Security flaw?


#21

Since Revolut’s product marketing mainly targets travelers and the currency exchange features, I find it critical that they offer the best acceptance possible with the restrictions of the no-overdraft account.

I would like to see an even improved acceptance, competitive to N26’s card that is slightly better in some circumstances, on trains for example.


#22

Well I can remember that sometimes those numbers from the card where written by hand not using the imprinted option. Just copy the CCV as well and the signature of the owner. Done… so the question is really how far you want to go. This would be even possible if you show them the digital version of the card.


#23

To the point that people can’t steal money without having access to the physical card.

I thought I already had that level of security with Revolut.


#24

Well, if maximum security is your major concern, you should check out unembossed prepaid cards.


#25

I don’t know of any providers of those which provide the security features which Revolut has.


#26

I am not aware of anyone offering a card like you would like.

Mobile walltets seem to meet most of your criteria. Because even unembossed cards are not immune to credit card data theft.


#27

If they had the features I mentioned above, they would. Which is why I brought the topic up here :wink:


#28

Not really. EMV chips are harder to hack, but it happens. Cameras spy on people entering the PIN. Hackers steel credit card data from internet stores and copy credit cards with white label mag stripe cards. I really don’t think embossing is the major problem here.


#29

The pin would be useless without the physical card, it wouldn’t work on an internet store and there would be no magnetic stripe to copy. Embossing isn’t the problem, but the fact that the card works without the chip or pin is.


#30

Yes, for this one attack scenario. I was trying to say that other trendy methods use vulnerabilities of the chip + PIN system while one uses ones own card. Securing the payment process is one part, having the liabilities sorted out and a guarantee that one gets the money back in case of fraud is the other part. Altogether Recolut seems relatively secure here.


#31

Do we have some guarantee of getting money back if fraud occurs with Revolut? I had assumed we were just on our own on that front with Revolut.

At any rate, I want to avoid the money ever disappearing and I want to have zero issues with someone gaining access to my card number or physical card. That doesn’t seem to be the case with Revolut unfortunately. Perhaps they’ll get there at some point.


#32

Hi @ryanhellyer,

We have a chargeback team, ready to investigate those fraudulent transactions, and once fraud confirmed we’ll refund the difference.


#33

I don’t see why Revolut would be different than any other payment provider here. Everyone issuing Mastercards has to comply with their terms. Liability in case of fraud is the reason why I think it is important to follow Mastercard’s guidelines like signing a card.


#34

I had incorrectly assumed that it was up to the payment providers to offer guarantee’s like that. Since they’re usually banks, I just thought they were usually required to by law.

It seems I had made many wrong assumptions about how this stuff works :confused:


#35

Yes, to me, credit card companies and banks are intimidating dinosaurs. :dragon_face:

If you’re interested in more insights, I find Mastercard’s website an interesting read.

https://www.mastercard.us/en-us/about-mastercard/what-we-do/rules.html


#36

I don’t get the point of your issue here. If he copies your card number and you signed for the amount… Everything is legit. There is no security feature which blocks the card totally from any transactions. Then you have to totally block the card and unblock it when you’re using it.


#37

My issue here is that I thought I’d blocked such transactions. I didn’t think it would or should go through.

I want some way to block transactions like that.


#38

Okay, so I guess you have to block the card with the app to prevent all payments. As far as I understood that he “copied” your card number and later entered the amount which you signed for, correct ?

Thats something which is not covered by the security settings since you did not swipe the card somewhere. I think the reason why the e-commerce setting did not kick in was that the system he used is not a e-commerce solution.


#39

Yes, that is the problem. This was all discussed above.


#40

Thank you for your answer. I just wanted to make sure about how you paid, since I wasn’t sure what you meant earlier.
Maybe they’ll add a feature for better security rather than blocking the whole card.