In 2017, more than two million people contacted the Financial Ombudsman Service about problems.

The Financial Ombudsman Service (FOS) was set up by Parliament to resolve individual complaints between financial businesses and their customers. They can look into problems involving most types of money matters - from payday loans to pensions, pet insurance to PPI. If they decide someone's been treated unfairly, they have legal powers to put things right.

If you have a complaint about a financial product or service and you're not sure how to get started, get in touch –

you can call 0300 123 9 123 or 0800 023 4567.

The website covers:

· bank accounts

· credit, debit and store cards

· payment protection insurance (PPI)

· other insurance, like motor, travel and household

· loans, including payday loans

· other credit, like car finance

· mortgages

· repayment problems and debt collection

· money transfers and online payments

· financial advice, savings and investments

· pensions

Consumers can use the site for making complaints, reading about past case studies and learning about what options are available.

If you’re wondering about PPI or want to make a complaint about PPI, there is guidance about how such complaints can be resolved.


Each year people contact FOS when they’ve had trouble on holiday – and haven’t had the help from their travel insurer that they expected. And most of the time, these disputes centre on what’s covered by their policy and what’s not. FOS can help.

For Businesses

· resources for businesses

· find out the approach to different types of complaint

· get support with a customer's complaint

· read the ombudsman decisions

· find practical case studies in ombudsman news

FOS Publications

1. Your Complaint and The Ombudsman. This is a consumer leaflet – which businesses must give consumers at the relevant stage in the complaints process

2. Ombudsman News. This is a regular newsletter for people interested in financial complaints – and how to settle or prevent them – providing news, recent case studies and feedback from the ombudsman

3. Consumer Factsheets covering a range of subject areas and specialist topics

4. Guides for businesses covered by the ombudsman. These provide more details about the ombudsman service's processes and procedures – together with a series of quick guides for businesses

5. Complaints data - statistics about the complaints referred to the ombudsman service – showing the number received and the proportion upheld

6. Online Technical Resource. This sets out the ombudsman's usual approach to disputes involving the financial products and services most complained about

How to Complain

You should talk to the business first. Tell them you're unhappy and give them a chance to put things right. They have to give their "final response" within eight weeks at the most, depending on what you’re complaining about.

If you're not happy with how things turn out – or you don't get an answer from the business – you can report this to FOS.

Call 0800 023 4567 or fill out the Word or PDF form online.

Do Share this post on social media –click on the icons at the bottom of the article.

In the USA, the Computer Fraud and Abuse Act (CFAA) of 1986 prohibits individuals from taking retaliatory/defensive actions against hackers or cyber-criminals, other than preventative protective measures such as using anti-virus software or anti-malware. So, anyone trying to strike back against the scammers is currently risking prosecution.

In October 2017 – politicians Tom Graves (Republican Party) and Kyrsten Sinema (Democratic Party) introduced a new piece of legislation designed to extend the powers of victims of cyber-assault beyond the limits imposed by the CFAA.

This bill, known as the Active Cyber Defense Certainty Act (ACDC), was the result of a lengthy feedback process initiated in March 2017 and it seeks to enshrine in law the principle that victims of cyber-assault should be allowed the use of limited defensive measures extending beyond the boundaries of their network, in order to monitor, identify and stop their attackers.

Basic Provisions of the Active Cyber Defense Certainty Act

Under the ACDC, authorized individuals and companies would have the legal authority to venture outside their computer networks to:

·         Establish the attribution (i.e., the nature, cause, and source) of an attack.

·         Disrupt cyber-attacks without damaging the computer systems of the presumed assailant – or of any third party.

·         Retrieve and destroy any files stolen during the course of an attack.

·         Monitor the behavior of an attacker.

·         Use “beaconing” technology.

Within this framework, individuals and the private sector will be allowed to use and develop tools which are currently restricted under the CFAA in protecting their own networks, and adopt a more active role in cyber-defense.

An updated discussion draft of the ACDC was introduced. On the basis of further feedback and suggestions, alterations were added to the bill, including:

·         A voluntary review process which individuals and companies can undergo before using so-called “active-defense” techniques.

·         Opportunities for consultation with the FBI Joint Taskforce, enabling cyber-security defenders to better conform with federal law and improve the technical operation of their proactive measures.

·         An obligation to notify the government of the use of active cyber-defense measures which go beyond beaconing.

·         An affirmation that the bill does not interfere with a person’s right to seek damages.

Beacons and Dye Packs

The ACDC authorizes companies and individuals to deploy tools which the Center for Cyber and Homeland Security Task Force describes as “beacons” and “dye packs”.

In the cyber-security sense, a “beacon” is defined as:

“Pieces of software or links that have been hidden in files and, when removed from a system without authorization, can establish a connection with and send information to a defender with details on the structure and location of the foreign computer systems it traverses.”

A “dye pack” is similar to a beacon but is given more aggressive attributes, such that it is able to have a destructive impact on its surrounding environment.

However, companies engaging in “active-defense” measures may be held liable for any damage caused to third party computer systems.

Tom Graves released an update to the initial Active Cyber Defense Certainty Act that intends to exempt victims of cyber attacks from being prosecuted for attempting to hack back at their attackers under the CFAA.

According to the proposed law, organizations would be exempt from prosecution if they alert law enforcement before committing such acts

Tracking the Cyber Criminals

It’s often not easy to identify the cyber criminals. Even a simple email can be misleading. E.g. you receive a scam email and trace the owner of the email account, but it may be that scammers hacked the account and the account holder is a victim. You cannot tell.

While in theory it might be useful to have highly skilled organizations authorized to perform some level of active defense, it may be difficult in practice to get the right balance between defending systems and active defense that can potentially damage the attackers systems or what appears to be the attackers systems.

Should private citizens be allowed to take the fight to the attackers? What do you think?

Go to the About page then Contact Us.

Articles on Fightback