Revolut's CFO recently 'resigned' from the company in light of claims that Revolut switched off an anti-money laundering system that flags suspect transactions.
Revolut cited 'personal and health reasons' for the CFO's resignation. Whatever those personal and health reasons really were, they clearly passed quite quickly as within the space of a few weeks, said CFO has joined another FinTech company as their new CFO.
The company quite literally has the words "get sh*t done" in giant neon letters on their office wall. They live by the mantra of move fast and break things. That mantra is inevitably going to cause problems when your entire business is dealing with real money owned by real people in one of the most heavily regulated industries in the world.
>Revolut's CFO recently 'resigned' from the company in light of claims that Revolut switched off an anti-money laundering system that flags suspect transactions.
Revolut's CEO[1] is the son of the top bureaucrat of Russian Gazprom, which has been implicated as the main channel of - you guessed it[2], money laundering for Russian oligarchs [3].
As a Russian, I would like to point out that both degrees he has got (Moscow Institute of Physics and Technology and New Economic School) are from top-tier institutions. Money can't buy them and in general they are not attractive for rich kids.
Also, Gazprom Promgaz != Gazprom. It's "a research institute for Gazprom" [1].
It's always a possibility to "buy a degree" when enough money is involved. Look at what happened with the London School of Economics, which is a top 10 university worldwide.
[3] is paywalled. and there is no connection between [1] and [2] (i think putin's friends would crack up laughing at the prospect of laundering billions through a british startup).
but the premise is correct - a unicorn who raised 5m for an online bank startup is hardly a serious option.
> The company quite literally has the words "get sh*t done" in giant neon letters on their office wall.
That has become one of my red flag. I want to deal with people and companies focused on the quality of their products and businesses, not on doing "shit" (taking their motto literally).
Absolutely. "Move fast and break things" is barely acceptable for services where failure is mostly just annoying, like social media. If your product is banking, medicine, transport, or anything else that can seriously harm people, "move fast and break things" amounts to criminal negligence.
Another example of a field that I'm personally aware of and in which this kind of attitude should not be acceptable is cybersecurity. If your job is to protect people, then EVERYTHING you release has to be bulletproof.
As someone in cybersecurity, I would offer an alternate perspective: That sometimes you have to lock things down despite not being absolutely certain of side effects, being willing to take some outages, if you ever expect to get something done.
Analysis Paralysis is a real thing. Sometimes you just have to do it.
Choosing to lock things down when you're not certain of the side effects... that's the sort of thing that will, at worst, cause outages due to protocol access or authentication (which are both easily fixable). It's a smart move... and helps initiate the "Canary in the coalmine" built-in feature.
The "move fast and break things" crowd are generally the same people that will choose to open things up in the name of "getting shit done". They'll drop firewalls, expose services publicly, and generally go out of their way to avoid security because they see it as a hurdle to achieving their primary goal. In my experience, this lack of foresight almost always causes cascading problems in the future that grow exponentially worse the longer they're left unchecked.
"Well at Google, they'd use a global distributed fault tolerant Hadoop cluster for their data store." "Dude??? We're building a Wordpress site. We're gonna run MySQL on the same shared server as the php code."
While I'm not a big fan of Atlassian's software - I did end up in their old offices for various hackerspace related meetups a long time back.
They had a big sign on the wall "Don't fuck the customer."
That's a much better ethos that "move fast and break things", or "Get shit done" in my mind... (Even if it is just performative customer facing propaganda, at least it shows that management understands that's a key requirement customers want to be told they'll meet...)
And after reading about their work culture, I also don't tend to trust companies that grind their employees down and spit them out. Banking is high pressure at the best of times, but reading about how they work doesn't fill me with confidence in their quality.
"Move fast and break things" is my red flag. I kind of get it for early start-ups in, say, the social media space where the phrase was coined. But when I hear it remotely connected to health care, or critical data, I cringe. I even cringe when I hear it applied to Facebook now, now that it's de-facto a communications platform and whether we like it or not it is depended on by people for important communications and things they are led to believe are private.
Don't move fast and break things. Move productively and build things.
the first startup i worked at had a 'get shit done' poster on one of the walls. I think it was more of a fellowkids thing, meant to be half serious/funny and looked more like cargo-culting a startupy phrase.
it was a great place to work - engineering was pretty lax, most of us were there only from 10-4.
That could easily be a way to say that he got threatened to leave that anti-money laundering system switched off 'or else'. Keep in mind that as soon as you create a way for organized crime to do their thing on your service and you are making money of them that they will happily consider you to be in their debt. It happens in the movies, and sometimes it happens in real life.
Someone I know peripherally had something like that happen to him because of a series of movie theaters. Not good, even if you are not aware that such things are happening.
This is why casinos, online gambling, bitcoin related stuff and payment systems as well as two-sided market places always require extra care, before you know it you have a bunch of criminal coat tail riders on board.
Also Revolut CEO's father is CEO of Gazprom (or some division, I'm not sure I understand their structure). And it got it's money from DST Global incubator, which has Kremlin ties.
Meaning, despite their London HQ, Revolut is Russian owned and Russian managed pseudo-bank.
Considering both senior politicians in Lithuania and Luxembourg have raised formal concerns about Revolut's bid for a bank licence, specifically because of the CEO's alleged Kremlin ties, I'm willing to assume there's some substance to that concern.
edit: They have a banking license but current account customers now still get an e-money account only - quite confusing state.
With an e-money account, the client money is supposed to be in a separate account and if they go under, you still get your money. (FCA regulates all this)
They have a banking license from Lithuania (but customers are not switched to it) which might be revoked by Lithuania and they are trying for another license in Ireland.
Thanks to comment below - edited this make more sense.
Revolut received its banking license from Lithuania in December 2018, but hasn't switched its customers over yet. After the family connection with Gazprom became public, Lithuania started considering revoking the license, and Revolut applied for another one in Ireland. It's not clear now, when and which banking license Revolut will start using. It's worth pointing out, though, that Revolut already has more customers than there are tax payers in Lithuania[1].
thanks, you are right, I have edited my original response (which itself is quite confusing now) - the Revolut state of regulation quiet confusing - better to stick with Monzo in UK/N26 in EU.
Haha, yeah, US banking is pretty awful in terms of ease-of-use.
I don't use Venmo myself - I'm at a point where I'd rather just pick up the check that try to split it (using any method). And let me friends pick up the next meal.
I tend to find that Venmo is a bit redundant in the UK - feature-wise, I'm not sure that it does anything that the standard bank mobile apps can't do?
