Ou tout simplement une grosse faille de sécurité chez Revolut ! Si c’est le cas, le saura-t-on un jour ?
Just a bit of an update from my side. I opened a new chat with a live agent, and after referencing this thread, and the history of the issue, I was issued a refund.
They have confirmed that terminating the disposable should mean my funds are safe from that attack vendor.
The agent I spoke with - Beri - was very prompt, I think they now have had sufficient complaints to really handle customer complaints properly.
1 Like
You don’t even need to work too hard to infer the BIN. Just open an account in the same country and look at your virtual disposable card. All the others will most likely have the same BIN.
I’ve looked at the list of disposable cards I’ve had since joining Revolut (you can see that in your account section of the app). They all have the exact same initial six digits.
salut,
je suis aussi suisse et et fort heureusement je ne suis pas impacté avec ces problèmes. Et je me pose juste la question si vous avez enregistré une fois cette carte Virtuelle sur un site de jeu en ligne où les données ont été éventuellement volées comme c’est maintenant monnaie courante.
I work for one of the biggest software companies in the world so I am very knowledgeable about the subject and extremely careful with what I have on my phone, including what emails I even open so I strongly doubt this was the case.
Sure, that’s to be expected. This is true not just for disposable cards. Account ranges usually include more than six numbers. And those additional digits help issuers to organise things like regions. To make sure for example that only specific cards can be added to Apple Pay and to block this functionality for cards from regions where Apple Pay isn’t available. So why are so many Swiss customers affected by this same scam? Most likely because they’ve found a range of card numbers that worked, and they stay within the same range for further attempts. It happens to be the account range for Swiss customers. It’s sort of a side effect of how this account range is allocated.
Yeah, it’s either that, or a security flaw that affects certain Swiss vendors (particularly PUGB Mobile) and allows transactions to look like 3DS-validated although they’re not. Or perhaps a combination of both.
Is PUGB Mobile a Swiss Vendor? Charges are in USD, no?
Oh, you’re right. Good point. 
Il s’agit d’une carte éphémère qui est en cause, donc une carte dont le numéro n’est utilisable qu’une seule fois, contrairement à une carte virtuelle normale. Donc non, je n’ai jamais utilisé cette carte pour un quelconque paiement….
Same issue happened to me. Swiss customer, PUBG MOBILE as the vendor, amount USD 199.99.
Is PUGB Mobile a Swiss Vendor? Charges are in USD, no?
No, PUGB Mobile is a Korean game developer.
Asking them for not accepting the transaction or refunding is useless - you only get an automated answer.
After 5 days I also got my money back. It took a lot of persistence on the support chat after not having been taken seriously. As I said, the chargeback-form request was denied. I’ve also sent an e-mail to formalcomplaints@revolut.com.
I’m not so happy about Revolut calling it a “goodwill” refund as we’ve obviously become victims of a severe security issue with their system. It took a lot of time to investigate this issue ourselves and to persist on the support chat which we were not compensated for. Anyway, by them finally acknowledging a problem and refunding the stolen money they saved themselves a formal complaint to the bank of Lithuania. Here’s the information I got on the chat:
03-11-2022 | 22:15:08 Ahmed
I can see the investigation is still in progress in this regard and as soon as we will have any update you will be notified in the email.
03-11-2022 | 22:15:52 Ahmed
The account is perfectly fine, it is just an issue with the card however the investigation is in process.
finally got my refund. plus an apology. but it took me days of fighting, and in the end, the solution cost everyone including revolut a lot more than the refund‘s worth.
2 Likes
I was also charged for $199.99 on the disposable credit card on PUGB Mobile.
The refund request i issued hours later was denied on the grounds that I confirmed the transaction, which is of course a lie.
I’ve already spent hours chatting in the Revolut app, unfortunately without success so far.
If you read this blog it is so clear that Revolut has a massive security problem on the disposable credit cards. Obviously they are hacked brute force and the transaction seems to issued without card holder name and without CVV.
Why does Revolut a) not accommodating and b) not solving the problem.
It would be so easy!
1 Like
Hi everyone, and thank you all for bringing this issue to our attention.
I’m happy to see that, as a Community, you have come together to try and find a solution to the issue.
I would like to let you know that our team is aware of this, and we are working hard to have this fixed as soon as possible. For now, I will be collecting your feedback here, and as soon as I have news, I will update you all accordingly under this thread.
Thank you 
7 Likes
Bonjour, vous avez des nouvelles à nous communiquer?
Nicolas
Today I used a virtual disposable card (amount less then 1€) and oddly there was no 3ds confirmation.
1 Like
Well, since you’re saying it was less than 1 Euro, the exemption for low value transactions (below 30 Euros) might have been applied.
Exemptions can be applied by the merchant or the card isssuer.
2 Likes