It seems to me that once you’ve actually used a disposable card, a new one will not be automatically generated right there and then. You will see it in your list of cards, but it won’t really exist yet. Only when you look at it for the first time will it be generated. Of course, if you look at it and then don’t use it immediately, then it will remain active until you do (or until you terminate it, as advised above), which will put you at risk. But if you don’t, then I guess you should be safe.
Am I missing something?
1 Like
If your description is correct, Revolut implemented this in one of their last updates. They’ve got rid of an in-app text that implied that a new card number will be issued once you tap to view card details after termination.
If it does indeed now work as you’re describing it, that text would be redundant. So I would say, all evidence points into the direction that you’re correct!
1 Like
This is how my list of cards in the app looks when the disposable card has been used for a transaction. A new disposable card isn’t available yet.
But if I click on the card and request to see its details, a new card will be generated and its details will be shown. From that point on the list of cards will look like this:
Now the new card is available and can be used by you or by scammers. You should either use it immediately, or terminate it. Either of these two actions will get you to the situation depicted in the first image, i.e. back to safety.
4 Likes
Yes. A welcome chance Thanks for confirming.
3 Likes
The problem is, what if the issue starts occuring with persistent virtual cards as well? Or even with physical ones? If it’s a brute force attack (which I suspect it is), then what’s to stop it from affecting other types of cards in the future?
Sure, we could theoretically freeze all the cards, unfreeze them when we need to use them, then freeze them again. But that would very quickly turn into a chore.
It would be great if we at least knew exactly what it is that allows disposable cards to be cloned so easily. This might indicate whether a similar attack on virtual or physical cards would be as likely.
2 Likes
better that chore than trying to unwind a scam taking all your money perhaps 
Sure, but on the other hand too much of a chore might cause people to just give up on Revolut altogether and to go back entirely to traditional banks, where at least they’re offered better protection against fraud.
Which would be a pity.
1 Like
You can’t stop brute force attacks like this. That’s what SCA is for. Physical and regular virtual cards should (and do in my experience) rely on SCA, while Revolut’s position seemed to have been that for disposable cards, old school 3DS is sufficient.
2 Likes
+1
Swiss, $99.99 charged by PUBG Mobile. Transaction is pending until Nov 8th, can’t do anything right now.
Hope Revolut is working on a solution. I’ve been a loyal customer for years but this is unacceptable.
5 Likes
The exactly same thing happened to me on Friday, October 28 around 9pm Swiss time! I was stolen 99.99$ transferred to PUBG Mobile from my virutal disposable card. Neither chat-support nor chargeback-form helped, Revolut insists I authorised the transaction (which I haven’t).
I also have a Swiss account. At the time of the transaction I was on Revolut 8.75 and iOS 15.7 if that matters.
5 Likes
Je suis suisse comme la plupart des lésés avec PUBG MOBILE !
5 Likes
Revolut finally gave me a refund, I also contacted PubG mobile but they are not answering.
3 Likes
Hello,
I have been skammed as well on 28 October of USD 199.99 by
Pubg Mobile.
I neither approved nor received a notification of this transaction. It was first rejected because the CVV was wrong then in the same minute, the second try was debited from my account.
I have luckily seen this transaction as I was looking at my account balance and I have reported the transaction to Revolut with the transaction reporting option and also used the in-app-chat to report this issue. On the same day Revolut denied my report and mentionned that I had approved the transaction. Again I opened a in-app-chat and was informed that my case was already rejected the recharged team and that nothing can be done. I also tried to write to Pubg Mobile, but never received an answer.
Today, when reading this blog, I can see that many other Revolut clients were hacked and this is most probably only a small part of the persons skammed.
I have again written to Revolut in the in-app-chat and there answer is now more favorable but not yet satisfactory. There are apparently conscious about this large and serious issue. Let’s see if they will refund the amounts stolen from all clients or what will be the issue.
I am also Swiss and can see that many other people from Switzerland have been skammed. For sure, this is a transaction that I have never made.
If you are in the same situation, you have to contact Revolut again and again by any means, particularly with the in-app-chat. At this stage, I haven’t had any refund, but give hope for that and needless to say that my trust in a bank such as Revolut has been ruined.
5 Likes
Another fintech bank had loads of customers have payments taken for tiktok.
Fraudsters are getting smarter sadly.
I manage to get my money back:
- Reported the transaction (Report an Issue)
- The Request was denied
- Started a chat and insisted that it is an issue with revolut and that I did not approve this transaction. I also pointed to this thread here.
- The guy told me to report the transaction and I said I already did and it was denied
- He told me that he will look into it and get back to me.
- Shortly after I had my money back.
2 Likes
Same with one of our swiss accounts. First request for refund was accepted - at least at the moment.
Same problem, complete account has been suspended for the last 2 days. No answers given so far.
1 Like
Hi all
I had the same problem PUGB Mobile and ~199 USD debit and the Revolut team is currently “investigating” it. I believe this is a widespread problem and this discussion thread has all information required.
What angers me most (and I am a premium client): They have suspended my entire account and do not allow me to log in any longer. I only see the chat when opening the app.
With any other Credit Card company, they would immediately terminate all cards, and let you continue to use the service as new cards arrive. This is shambolic.
I have submitted a formal complaint and asked this to be escalated further. No reaction from Revolut which is super disappointing given, I am currently paying for Premium but cannot even use it.
Kind regards
Anton
1 Like
It’s strange that most of the affected Revolut Users are from Switzerland.
Could it be related to some phishing emails??
Phishing is a possibility. If it’s a brute force attack, it also makes sense that specific regions are affected. Card issuers use account ranges for localization.
If you know parts of the BIN already from successful attacks, it makes sense to focus on that range of card numbers.
1 Like