(There's a standard person-to-person via mobile number payments system that most banks support & integrate into their apps (https://en.wikipedia.org/wiki/Paym)).
That's nice. I wish US banks would do something like that, so we don't have to rely on 3rd party apps. But, they couldn't even roll out chip & PIN properly.
I’m not certain as to the original post’s implication, but the multi-billion-dollar Russian “Laundromat” schemes that have come to light over the past few years fed through Baltic banks, including at least one in Lithuania. I’d think, though, that since these came to light there would be added scrutiny and it wouldn’t be an ideal place for further nefarious activity.
> through Baltic banks, including at least one in Lithuania
Just to clarify: The Russian Laundromat mostly relied on the banks from Latvia and Estonia[1], the two EU countries with the largest Russian population. The only banks which participated in the scheme from Lithuania – Danske and Nordea – were actually Scandinavian, and have either left the country (Danske), or merged with others (Nordea) afterwards.
This one was really a Lithuanian bank, even though founded by a person who was born in Russia, and who escaped to Russia when the bank collapsed in 2013. There are none of such banks left in the country anymore, and people are very concerned about any possible Revolut's connections to Russia.
> Why does being regulated by Lithuania make it look it like a money-laundering scheme?
It doesn't raise issues per se. But Lithuania has a sizable Russian population [1]. It's also a small country.
The latter means it has less experience supervising novel and complex financial systems. It also makes its regulators easier to unduly influence, either through bribery or threats (e.g. Revolut failing would probably deplete Lithuania's national deposit system).
> But Lithuania has a sizable Russian population [1]. It's also a small country.
The Russian population (5%) is a tiny minority here, not represented by any political party in the parlament. It's much bigger (25%) in Latvia and Estonia, as Russians tend to live in the cities near the Russian border[1].
> The latter means it has less experience supervising novel and complex financial systems. It also makes its regulators easier to unduly influence, either through bribery or threats
In this case, there is a common view in Lithuania, that as a tiny economy we should focus on IT sector and follow Estonia's example, trying to be the most modern and innovative state in the EU.
Therefore, there is an entire goverment program for attracting and supporting fintech companies[2], hoping that they will open offices in Lithuania and employ recent graduates, preventing them from fleeing to Western Europe for better job opportunities.
Of course, it makes no financial sense to give a banking license to a foreign startup for such a small economy, but Revolut is extremely popular in Lithuania and the general population sees it as an alternative to Scandinavian banks which have occupied the local market.
As a result, those policitians who have tried to oppose giving the license to Revolut were publicly attacked from all sides as "working on behalf of Scandinavian banks".
> Those policitians who tried to oppose giving the license to Revolut were publicly attacked from all sides as "working on behalf of Scandinavian banks"
I rest my case. That such financial regulation is being politically decided gives Revolut more leeway in Lithuania than it would have in e.g. the U.K.
> That such financial regulation is being politically decided
It's not being politically decided, but multiple senior members of the parlament in the committee on Budget and Finance have publicly expressed their concerns.
I agree that there is a lot of general inexperience in the entire system, and I don't believe that Lithuania would be able to regulate Revolut properly, as it's based in the UK.
The point was, that Revolut was more than welcome in Lithuania, and they didn't need to try to influence anyone. The politicians and regulators were even proud that one of the biggest fintech startups in Europe chose to set foot here.
They also saw that N26 was successfully granted a license in Germany, Monzo in the UK, and Bunq in Netherlands. Therefore, it wasn't seen as such a big risk.
The way I understand it, not really. Financial services seem to operate crossborder just OK, while the licenses are not cross border (I mean cross EU border).
Good point. I believe there are EU directives in place which mandate that if an institution is authorised in one member state it can operate in any other state
So does Facebook, DoorDash, FlipKart and hundred+ other Silicon Valley companies. Revolut also has money from Seedcamp, Balderton, Index and tons of other VCs.
> Revolut is Russian owned and Russian managed pseudo-bank
Since when being a Russian is a crime? Besides if a company is London based it is regulated by UK authorities.
You make it sound like the guy being Russian, DST being Russian (and allegedly having "ties" to Kremlin) is somewhat a red flag. I would like to hear more on the reasoning behind how all that is negative?
Don't Silicon Valley CEOs have ties to White House? Should I not use their products? :)
> I would like to hear more on the reasoning behind how all that is negative?
There is outsized demand for money laundering from Russia, in large part owing to its endemic and unchecked corruption. This is why most recent European money laundering scandals have involved Russian money [1][2][3].
So when you see an AML deficient operation with multiple Russian ties based out of Lithuania, it raises legitimate questions.
> We have unchecked corruption from the 2nd most powerful politician in the country
Chao is being investigated by the House [1]. Worst case, we’re talking single-digit millions of suspected malfeasance versus billions in Russia of cut-and-dry graft.
And most importantly, a wrong here doesn’t excuse a wrong there.
Interestingly, all the banks in your sources involved in money laundering of "Russian money" are big non-Russian (Dutch, German, Estonian, UK, Swedish, French and so on) banks.
> all the banks in your sources involved in money laundering of "Russian money" are big non-Russian (Dutch, German, Estonian, UK, Swedish, French and so on) banks
And Revolut is a non-Russian service. Hence the comparison.
(Money laundering has three steps [1]. Dirty Russian money is typically placed with Russian banks. It is then layered between Russian and non-Russian banks before being integrated by a non-Russian bank, thereby masking its origins. Given the amount of dirty money flowing out of Russia, a Russian account tends to gather more scrutiny than e.g. a Danish one in the same way a Colombian account garners more scrutiny than a Miami one.)
financial services company accused of money laundering with ties to russian oligarchs in London is a little bit different from minority stake in a large american corporation, or even the American government, which at least as of today is still a liberal democracy.
The fact that CEOs father works as a deputy executive in a government owned company qualifies does not qualify as "ties," in any meaningful way.
Most shareholders and the regulator in control are western based and run by people whose parents aren't employed in Russia's public sector, as far as I know.
Show me a government that's not known to be corrupt.
> Revolut cited 'personal and health reasons' for the CFO's resignation. Whatever those personal and health reasons really were, they clearly passed quite quickly as within the space of a few weeks, said CFO has joined another FinTech company as their new CFO.
Just waited for the golden parachute check to be cashed in.
The CFO resigned only after the documents passed to The Telegraph by a whistleblower showed that for three months in 2018 Revolut switched off an automated system designed to stop dubious money transfers[1].
That seems like an entirely reasonable response in isolation. Sometimes you write new software and find it just doesn't work in production. Were they not doing anything else to prevent money laundering?
