Revolut Security & RevP megathread

I’ve just finished reading this article online: https://www.stavros.io/posts/revolut-doesnt-care-about-you/

What are your thoughts?

// RevP here: Revolut Security & RevP megathread

1 Like

I worry now about this issue. If not take his money back then I’ll think to delete my account…

Yes if this is true not good publicity for revolut at all.

So you cannot stop pending charges even if you know they are fraudulant??
This needs attention urgently or a proper explanation from Revolut.

This guy has been highly negligent in terms of minimising possible damages.

To clarify, removing the limit is a thing I routinely do, because I intentionally set the limit low to avoid large charges. In retrospect, all that did was train me to remove the limit without thinking, so it was a bad decision, but I don’t think that should mean that the theft is my fault.

Doing this and then claiming that it wasn’t you, not even being sure who charged before lifting any limitation, would raise several flags at any fraud prevention officer.

I totally understand Revolut’s point of view.
Furthermore, I think giving in on such cases is bad as it signalises that you can fuck up big times and will not have face any consequences.

Hello, your official Revolut shill here to tell you this story screams of sketchy:

  1. Revolut have always sent me notifications when I’ve made a transaction
  2. The UI has always updated and shown me a reason for said decline
  3. Instead if reopening the app the guy decides to remove his card limits??

How can he blame Revolut for his own extreme negligence?

  1. What Fraud Officer see’s a declined transaction followed by removing of limits on the card, followed by another attempt and then thinks that is fraud? I’d assume that they had got declined and then realized it was the limit, removed it and then tried again.

To be fair, this doesn’t stop Revolut from handling the situation well (which admittedly they don’t) but, if I were the guy I’d have asked to speak to a manager.

Speaking to first of the line customer support about an issue with any company has never got me anywhere at all :slight_smile: if he started it off with an official complaint for them not reversing the charge and reporting to to authorities (like they’re required to do in cases of card fraud) I’m sure they would have backtracked quickly.

I also think he should have asked for monetary compensation since he was out of what Revolut could reasonably assume to be bill money for a week, as they do support SEPA direct debits.

Also another thing, he mentions the payment processor. This isn’t Revolut, currently. Unless he’s got a RevP linked card (which he doesn’t as they only exist in physical at the minute) not that this detracts from his argument at all.

I can say complaining to Revolut is a doozy though, I received a response to mine this morning and they referred to me as Alexander (despite this not even being close to my name) and then gave me misinformation :slight_smile: followed by rejecting my complaint

2 Likes

Just leaving my two cents here:

If 3D Secure was here, both parts would have had no problem so far.

This is then (once again) something that Revolut needs to implement as fast as they can.

8 Likes

3d secure is on beta already.

It’s not the customer or issuer alone who decides if 3DS is applied. The whole chain of merchant, acquirer, card processor, card issuer need to support and implement it.

This becomes mandatory in the EEA this September. But doesn’t help much if the merchant is somewhere else.

Especially with fraud, fraudsters tend to use merchants that have weak fraud detection. With 3DS, what happens is that liability for payments reverses. The merchant get’s the money more likely, the issuer is then liable.

3DS is an additional layer of security and helps to prevent card fraud. But it’s not a bulletproof to prevent card fraud.

And ironically, in cases of fraud the customer has a harder time to proof that it wasn’t him when a payment that used 3DS went through. This can happen when card and phone are stolen at the same time and 3DS relies on text messages, which is still the case with some banks.

More bad news from N26

N26 are not an alternative

Nach Betrugsfällen: Volksbanken setzen Zahlungen an N26 & Co. aus

Weil Betrugsfälle beim Online-Banking zunehmen, stellen genossenschaftliche Banken den Zahlungsverkehr mit Startups wie der Direktbank N26 vorübergehend ein.

Not seen any on my end.

Same with my normal bank

That just how my card works
They cant first step in after the money are taking from my account
And i did try to contact the store

Revolut have always sent me notifications when I’ve made a transaction

Yes they have! Also when a transaction is declined because of the limit. There’s a notification saying “Your limit has been reached” and no more detail, as per the screenshot.

The UI has always updated and shown me a reason for said decline

I envy your luck.

Instead if reopening the app the guy decides to remove his card limits??

“Instead of performing one completely arbitrary action he performs a different completely arbitrary action??”

It’s easy to criticize and offer an optimal solution when you’re sitting on your computer reading about what you know is a case of fraud. It’s different when you’re in a hurry to get home and see a notification with not much time to think about what it means.

Speaking to first of the line customer support about an issue with any company has never got me anywhere at all :slight_smile: if he started it off with an official complaint for them not reversing the charge and reporting to to authorities (like they’re required to do in cases of card fraud) I’m sure they would have backtracked quickly.

I did all these things.

I can say complaining to Revolut is a doozy though, I received a response to mine this morning and they referred to me as Alexander (despite this not even being close to my name) and then gave me misinformation :slight_smile: followed by rejecting my complaint

This doesn’t seem like an amazing endorsement of Revolut.

1 Like

It’s a special beta program for 3D secure and Revolut’s own payments system. Not through the app.

There were sign ups a couple of weeks ago but because I’m in the process to relocate I skipped it.

They send new cards for this btw.

RevP: https://blog.revolut.com/become-a-revp-beta-tester-and-help-improve-card-payments/

1 Like

I’ve signed up but they never sent me a card ;( @AndreasK sort me out pls

1 Like

I guess they didn’t send out the cards yet :slight_smile:

1 Like

(Although I’m a regular beta tester) Possible I just didn’t get in, to be fair ;(

1 Like

Am I seeing this right???

Thinking that I would be signing up with a tech savvy and security conscious company… the ONLY way to access Revolut is with a mobile app??? That uses only a 4-digit access code???

And there is no support AT ALL for web based online access; other than forcing customers to use android emulators on windows system???

Demanding customers to fiddle around on a tiny handheld device for “serious” banking functions and then presuming that this should then also be adequate for business purposes? Ridiculous!

Then to find that the “community” site requires a separate login that actually supports 2Fauth !? But not available in the app that would actually do with some serious security!

The absence of Web based access; the lack of 2Fauth and ONLY 4-digits for access to customer funds… can not be considered as seriously being concerned on customer safety nor function.

In the mean time: during registration the surprise of mandatory registration of CreditCard details pops-up; while not being asked if that information is kept or discarded after funding, raises serious questions on applied EU privacy legislation!

How does Revolut address the aformentioned to solve these clear gaps in services?

Regards, Poulus.

All business banking is web. The business app only offers limited card control features.

I am hoping for a web based access as well, but when you actually study fishing attacks and the latest fraud cases where N26 and some other neobanks were involved, Revolut accounts are relatively hard to hijack. And ironically, not providing a web interface is one of the reasons why phishing attacks are harder.

3 Likes