Improve security on the identification of a customer from phone number

I am not sure how this works, but I am concerned about a possible security issue with the “find Revolut user in your contact”. If I get it properly, anyone with my phone number can identify me as a Revolut user for good reason (friends) or bad (scammer).
It could be very simple to improve the security: As soon as someone want to know if I am a Revolut user based on my phone number, Revolut should ask me if I allow it.
Obviously, if someone receives a lot of refusal, it is obviously a scammer, and Revolut should take consequence.

7 Likes

You can disable this in the privacy settings.

2 Likes

You can but it is poorly implemented as it is an all-or-nothing option. It doesn’t allow a selective choice or even just the middle ground of “allow if we have eachother’s number”.

6 Likes

I agree.

As long as you don’t have to share your entire address book with Revolut, and Revolut’s apps can talk to each other somehow, that would be OK, you could choose whether to share you are a Revolut customer with others or not.

How technically feasible is that and how a priority could that be I can only guess.

3 Likes

I don’t think they’re required to do anything more? Would be a nifty feature though I guess

The option they implemented was the easiest and fastest as a reaction to the SMS fraud - a quick patch. Nothing more.

But you can’t use that great feature if you want to prevent a possible fraud?
That’s far from convenient and “better than your regular bank”.

People where literally screaming for this feature - now its there and people are still not happy. Geez.

1 Like

Just my opinion, but Revolut is far better than regular banks in many ways.

And this is why we should just accept half-assed implementations of features?

Ok what do you suggest?

I prefer a safe feature over a draft one.
In Canada, there is the system Interrac: anyone with your phone number or mail address can send you money. But they dont get your bank login.
Here you log to your account with your phone number, so a part of the job is done if a scammer can get it.

I also believe the solution should be something that protects more the privacy.

Example: if I need to pay money only once in my life: (imagine I’m in country where I’m unlikely returning in the near future,) then I don’t need to know that person’s private data (including profile picture or bank account). Nor I wish to share mine. It’s a one-time payment that’s it. What allows me to have access to that data?

Or if we look from another perspective: the numbers in my phonebook are part of my list of contacts. If I share this list with any third party (including Revolut) then I might breach the GDPR… How can I prove that my contacts allowed me to share their data without having their consent in hand? Am I correct? Or maybe I misunderstood something? :thinking:

1 Like