> it may be the CFO took responsibility for some one else's actions
CFOs of financial services companies are typically senior AML officers. All AML actions are their actions, and AML liability for AML officers is almost strict liability. If something happens and if best practice wasn’t followed, the AML officer(s) are personally and criminally liable.
If someone could turn off the entire AML scanning system with the CFO’s prior knowledge, sign-off, and ex post facto notification, that’s a deficient AML policy.
It wasn't the entire system. It was some of the rules. They were rules which weren't very accurate, were leading to lots of unhappy real customers, and not catching many fraudsters.
For example, the rules stopped large numbers of women who had bank accounts or their passports in maiden names from transferring money to themselves. Revolut would see an incoming payment from supposedly the same person, but with a different name, and lock the whole account down until documents could be provided proving why that happened.
That means if you top up your Revolut account on saturday to buy some McDonalds, you are now going to be locked out of all financial services for probably 1+ week while you get official documents proving the name change. A marriage certificate isn't enough. If your salary is paid into Revolut, you might default on loan payments, loose your house/car, etc.
All that to stop only the stupidest of money launderers. Smart money launderers know to use business accounts where the name of the account holder isn't checked by any bank.
If a human moves money from "Bob smith" at bank1 to "bob smith" at bank2, they can avoid many of the money laundering checks, because money laundering laws only apply when money is changing ownership.
If a business does the same, and claims they're moving their own money about, the name checks aren't applied, so they can work around many of the checks.
In Germany at least, when you order a transaction you have to specify recipient account holder name and IBAN. Recipient bank checks if the name on the IBAN matches with the one in their records (after normalization to reduce error rates e.g. from umlauts) and if there's an obvious mismatch reject the transaction.
Business accounts however are not checked as tightly as people often enough either outright mis-spell the company name, use outdated company names, specify departments in the name and not the comment field, ...
I'm not saying this is definitely the case, but it could be why he left. Could you imagine if you were criminally liable for something like this, and found out that the monitoring for it was disabled without your knowledge? I'd want to get out of there ASAP.
In a typical bank, AML is not part of the CFO responsibility (instead directly subordinate to CEO), and no sane bank will have a CFO whose experience is chiefly AML.
It feels like the "unique" part that makes this something novel about this is that they claim you authorized fraud when you raised your limit, accidentally letting a transaction you couldn't see through.
So the scenario is roughly (numbers made up):
1. You set a £500 monthly card limit
2. Your card is stolen and somebody charges £1000
3. You get a notification saying you have hit your limit
4. The failed, fraudulent, transaction is not listed
5. You increase your monthly limit to £1500
6. The fraudulent transaction goes through
7. You can now see the transaction
8. You cancel your card and report the fraud
9. You're told by raising the limit you authorized the fraudulent transaction that you couldn't see before you raised the limit
I don’t know European banking law. But in the U.S., this isn’t Revolut’s call to make [1]. They can issue the chargeback and then cancel your account, if they think you’re being screwy. But they can’t deny the chargeback unilaterally.
OP should reach out to their national financial services regulator.
Depends on the bank.
I had HSBC in France repeatedly deny that they could not and would not perform a charge back forna specific online transaction without a police report.
I ended calling VISA, who conference called my bank branch, explained that they were legally required to perform the charge back. The bank capitulated on the phone, the VISA guy hung up, and the bank said: VISA's opinion aside, we refuse to perform a chargeback.
This sounds like the same fallacy the UK had with chip transactions. The magical fallacy that they're infallible and totally secure, thus all fraudulent transactions are automatically your fault.
In the UK, the law is 100% on your side for credit cards. Just raise a consumer credit act claim, and unless the bank can show serious failings on your part, you'll have the money back.
"proving" that there hasn't been a security breach somewhere in their infrastructure is impossible, so you'll pretty much always win.
I wonder if full "phone only" cards (like the Apple Card but no physical card at all) will become available as an opt-in service at banks at one point, it seems plausible in maybe 10-20 years as Apple/Google pay become more widespread.
But if chip cards are much, much more secure than before and chip breaches are negligable (which they are), then why is the default presumption of fraud being the user's fault unfair? Users can and do write their PINs down, give them to other people and engage in other unsafe practices. That's by far the most common way chip cards are breached: social engineering.
I think there's a limit to how much liability system vendors should be expected to take. Insisting on all-corporate liability all the time, even for cases that are basically unsolvable like users deliberately giving away credentials, just socialises the cost of careless behaviour on all card users. Why bother upgrading security at all, in that case?
It’s interesting that there was quite the criticism of the US “mag stripe” cards when Europe was chip and pin. I recall many Europeans claiming that their system was far more secure and “better.” However, chip and pin puts liability on the customer for fraudulent transactions, while in the US, the liability is on the merchant.
The merchant takes liability on some transaction types. In the UK, any credit card transaction that is flagged by the customer, regardless of chip and pin, is immediately refunded and investigated.
However - as card cloning of chip and pin cards is still effectively at zero, it's very unlikely that fraudulent chip and pin transactions ever take place without, say, the card being stolen as well.
I've got nothing to contribute, except that pretty much every time I ask a PM for clarification on a concern I have at work and they say "oh, that can't happen/never happens" it happens about 30 seconds later. Or it happened 30 seconds ago, which is why I was asking.
Chip and Pin has been out in the wild for what ... 17 years in the UK where I am? And round a lot of the world. So far it has resisted cloning admirably.
I'm not saying Card-present fraud can't ever happen with EMV cards, or that customer liability is the right thing to have, but this technology really does seem to have held up well to attack. Possibly because there are just easier ways to defraud people...
They seem to be orthogonal, if we still just had magstripes then it would be super easy to clone your card and make transactions using it because there's no second factor needed. At least the criminals now have to be organised.
The response to the fraudulent transaction would surely be the same as that's either the bank's call or/legislative.
They generally are for credit cards. Debit cards often have less protection but for credit cards, Visa and Mastercard will allow chargebacks similarly to the US.
It's even more insane because I set the limit to 200ish, so bill payments routinely give me that error message, so I didn't really think anything of it.
Also, apparently the declined transaction shows up, but it takes a while. It didn't show up on my list even though I got the notification, so I thought it just doesn't show and I went to the limits to raise them.
If you set it to 200, why did you then increase it by 1000- which is a) an insane increase and b) the perfect amount for the transaction to go through?
I didn't increase it, because I didn't know the transaction amount. I just set it to "off", which was the default. I also did this on a few of my cards, since I didn't know which card was hitting the limit.
