I’m not sure if this is a bug, an unfortunate property of the Mastercard system or a potential future increased security feature for Revolut.
I had “Location based security”, “Disable magstripe payments” and “Disable e-commerce transactions” turned on for my card. I then took a taxi, and asked if I could pay by Mastercard, the driver said yes. But when I reached my destination, he pulled out one of those ancient old school zip zap machines where they stick your card in and take an impression of it, then get you to sign for the amount.
Later, I realised this wouldn’t work due to my security settings and had been trying to get hold of the driver (hard as the only contact I had for him was a a phone number which he never answered). But fast forward two weeks, and the payment magically disappeared from my card.
My impression from the Revolut security settings, was that I could just flap the card around in public like a crazy man, and no one could withdraw money from it without connecting via NFC or using the chip directly, along with my pin number. I thought that “e-commerce transactions” was just a reference to the card number being usable directly.
If an impression of the card can be used for doing transactions, then this could be used without our knowledge, much like any other “credit” card. So long as someone has your name, number etc. they can make their own fake impression of the card and start doing illegal transactions with it, making the “e-commerce transactions” block somewhat moot for stopping people using your card illegally (which is mostly what I had thought it’s purpose was for).