Changing phone number, Lost phone, terrible process

Hi,

My brother lost his phone while on vacation.

We would like to be able to change the number on the app, but when signing in on another phone (as advised) it sends verification to the old phone
…So whoever has that phone also has a verification code.

Who designed a process wherein security issues cannot be resolved via phone call and also if Revolut is attempting to be a bank, making one specific phone critical to id and V is pretty bad design.

Automated chat bots is not really an acceptable solution nor is humans who do not understand the flaws and security exploits in their system.

Please help.

Revolut has the potential to be very special but needs to think with some common sense.

Many thanks.

3 Likes

what other techniques would you propose?

Certainly NOT sending the verification code to the old phone, which might be in possession of a person who could access your Revolut account

2 Likes

how would revolut you no longer have that number, and it’s not someone else trying to access your account?

Tying identity to something that can be replicated easily as a phone number is not a wise security practice. Other companies drop a RSA key on your phone so that you have to pair it and all requests leaving that phone are authenticated, this at least prevents someone from stealing your phone number (note: not your phone) and magically having access to all your money (as they will be able to recover the PIN)

Indeed - the latest attacks on many early bitcoin users involve porting their phone number to a phone the attacker controls… apparently it is almost trivially easy

1 Like

I would propose a solution as…A phone number that you call then you speak to a human who, in less than three minutes could at least either lock access to the app until a new phone is purchased.

I work on projects like Revolut for a living and I cannot imagine that at no point somebody did not put their hand up and say “what if the phone gets lost” having zero customer service telephone staff is usually an idealogical decision sold as being what “millennials” want but actually being a way to cut the costs of business, a hybrid approach is usually best.

The other alternative would be, have a web based portal, allow the user to change the phone number to …Say a landline … Send the text to that landline so that user at least knows whoever has their phone cannot access all their money as well as their phone.

Or have a device similar to Barclay’s pin sentry…Or use facial recognition or voice recognition, I believe I D and V will soon require, something you know, something you have, something you are anyway.

I am a big fan of Revolut and have used them for years so am not being negative per se, but this is bad design for the sake of business convenience, which sadly is incredibly common.

Any type of ID recognition (facial, fingerprint, etc) can be easily generated. Customer service representative on the phone does not guarantee security, actually quite the inverse.

There are techniques, that are put in place by other companies, to enhance the security of these processes, where you are required to provide more than 1 factor when it comes to authenticating/resetting passwords.

The web based portal might make sense but the point is that you still need a 2 factor authentication to be authenticated there, if that authentication path is not secure, the entire process is not secure.

Again, a phone number can be easily stolen.

2 Likes

+1 on that

web portal with 2FA (which can support multiple phone numbers via SMS, OTP, Authy (or other cloud based OTPs), printed codes, yubikey.

google does it, facebook does it, office365 does it.
there are no lack of proper ways to do this. just lack of interest in helping users do it securely

1 Like

While there are no guarantees of security in any proposals I made I think it would be fair to say that anything would be better than.

Stage one: chat bot
Stage two: human web chat with no method to resolve issue and slightly sarcastic tone.
Stage three: go to ATM draw out all money.
Stage four: reconsider the amount of commitment that customer is willing to put in Revolut.
Stage five: customer will definitely not use Revolut for Banking needs and only as a currency card.

Web portal is better than no web portal.
Customer service agent is better than no agent.

For verification, I heard one proposal at a recent cifas conference of having a specific arm movement via video (it is unlikely that person who has your phone would want to be on camera and can guess your arm movement pattern) especially if dealing with an actual customer​service rep.

Also re call centers…A lot of companies really cheap out on this it can be very secure… If the security questions are specific enough, eg not just name and address but favourite sports team, movie, cat and so on

1 Like

A simple security question might be a useful addition in the verification process and indeed I have found this to have the ability to be included as an automated response on other sites.

hi i have i lost my phone number and make new bissnes account with my new phone number .can i use this new number with my first verified account?

Hi, I can imagine how you felt because it is my case now.

I’m abroad my phone is broken, I changed my account to my partner phone and now my account is blocked, my debit card is blocked, not phones to call, not Web to visit, only an in chat that doesn’t work to me (I don’t know why) and now with a new phone with my old phone number but it is not working neither, so here I am abroad with my money in revolut account blocked and without any help service, only this chat. I was a really fan of the revolut I was using more and more as a normal bank, but after that it is really far away to be a reliable main account for me. I don’t want imagining if it was my main bank. Please, could anyone help me? Please.
Thanks

Hello, I have a problem. Phone number changed and code forgotten. how can I register again?

Revolute has definitely the worst experience when becomes to customer support. I was traveling abroad and I changed my registered phone number to a foreign number. It happens now that I came back and I’m using my regular number but I forgot the old number which I had registered on Revolut. I thought would be like a N26 (a real bank service and real customer support) but there is no way to contact the support if you don’t know your number, it is insane!!! It is really crazy, that is why people uses Revolut only to share checks on bar not as a bank. Imagine if you have your whole money/savings in this app (sorry this isn’t a bank at all) and for some reason you need to contact the customer support because a situation like my one?! You are dead!
And I don’t know how to solve my problem.

No idea, what you are talking about. But you should not post personal information in a public forum! If you want to contact :r: support try in-app chat (probably not possible in your case) or social media (facebook/twitter)!

Hi, my phone number is banned as well, how can I get assistance please?

please i am trying to change my phone number but no support replied for days

you tagged a user who hasn’t been seen on :r: since Dec 2017 but the very post above yours is a useful resource which will be worth reading.