> It seems like terrible UX to not allow/require individual approve/reject on transactions that triggered the limit.
This would have been a massive improvement, agreed. Maybe they have to make a call within a few seconds and can't ask your permission first, though, so maybe that's not possible.
Still, the notification could have shown "Your transaction to MERCHANT for AMOUNT on CARD was declined because of your limit". That would have avoided this whole disaster.
It is possible. Some other banks do it exactly this way. If the transaction amount is large enough, they ask you to authenticate on their app and confirm the transaction.
I suspect that by wanting to move fast they put less emphasis on the features that are more time-consuming to implement.
I guess they built the transaction limit assuming that your merchant would tell you the transaction was declined, but neglected to address the case where you weren't the person hitting the transaction limit with your card.
but this happens, I don’t know why the author said it doesn’t. i get notifcations with the merchant and the amount (that can also be seen in the app). maybe there was a temporary glitch?
hmm, you are right. I checked and the only notifications that I'm getting with the amount and merchant is when the card is blocked (I always keep it blocked and unblock it when I need to do purchases). I had the impression that's everywhere.
on sixt this month i had a transaction with google pay that is connected on my revolut card. that it took 2 days to show up. even support could not see it. they kept saying the top up will ve reversed, even when it was a completely different issue.
Oh, no, there don't seem to be any penalties. I only get a few failed transactions here and there anyway, but so far it's been 100% "legitimate transaction getting restricted", so I trained myself to raise the limit.
It didn’t even mention which card this transaction was on, just no trace. Thinking it was a recurring bill payment that’s getting declined, I started looking into my cards, disabling and re-enabling limits.
I am guessing that you are the author of this blog post. For a long term user, you seem to have made a lot of assumptions and mistakes. You also seem to have a few cards on your account. I can't tell if you froze ALL of your cards, either immediately upon discovering the fraudulent event or before raising/disabling limits and then 'deal' with the rogue virtual card afterwards.
Revolut is a pre-paid card. You can't expect expect the same level of protection or consumer rights, which are provided by a Credit Card or a bank registered in your jurisdiction.
Regardless, you should post this in the Revolut community for more visibility and probably get an actual resolution, before jumping on the GDPR angle ─ which will fail to provide with you enough details, as most financial institutions will redact any information on fraudulent transactions ─ stating in some vague language that it is an on-going fraud/crime investigation, hence they are not allowed to discuss it etc.
>Revolut is a pre-paid card. You can't expect expect the same level of protection or consumer rights, which are provided by a Credit Card or a bank registered in your jurisdiction.
it is described as "Free UK current account". That's the name of a full, normal, bank account. I would expect it to have the full consumer protection, FSCS, etc.
If it doesn't, they're committing some pretty massive advertising fraud...
> For a long term user, you seem to have made a lot of assumptions and mistakes.
What were they?
> I can't tell if you froze ALL of your cards, either immediately upon discovering the fraudulent event or before raising/disabling limits and then 'deal' with the rogue virtual card afterwards.
I froze the card the charge was made on immediately after I discovered the fraudulent transaction, yes. I didn't freeze anything before removing the limit because I didn't think it was fraud until quite a bit after I saw the large transaction go through.
Initially I thought my work had used my card to book a trip for me or something similar. I didn't even imagine someone could have gotten my card details somehow.
> Initially I thought my work had used my card to book a trip for me or something similar. I didn't even imagine someone could have gotten my card details somehow.
I must be missing something here. Is sharing your card details with your workplace, so they can spend your money on your behalf, a normal thing for you (or anybody) to do? Legitimately asking here because I don't understand this at all.
Let's say someone shares their card details with their workplace. For some reason beyond your or mine understanding. Which causes them, in a rush, to think "Ah, must be that, I'll drop the limit". Does this justify that person losing their money that was stolen from them via fraudulent charges?
No, it's not. I was just super confused by the charge and what's what I thought. It makes no sense, and yet the probability ranked higher than "fraud" in my mind.
> Revolut is a pre-paid card. You can't expect expect the same level of protection
The hell I can't. If they can't make their service secure and stand behind it when they fail, they have no business providing the service at all.
What Revolut's legal status and responsibilities are, I don't know. (Although the update says that they did eventually refund him, so clearly someone was aware they fucked up.) But implying that it's the user's fault for not anticipating Revolut's insecurity is absurd. He did make a mistake, but so did Revolut, and they should have (and, eventually, did) make it right.
>What Revolut's legal status and responsibilities are, I don't know.(Although the update says that they did eventually refund him, so clearly someone was aware they fucked up.)
I also use them as my main debit card, because I (mistakenly) thought that the immediate notifications and safety limits would keep me safer in case of fraudulent transactions.
My comment was referencing the above statement from the blog post, which highlights the fact that using this card as a debit card is not a prudent decision. There was absolutely no implication that Revolut was blameless, in any way whatsoever!
I am glad that the matter has now been resolved. For your reference, this card is not protected under the UK Financial Services Compensation Scheme, neither does it provide protection under Section 75 of Consumer Credit Act 1974. However, it is regulated by the Financial Conduct Authority(FCA) under Electronic Money Regulations 2011 and Section 12 describes the complaint handling procedure, which requires the consumer to follow the dispute resolution process by contacting the business first, before escalating it to the Financial Ombudsman Service. In most cases, there is a resolution before it reaches FOS.
In my case, it was because it's a thing that happens frequently. I set limits low and I routinely get transactions failing, so I raise/remove the limit and they retry.
It generally happens when recurring bill payments come through, so I didn't really think much of it, I did what I do when a transaction fails. If I had seen the amount, I definitely wouldn't have done anything like that.
It didn't start out like that, but yep, it just trained me to override it. The rationale was that I could first see the transactions that fail, but the UI doesn't encourage that.
What's the point of a banking app, if it doesn't show you the failed transaction after sending you a vague notification about a limit being reached (due to that transaction)?
It's weird to me that the focus is on Stavros not doing this or that, when the original failure was the bank's. If the notification had said "This transaction here failed because it hit the limit" none of this would have happened. If the app had shown that transaction in the list, none of this would have happened.
Yet here we are asking why the user didn't react perfectly to the failures of the bank. It's weird.
UPDATE: Revolut have emailed me in response to my official complaint (possibly after seeing my post gain attention, I can't say for sure). They admitted it was a mistake to decline my chargeback and have refunded me the purchase.
They also said they would take measures to avoid this from happening again, hopefully they make good on that promise.
