3DS on card top-up

Does Revolut have any control over whether 3DS (VbV in this case) is used when I top up, or is that decided solely by the bank?

I am not completely comfortable that VbV is no longer being used when I top up my Revolut card using my bank account debit card, and would like to have it always on.

It’s the merchant that decided this. Like the daily limit, CVC and 3DS necessity changes after a while, when a source is considered trustworthy. At this point, also auto top up should be possible for this card.

I think we are at crossed purposes, Frank. There is no merchant here - just using my debit card to top up my Revolut account (from my bank account).
I would like to be able to enforce 3DS on every top up, if possible. I certainly have no interest in automatic top ups!

3DS is handled by the issuer of the card. So it’s not Revolut’s decision.

My Portuguese banks always require 3ds… Maybe it’s something you can talk about with your card issuer

1 Like

In this case, Revolut is the “merchant” of this card transaction. With a top up, you “pay” money from your card account to Revolut. And they credit it then to your wallet.

@megamaster you’re right. Sorry.

I am not sure what’s going on here, but for non 3DS cards, the app stops asking for the CVC after a while. This might be true for 3DS as well. This might cohere with cards becoming available for auto top ups. So Revolut might process payments differently after a while.

So, what is the conclusion here - is it my bank (The issuer of my debit card) or Revolut that I need to ask to turn on 3DS for top-ups by card?

To the best of my knowledge, the cvv is on Revolut’s end, so they decide when you ask or not to ask for cvv.

The 3ds is your issuer bank. As I stated before my Portuguese banks always ask, however as an example, n26 only asks sometimes.

3ds is an anti fraud measure the issuer bank has before it authorises the charge


Yes, you’re right. It’s up to Revolut to ask whether they want the CVV or not. When you make a purchase through Amazon they do not ask for a CVV, for example.

Most merchants require a CVV to avoid fraudulent transactions and consequently a chargeback. I also think there’s a higher transaction fee when there’s no CVV involved which makes the transaction more expensive for the merchant, but I’m not entirely sure.

I’ve also heard that a transaction without CVV is more expensive.

However I honestly don’t see the purpose of cvv with 3ds nowadays. 3ds was created exactly because cvv didn’t curtail fraud too much. When you have 3ds, cvv doesn’t serve much purpose

1 Like

Thanks, all. I will contact my bank and ask them if they can have 3DS always on for Revolut top-ups. As The bank is HSBC, I am not hopeful that they will understand or care.

Argh … it just got worse. As you guys predicted, Revolut has now stopped asking for CVV when I top up from my debit card. When my current question to support has cleared, I shall raise a new one to have them make CVV mandatory for my top-ups.

1 Like

Probably revolut will just suggest that you delete and add the card again as a top up method so that it starts asking for CVV again…

I would actually like to have the opposite option, disabling CVV as I have a debit card that doesn’t have CVV on the back and always asks for 3ds anyway :wink:. As it is I can’t use it for top ups

Revolut “Support” are just telling me to talk to my bank for both CVV and 3DS.
I am increasingly worried about the security of this. With no two-factor authentication on card top-up, and the app protected only by a very weak 4-digit PIN, the potential for my bank account haemorrhaging money to fraudulent Revolut transactions if my my phone is stolen seems quite high.
What am I missing?

All it requires is someone to unlock my phone and then also hack the very weak Revolut PIN. With no 2FA on the top-ups, that person can then spend freely, until I notice the theft and am able to contact Revolut.
I would feel more comfortable if there were a way to enforce 2FA on a top-up by debit card.

Well, that seems to be a bit arse about face - to put very inconvenient strong security on my phone just because the one app that needs high security won’t do it properly itself.
Having to do an Internet transfer a few times each week is also not the right answer - by making it more inconvenient for me to top up I will either just stop topping up and so stop using Revolut at all, or I will top up larger amounts less frequently, which also makes for a higher risk of losing.money when my card is stolen.

The right answer is to allow enforcing 2FA on the in-app top-up.

Unfortunately it seems that you have a very strong personal opinion and are not open to suggestions. I think noone can help you here.

I agree with @Platin that if the risk is too high I should stop using the service. Until I can find a way of forcing 2FA for card top-ups, I shall have to stop using Revolut for my day-to-day spend, and will use it only for foreign travel.