minutes. Mr M recalls that he was told that he hadn’t provided the codes quickly enough and he would need to provide another. That explanation would be consistent with him initially being reluctant to provide a code and it’s a trick that I’m aware fraudsters use. Overall, while sharing the codes despite the warning not to was, perhaps, a little careless, those actions took place in the context I’ve described and don’t, in my view, amount to gross negligence. As I’ve set out, what happened after that, and the question of whether the scam became less plausible as more and more codes were shared isn’t one that I need to address here. I’m satisfied that in relation to the first three payments Mr M wasn’t grossly negligent and should be reimbursed in full. That means overall, Mr M should be reimbursed in full for all of the payments in dispute. Should Wise have prevented the scam? Given that I think that Mr M should be reimbursed in full, it isn’t particularly necessary to consider whether it should have also prevented the scam. That said, I know that Mr M feels strongly about this, so I’ve gone onto consider the second question: whether Wise’s actions caused Mr M’s loss. Wise accepts that, from the second payment he made, it was responsible. But it argued that Mr M should bear some responsibility for his loss. Our investigator reached a different conclusion: Wise failed to monitor Mr M’s account for unusual activity, but its failure didn’t cause Mr M’s loss. I’ve considered the activity which took place on Mr M’s account in the previous six months prior to the payments in dispute. I can’t see that there were any payments of a comparable size to the first payment. In addition it used the entire balance of Mr M’s GBP account and required some funds to be taken from his USD balance. Overall I think there was enough risk attached to this payment for Wise to have declined it and to have provided a warning to Mr M. Had it done so, I think it’s more likely than not that the scam would have come to light. While it’s true that Mr M does appear to have been quite compliant to the fraudster’s instructions, there’s nothing to suggest that, if presented with an entirely different narrative – that Wise were not calling him and would not ask him to take the steps he was taking - he would have carried on regardless. Wise appear to have accepted this too.

-- 5 of 8 --

As my provisional decision is that Mr M should be reimbursed in full, I don’t need to consider the hypothetical question of whether any deduction would be made from Mr M’s reimbursement in the event that Wise were being held responsible for his loss on the basis that it should have prevented the scam. Other issues Mr M has asked me to award a considerable sum of compensation. I can only imagine how stressful the entire experience has been for him and I know that he’s been waiting a long time for a resolution. But I must separate the actions of Wise and those of the fraudster. The fraudster is principally to blame for the scam itself. And while I recognise that had Wise prevented the loss in the first place or had reimbursed him once he reported it, then much of that distress would have been avoided. It’s also true that I have concluded that, on balance it should have done that. Nevertheless, as I’ve set out, this is a finely balanced decision on a number of points. I would not punish Wise simply because it reached a different conclusion to the one I have reached, unless that outcome was wholly unreasonable. Neither can I award complaint handling costs given that our service deals with complaints free of charge. And the 8% simple interest I’m awarding compensates him for the time spent without his funds. Instead I’ve considered whether there were any specific service failings in the way that Wise dealt with the complaint. I accept there were – but I consider these to be relatively minor. I can see that Wise wrote to Mr M on 21 May 2024 suggesting that they would look into the claim and get back to him. That didn’t happen. It appears they were actually waiting for a police report from Mr M, but I don’t think that it was clear from the email that they wouldn’t contact him again until that happened. For this delay, I think that the £100 compensation recommended by the investigator is fair in the circumstances. I’d also note that The Financial Ombudsman Service is not a regulator. My decision is confined to the events of this complaint – not any wider finding about Wise’s fraud detection systems. I’ve also thought about Wise’s attempts to recover Mr M’s funds. For card payments, like the ones that the fraudsters made, Wise would generally be expected to consider whether it could challenge the payments through the chargeback scheme. However, where there has been two-factor authentication (in this case the text message verification) a chargeback cannot be raised on the grounds of fraud. Given goods and services would have likely been provided to the fraudster (in the case of R – a money transfer, in the case of the retailers – goods or service), I can’t see a basis for Wise challenging the payments for another reason either. Wise does appear to have been able to recover small sums from the beneficiary accounts at R. Our considerable attempts to establish the circumstances surrounding that recovery have been unsuccessful, so there isn’t compelling evidence to suggest Wise could have done more. In any case, I’m provisionally recommending that Mr M is fully refunded. Finally, I know that Mr M was unhappy that when he reported the matter to Wise, some of the payments in dispute were still pending. I can see why Mr M would think that means that Wise could have prevented the loss. I’m afraid that I wouldn’t expect Wise to cancel pending payments. While the payment might have been pending, the service or goods would have likely already been provided. Putting things right

-- 6 of 8 --

Wise should reimburse Mr M his outstanding loss. I’ve calculated this amount to be as follows: - The value of the disputed transactions - £29,667.88 - Minus the amount already reimbursed by Wise – £11,333.94 - Minus the small sums recovered from R - £95.53 - I calculate this amount to be - £18,238.41 My provisional decision I intend to uphold this complaint and instruct Wise Payments Limited to: - Reimburse Mr M’s outstanding loss as outlined above. - Pay 8% simple interest per year on that amount from the date of the payments to the date of settlement - Pay £100 compensation Wise accepted my provisional decision. Mr M agreed with my assessment of Wise’s liability but asked me to reconsider the proposed amount of compensation. He explained that the extended duration of the dispute, repeated administrative and communication failures and the significant emotional and health impact the dispute had on him should be taken into account, particularly given his age and an ongoing medical condition. What I’ve decided – and why I’ve considered all the available evidence and arguments to decide what’s fair and reasonable in the circumstances of this complaint. As both parties have accepted my provisional decision in relation to overall liability, I only need to comment further on the issue of compensation. I appreciate this dispute has been long-running and I can see how much of an impact the situation has had on Mr M. However, as I’ve set out above, I only think it’s fair to award compensation in these circumstances where I can identify specific service failings by Wise. I’ve identified one failing, but I don’t think that either the duration of the dispute or the impact on Mr M would have been significantly lessened had that failing not occurred. I therefore maintain that £100 compensation is fair in the circumstances and, overall, my final decision is unchanged from my provisional decision set out above. My final decision I uphold this complaint and instruct Wise Payments Limited to: - Reimburse Mr M’s outstanding loss – which I calculate to be £18,238.41 - Pay 8% simple interest per year on that amount from the date of the payments to the date of settlement, less any tax lawfully deductible. - Pay £100 compensation

-- 7 of 8 --

Under the rules of the Financial Ombudsman Service, I’m required to ask Mr M to accept or reject my decision before 27 April 2026. Rich Drury Ombudsman

-- 8 of 8 --