Thank you all very much for your help and support, I hope this doesn't happen to anyone else.
It's disgusting that you had to raise a shitstorm on their internal support, then on twitter and then hacker news to get your chargeback.
Will others be savvy enough to raise this attention? I would rather that a regulator went to bat for you and slapped them with a large fine. Because as it stands they can do the same thing to everyone else, only give refunds when someone raises attention and perhaps this only accounts for 1% of the cases.
They are going to take measures to swat stories down quicker before they create bad press, but there is likely a good reason for their behavior so expect no uniform change.
It's becoming increasingly clear to me that most customer support for modern tech products is happening via social media. Building a large enough following that you're capable of generating an outrage machine when something goes wrong is becoming almost a kind of insurance policy now.
In the short term, I imagine this is better for companies, since a very small number of these incidents actually generate enough outrage to need fixing. In the long term, I wonder if companies will ultimately regret creating an environment where every consumer immediately goes public with every complaint they have on social media as soon as something goes wrong?
Yeah, that's completely inexcusable. Maybe I should have given them time to respond to the official complaint, and maybe they would have fixed it, but I don't want to tell a company "someone just stole 1k euros from me, please stop them!" and hear back "it's your fault".
It of course will happen to others, who will have no recourse when they don’t have the same platform to seek redress. It’s your own fault as a Revolut customer if you continue to use them for holding your funds after being made aware of their behavior. Use a real bank!
- the chat was broken. There was no way to contact them and send the documentation.
- I found them in Twitter, someone from Revolut passed my issue along. No one called me.
- They kept messaging me in the chat. I could see the numbers piling up but the chat was "opps something went wrong" and a blank page.
- I tried all: cache, restart etc...I didn't want to uninstall.
- after two weeks I took the big risk and uninstalled the app. It was very tense...I installed it again (it worked luckily) and I could finally chat again. Problem solved.
They never called me, I could not call them, the problem was on their end but I had to find a way and take the risks.
Never again.
Fintech is just banks with a sleek interface and no experience after all.
I suppose so. I guess we are coming out of the phase when a nice app was enough to convince that "this is so much better than a bank". We're maturing as customers.
Under PSD2 this is illegal - sadly the implementation date is in Sep 2019. Appalling treatment and Revoult has been getting some bad press recently - you should complain to Financial Ombudsman - https://financial-ombudsman.org.uk (assuming you are dealing with Revolut UK, and they have not switched to Revolut Payments UAB for EU customers)
I already filed a complaint with them, but apparently Revolut can just refuse to reply and that's that. They also told me as much, they said I have to file a formal complaint with them first. They said something like "we will refuse to process any other complaint until the formal complaint process is complete", but since they're judge, jury and executioner on this, I don't have much faith.
> since they're judge, jury and executioner on this
They’re not. It sounds like Revolut is regulated in Lithuania; complain to them [1]. I’d also light up your own country’s national financial regulator.
(If you can find nexus with the U.K., they’re a good one to get involved [2], too.)
I had Chase screw up a similarly obvious dispute. Long story short, Newegg send me a defective monitor, they claimed it was damaged on return, and then dithered on the refund. After I filed a dispute Newegg sent the defective and now broken monitor back to me. They then responded to the dispute saying I never returned the item and gave the tracking as proof. Chase inexplicably (how could they send back the item if I never returned it?) sided with them.
All the CFPB did for me was forward my complaint to Chase who (politely) told me to go fuck myself.
I've never dealt with the CFPB. However, three times I have complained to regulators about companies misbehaving. It appears that every time the regulators did little beyond forwarding the complaint, but in every case it resulted in the company promptly behaving itself.
Google <your state> financial regulator. In New York, we have the DFS [1], for example.
Note that the rules are less strict for returns than for fraud. You’ll want to include proof of shipping the return, but the merchant and network have some discretion. (VISA is more consumer-friendly than MasterCard with return chargebacks; AmEx is the best.)
>The Department does not regulate national banks (examples: Bank of America, Wells Fargo, Chase, Citibank, PNC) or federal credit unions, whether operating in Georgia or elsewhere.
It doesn't regulate, but depending on the state they'll often mediate. (New York has mediated disputes between national banks and me, for instance.) Otherwise, the OCC [1] is worth a try.
I mean, the CFPP mediated my dispute as well. Chase told me to go fuck myself and CFPP dutifully reported that to me. The question is whether these organizations can sit as an objective third party, look at my dispute, and force Chase to do the right thing.
Under Online Shopping, did you check "I never received merchandise" and "I did not receive a prompt refund"?
You never did receive what you ordered: a working product.
One time, I just had to tell a company while I was on the phone with them, that I had this specific website open on my computer and was filling out the form. That got them to resolve the issue immediately.
Unfortunately, this would only address the issue with Newegg, not Chase. But you should still get your refund, or the monitor, which you can then return for a refund (if you ended up buying another one somewhere else already). If Newegg says it's too late for a refund, tell them to read their own ToS which says you are elligible for a refund, or that you will sue them in small claims court. Or you could use your credit card's warrenty if it has one.
Heck, if your credit card has warranty coverage, did you try using that? From what I understand, if you try returning a defective item and the store won't accept it, the credit card company will just write you a check.
Just open a new case with the credit card company and don't refer to the old issue/case.
>Under Online Shopping, did you check "I never received merchandise" and "I did not receive a prompt refund"?
Ah, I went down the Credit Card path.
>Heck, if your credit card has warranty coverage, did you try using that? From what I understand, if you try returning a defective item and the store won't accept it, the credit card company will just write you a check.
By the time I thought of this I was out of the warranty time frame. I did bring it up in my CFPB complaint though, but I don't recall if they addressed that specifically when they told me to pound sand.
>Unfortunately, this would only address the issue with Newegg
Newegg banned my account after the dispute. Since they sold a defective monitor as "certified refurbished" and then fraudulently answered the CC dispute I don't have any faith they will voluntarily resolve the issue. Unfortunately, this level of customer service is par for the course for them.
Newegg banned my account after I told their support that someone else logged into it, changed the password, and purchased a $1000+ camera with a gift card. I'm not sure if it counted as a dispute or not, as the money wasn't mine and it wasn't shipped to me. I found it odd that I had no option to reset my password and continue using it. I stopped shopping with Newegg after they silently deleted an entire transaction/order on my second account; all I ever got was the initial order confirmation; it took a call to their support to find out that it was not something I did wrong, but they couldn't tell me why it was cancelled.
You can take them to the small claims court in the UK. They are not judge & jury. They have to have reasonable evidence that you knowingly let the fraud happen.
