Today I too have been a victim of debitcard fraud with my Metal card. I was at a club in Spain and suddenly a bunch of online transactions came through from online merchants in the Dubai area.
The card automatically froze after a few declined payments, but unfortunately they had already managed to steal some of my cash.
I’m in the process of doing a chargeback, so I’m confident that this issue will be resolved sooner or later.
This incident actually got me thinking a lot about the security of my cards. On the one hand, I totally would want to block online payments on my metal card for security purposes, but on the other hand I don’t want to lose my cashback which is often 10x higher when shopping online, than when shopping offline in Europe. (0,1% in Europe, 1% outside Europe)
For security purposes I would like to propose the following ideas/changes:
1) METAL VIRTUAL (DISPOSABLE) CARDS
The virtual (disposable) cards are awesome, but we are forced to choose between security and cashback. I would like to propose that all Metal account holders have cashback on all virtual cards too. This way we can turn off online shopping on our Metal card, and we can use our virtual (disposable?) cards for that purpose, while still getting the same cashback as with our metal cards.
2) COUNTRY BLOCKING
I travel A LOT and also like to do a lot of online shopping, but… I’m always travelling inside Europe and all my online shopping is either in Spain or USA.
I propose that we can choose in which countries our cards can be used (just like the Dutch bank BUNQ does). There is no reason for my card to work in Vietnam, Somalia or UAE, if I’m never going to visit those countries. And if I’m ever in an other country like France or UK and my card has blocked that country, I can turn it on via my Revolut-app in an instant, so that wouldn’t be a problem either.
3) NO CVV PRINTED ON THE CARD
Unfortunately our cards do not have 3D-Secure (yet). Anyone knowing our cardnumber, could go online and fraudelently use our cards. I know almost all banks do this, but why do we keep printing the CVV code on the card? Revolut is an online bank. We all have the Revolut app. Can’t we just show the CVV code in the app only?
All that a fraudster needs right now is to place a hidden camera near an ATM or POS terminal and capture all digits on the back of my card for 1 second, to be able to loot my entire Revolut bankaccount.
Plus: As we want to discourage online use of the physical Metal card, you would force people to go to the app any time they want to pay online to find the CVV code, and you could suggest from within the app to use a (more secure) disposable card instead.
My last 2 suggestions should be relatively easy to implement. I don’t know how difficult it would be to implement cashback on all virtual cards of Metal users, but for the sake of security, I would really hope Revolut gets that idea implemented too.