>Revolut can just refuse to reply and that's that. They also told me as much, they said I have to file a formal complaint with them first.
Revolut can't refuse to reply. They are literally advising you on the first step to file your complaint in this procedure, as prescribed by the Financial Ombudsman Service. It is there to exhaust your query, in order to either resolve the matter amicably or to arrive at some satisfactory conclusion and more importantly it exists to filter out any frivolous claims.
> Your complaint has been sent to the trader. They can either suggest one or more dispute resolution bodies to work on the complaint or they can decide not to proceed with an out-of-court settlement of your complaint.
> You do not need to do anything more at this stage.
I'm with N26 -- tried signing up with Revolut as I heard they had some cool features I didn't have with N26 e.g virtualized cards and crypto currency support.
Signed up with my Passport and transferred €50 to the newly created Revolut account. I wait a week still no money in the Revolut account -- contact support. They explain I'm not registered and that I have to register first -- I'm at a loss as they could issue me an IBAN and I'm still not "registered" -- apprently I have to present a passport that isn't American because "they don't accept US passports" even though they did during my onboarding -- since I didn't have another passport available (my Irish one) I asked them to return the money and close the account. It took them 8 weeks to return the €50 with me chasing them everyday for the last two weeks.
I don't understand why N26 accept US passports and Revolut don't.
Because Revolut dones't want to have to manage FACTA and other US extraterritorial laws. Here is Switzerland having a US passport is a good reason to be banished from your physical bank very quickly. US passport holders are seen as a liability and not as a customer. That's also one of the reason that make renouncement of US citizenship quite popular in Switzerland if you have dual citizenship.
US citizens and us tax residents are essentially the same burden here. Nobody wants to deal with that unless the potential profits outway the additional costs of the admin
N26 have been pretty solid for me and they have a number I can call if I need something. N26 is where I keep my money and Revolut is what I use for day-to-day stuff, but I still had enough money that the fraudster managed to steal 1k :/
Sorry to hear about your trouble. For me the deal-breaker for Revolut when I was looking at my options was that it's not really a bank, while N26 is (which means deposits are protected up to 100k). So I went with them and have no regrets so far.
The reason I went with N26 is because they're German -- the German government will guarantee all savings up to €100k -- this is not the case with the others hence why Revoluts "EU banking licence" doesn't offer as much consumer protection as simply being a German bank. It just means they get more access to EU markets by abiding by certain terms.
N26 is also known to not help you when you're a fraud victim (https://heise.de/-4355970). And they're currently on a watchlist because they usually fail to prevent money laundering (https://heise.de/-4429143).
I was victim of a fraud (a shop factured me twice, then they refused the pay me back the money) while paying with N26. They helped me to get my money back, so from my point of view they help fraud victims.
Looks like it :/ I don't store my life savings there, certainly, I just had "more" money in N26. You're right, though, I should transfer just as much as I need to them.
N26 refused to update my name in the account when one letter changed. They requested documentation my country cannot issue, and just sending them two passports, old and new wasn't enough.
That took them more than a month to figure. More than a month of a constant email ping-pong where they were requesting more and more documents, some of them multiple times over and over.
Their crypto support is a joke. You can only buy and sell with them. You can't transfer in or out. So in effect, you don't have any crypto. You are just paying them to convert money into something you can't use.
They are pretty clear in their terms about what you are doing when trading crypto. Trading crypto in Revolut is like trading contract for difference on stocks.
Because our government decided to play 1000 pound gorilla about our citizens hiding money in foreign countries.
Never mind that the big fish they are really after wouldn't have it in their own name and thus are basically unaffected. It's a lot easier for companies to simply say no US customers than have our idiots in Washington after them.
"How hard must being a bank be, it's just a few numbers in a database."
After all those new-ish, app-based banks are for people with too much time on their hands. You mostly can't talk to anyone, and when they answer it's just a copy-paste from their FAQ. They also lack features, e.g. Kontist doesn't support international bank transfers. Support will tell you "well it could work, but we can't give you any assistance". I don't have six months until your development team understands and implements some protocol!
No phone number should be a dealbreaker for banking. 99% of the time, you don’t want to talk to a banker. But that 1% of the time can make or break you for months or years.
These start-ups (e.g. Bank Simple, Revolut, et cetera) prey on consumers who have only experienced the 99%. You don’t want to have a 1% event, like fraud, or an issue overseas, or a liquidity crisis, with a service you can’t talk to. (It’s also bad enough when it’s your first time with an issue. You don’t want to be banking with someone who’s (a) never solved that problem before either and (b) not available to talk to.)
> No phone number should be a dealbreaker for banking. 99% of the time, you don’t want to talk to a banker. But that 1% of the time can make or break you for months or years.
To be fair, even having a phone number may not help. I spent four months at the beginning of the year trying to get HSBC to close a business account. When visiting the branch I was told I needed to phone head office as they deal with business accounts. After speaking to first line customer support I was told many times "someone will call you back" but nobody did.
Eventually they closed it, but I never received a refund for the account charges between when I requested the closure and it actually being closed, which I was promised.
> 99% of the time, you don’t want to talk to a banker. But that 1% of the time can make or break you for months or years.
This is why I still use my local Sparkasse (credit union) and pay ~9€ a month. They can sort out pretty much everything instantly - need a second card for your s/o, a secondary account for handling freelancer income, or a loan? No problem, show up and get what you want.
Additionally: when you're up for buying a house and all the lender bank has to look is the credit score, you will be paying more interest than if you apply for a credit at the bank that has handled your business over decades. None of the "new online banks" does real estate financing.
> Additionally: when you're up for buying a house and all the lender bank has to look is the credit score, you will be paying more interest than if you apply for a credit at the bank that has handled your business over decades.
Which country are you in? This has most definitely not been the case for me anywhere I've lived. It's irrelevant if you were a customer with the bank before the mortgage application or not.
> Additionally: when you're up for buying a house and all the lender bank has to look is the credit score, you will be paying more interest than if you apply for a credit at the bank that has handled your business over decades
[citation required]
In my experience neither credit score nor past business have a significant impact on interest rate. Price and value of the house is everything.
> you will be paying more interest than if you apply for a credit at the bank that has handled your business over decades.
Is this actually true? That would be a real reason for me to do the same, but if not I would prefer my money to stay with the GLS, which invests it ethically.
For what it's worth, Monzo seems to be the only 'challenger bank' that's getting this right. They have the 24/7 in-app chat support that's super helpful, but then also a phone number you can call if you're into that. My every interaction with them as a customer has been fantastic.
I called the phone number on the back of the Monzo card today a few times. There's a recorded message saying that they're too busy and then they hang up. That phone number is bogus.
I've had negative but acceptable experiences with Monzo and Starling. Would recommend both of them, and actively use both myself.
I've had negative and intolerable experiences with Curve, TransferWise, Tide, and Revolut. I would recommend avoiding all of them. Not all of them offer banking solutions (Curve being the odd one out in that list), but the three that do are all e-money, which I guess speaks for itself.
I was impressed at first with the chat support but each time they've been unable to solve my problem and promised to get back to me, but never did. So, while you don't have to hold for 20 mins on the phone and get passed around like a normal bank, it takes literally days to sort something out. But they're great otherwise!
This is why I will always bank with the old-school banks. Being able to reach someone on the phone -- or even turn up at a branch -- makes it a lot harder for them to ignore you when there is a major issue that needs resolving. But then, my "traditional" bank has a very good app, and treats me extremely nicely, even when I've had all of a few euros (or less than zero euros) in my account.
Yup. For all their flaws and bureaucratic inertia, big banks still have the largest coffers for providing a well-rounded product. Given how backend vendors like Fiserv can be hacked and have 0 repercussions doled out to them, I simply could never recommend banking with local mom-and-pop banks. Just avoid HSBC and Wells Fargo, and you're good.
don't use their insurance.
Recently I was in Istanbul and the insurance didn't activate.
Their app did not register me as in Turkey.
All permissions were ok, Google Maps worked and I purchased a cappuccino with the Revolut physical card in Istanbul.
Still, according to them I was not in Istanbul and there was some problem on my end.
So, I was uninsured.
Imagine if this happens when you are in the US and you get sick.
This is serious stuff, it's just too risky to let them play with it.
I believe that the standard card has the option to purchase insurance and it will be billed only for those days that you were abroad. I don't think that you have to activate anything if you have a plan that includes insurance (premium/metal).
If GPS can be spoofed by Pokemon Go hackers this seems like a dumb thing to base anything important on like insurance being active or not. What the fuck?
From user perspective: What are the odds that somebody is going to follow you when you leave your home country and do targeted GPS spoofing specifically for you while causing some kind of accident/harm to you?
From Revolut perspective: insurance theoretically could be abused but i doubt they haven't calculated the risks as it would mean losing money although i don't see how this is different than me getting travel insurance online and just providing some travel info that from X to Y i need it.
I experienced the other end of the spectrum with Revolut.
My wife saw an advert on Facebook for a and indoor children slide, it looked quite nice for a 100 bucks and since I was busy with work, I didn't due any due diligence and ordered the item. Received the confirmation email, then life went on. In about 2 weeks time, I remembered this order and wanted to check the progress. I opened the order summary link from the email, but it was a 404 and oddly the site looked very different than before, this was the first time I had a feeling, I may have been scammed. I replied to the order email, and asked them for a status update. There was no reply within 2 days, so I went to the site again, and looked for the contact details. I found and email address(Gmail), but no company details whatsoever. This was the time when I realised, I got scammed. Anyways, I sent an email to that address, but of course there was no reply. A day later and decided to figure out where is the site hosted and going back to the contact form, I found a new contact email address(an Outlook one). Since then, I checked the site a few times and the contact address was a different one multiple times.
Anyways, I realised it is a scam, found out the site is on Shopify, reached out to them and they directed me to my bank. I contacted Revolut, briefed them about what happened, and they started the chargeback process. Oddly a few days after they did that, I got another email from the merchant with a tracking code. In about 2 weeks I received a fidget spinner like plastic crap from China, which I never ordered. I notified Revolut about this too and they also told me, the merchant sent them proof me doing the transaction and want not to allow the chargeback, but since I said at the beginning it was me doing the transaction, just never received the items, I just need to fill out another form, stating this and they will carry on, trying to get my money back.
As of today, I still didn't get my money back and I am not sure I ever will, but Revolut was really helpful during the process so far. I am more dissapointed with Shopify, I thought they vet their merchants or at least care about reports of misconducting ones, but they didn't give a crap about me telling them about a scam site running at them. I also found crazy that they don't force the merchant to disclose company details, that's required by the law in many countries.
This is great, thanks, I plan to. I was going to file with the UK small claims court because I didn't know which jurisdiction, but this is perfect, thank you.
Before I signed up for Revolut I did a bit of research and found some incidents that made me more cautious than usual. Unfortunately at the end of my analysis I found no better option, so I signed up. But knowing what I do, I have 2 rules:
- don't keep a significant sum there; not more than what I can afford to loose if things go wrong
- keep unused features disabled at all times, activate and deactivate features or card only when I want to use it. Practically my card is blocked until I want to use it and blocked again as soon as I paid.
My balance today is ~ $35. I will top up when I need to pay more, it is enough for a coffee, a snack or to fill in gas (I ride a bike, even with expensive European gas it's still ~ $25 for a full tank).
Same here, but I have recently changed to Revolut for transfers abroad since even for very large transfers the TransferWise “fee” (exchange rate plus transfer fee) is at about 1.4%, while Revolut is at about 0.4% if you withdraw cash from an ATM. This is if your end goal is to get cash on the other end, rather than services where Revolut would have an even sharper edge. If someone has another viable alternative I am all ears as I am hardly enamoured by Revolut’s app and behaviour.
One of Revolut's selling points is fee free overseas card purchases. Some people have travel schedules where local cash is actually an annoyance, and topping up the app balance via mobile before paying for something certainly isn't any harder than withdrawing extra cash.
I'm a Revolut customer and as far as I can tell that is BS. Always cheaper to transfer in via Transferwise. I only use Revolut for single purpose/use cards so my primary PAN isn't floating around in public.
I was one of the early adopters and their ardent evangelist. I probably hooked more than 10 people to Revolut. Before they were giving any incentives for referrals.
But their customer support turned to shit, their exchange rates became less 'fair', and their service became much, much worse.
A few examples...
(1) I traveled to the US, had troubles activating the travel insurance, contacted customer support, got it working. All good. A few months later, I find weird charges on my account. Contact customer support, ask about the charges. Turns out they charged me insurance fee for days that I was apparently insured, a month later. Best part: I had absolutely zero proof that I was insured at the time I was supposedly insured (take a guess how that would work out for me if I had to make a claim).
(2) I was trying to use their travel insurance again (between my first trip, and their fraudulent charge). The insurance is supposed to auto-activate when you travel abroad, but it did not. Contact customer support as soon as I realised (after arriving to the US), but they refused to activate it cause I already reached my destination. Had to get a different insurance, having to drive 1.000 km in the US without health insurance, before my new travel insurance kicked in. Luckily, nothing happened.
(3) We tried to open a company account. Us three owners were registered as authorised persons in the application form. Our application got refused, no explanation. Plus they froze PERSONAL accounts of my two co-founders for around two weeks. No access to their funds, no explanation. Try contacting the customer support, only to have a bot spew boilerplate nonsense at you. After a few weeks, their accounts just started working again. Explanation? Apology? You wish.
Bottom line is, they can't be trusted, let alone relied upon for anything even remotely important.
Worst thing is their entire pitch was about how they are on a mission to improve 'bad old banks', yet they failed on very fundamentals of banking.
For me, they are a Ryanair of financial services: cheap, but will screw you if they get a chance; and good luck if anything goes wrong.
A few days ago they sent an email offering their Metal cards for referrals. A few years ago I was doing that for free. Today there is no chance I would recommend Revolut to anyone.
FWIW - having to wait for pending transactions to post before filing a chargeback is how traditional banks have treated me, and I'm guessing is probably just part of the Visa/Mastercard dispute resolution process (someone who knows better might correct me here). Though you'd think a next-gen mobile-only bank would be able to put some additional automation around the process so that they would contact you again on the day the transaction posts to confirm you want to go through with a chargeback, or something like that.
The rest of the story looks really, really bad for Revolut - I have never had a traditional bank speak to me like that before.
Visa/Mastercard use a DMS or dual-message system that is basically a digitisation of the paper-based "click-clack" machines, possibly with a phone-based pre-authorisation.
The first message is the auth which comes online. This can only be accepted or declined. Once it has been accepted the value of the transaction is reserved against the credit limit but no movement of funds takes place. The issuing bank can remove the auth manually, but this just releases the credit, it has no impact on what happens next.
The transactions are posted to the account in overnight batch, during which the card system will attempt to match the pending auths and remove them. Some transactions (such as recurrent ones) will have no matching auth. There is no opportunity at this stage to "reject" a transaction, the batch is applied or it isn't. The issuing bank will typically get or more batches per BIN.
The dispute process at this point involves the issuing bank (Revolut) issuing a chargeback against the acquiring bank, which triggers a process during which each bank has certain timeframes to reject or accept the chargeback. So from this standpoint Revolut is basically following standard process.
> having to wait for pending transactions to post before filing a chargeback is how traditional banks have treated me
Yeah, I guess they have a reason for doing that, though I don't know what it is. Still, I would have thought they can cancel it in cases of fraud? Maybe it's so you can't "dine and dash" or similar.
Why the hell would you even use a "virtual" card? With the rate at which personal data is being stolen day after day and companies as large as Equifax being breached, why would you trust your money with an all-virtual bank? Especially one that is so new? It's just asking for trouble. I've had the same bank since I was 17 and they have literally never let me down, and the couple of times I had a fraudulent transaction occur, they automatically flagged it and called me to ask if it was legitimate.
Virtual card is a disposable card that you can use X times (or whatever you set it up). For example, i use virtual cards for services that require CC info in order to register for trial, this way i don't have to remember about my trials expiring and getting charged (because i set the virtual card to be used only once / delete it right after i have used it).
"Virtual card" is a thing in their app. You still have a physical card. The virtual card is for shady shops and such, so that you can delete it afterwards with a single click.
Fintech companies market their products specifically towards people who see themselves as "rugged individualists" who don't need the nanny state to look after them, or millennials who are untrusting of big banks after 2008.
I fall into the second category, but I'm also aware that what little I have in $bigBankCo is covered under depositor's insurance, and I'm good as long as I don't sign up for their usurious lines of credit or things like that.
And I've seen way too many smarmy startup dudes promising customers the earth, moon and the stars if they join their revolutionary "non-bank". No thanks.
My physical bank charges quite a bit for international payments on my credit card (even all in Euro). Revolut doesn't. That said, I avoid keeping money there, even if that means waiting a day or two for the SEPA transfer to clear before I can use it.
I also keep money in two different "regular" banks, since I don't trust those much either.
Very interesting. I must say that I have always been interested in this application, but when I see that on exodus it is listed 8 trackers + 40 permissions I conclude only one thing : I am the product that must be sold.
I'll get on the bandwagon once these companies do something that puts money in my pocket. Orange back in the day used to offer a savings account with 4% interest. That's how you build market share.
All I hear from these upstarts is how easy their app is to use, and how frictionless my payments will be. These are utterly meaningless platitudes. Show me the money.
I've been using Transferwise for a while now, and at least on the face of it, they seem quite boring and sensible. They're the first non-bank that's been granted direct access to the UK's faster payments network.
There is a simple yardstick that made me stay far, far away from Revolut: they deal with bitcoin. I will never trust a single cent of my money on such a company. So far the conduct of Bitcoin exchanges didn't impart the impression of responsible companies. Oftentimes you have downright conmen running them. This is not to say Revolut is cooking the books but touching bitcoin by a fiscal company carries a stench, one that I don't want close to my money.
Huh? https://www.revolut.com/exchange-cryptocurrency
"Instantly exchange any of our 29 currencies directly into Bitcoin, Litecoin, Ethereum, Bitcoin Cash and XRP, and all without breaking a sweat."
>
You can receive cryptocurrency interests sent by another Revolut user. However, you will not be able to receive cryptocurrencies sent from outside of the Revolut platform, eg. external wallets
Nonetheless, they must be buying and holding crypto"currency" which is enough for me to disqualify. It's better than going full exchange but still.
> Nonetheless, they must be buying and holding crypto"currency" which is enough for me to disqualify. It's better than going full exchange but still.
They don't need to, really. They just need to pay you if the price goes up. You're selling them fiat for the promise that they'll buy it back at some point for the new price.
Had a similar thing happen to me a few years back. I don't remember ecact numbers details. It was around 1am or so, I was binging some show when I got a notification.
I check it, and it's a notification from Revolut. A cash withdrawal was just declined. Okay, interesting. I open it, turns out, someone has tried to withdraw some £600+ from account. From Las Vegas. I thought "but I'm in bed, at home, in London. And I certainly don't have an ATM in my house. I'm too poor for that shit".
I think nothing of it, since I've had cash withdrawals disabled anyway.
Few minutes later, another attempt. This time, a little less, £400 or so. I quickly deactivate the card and contact customer support.
They barely cared. They didn't care about the transaction. They didn't care about all the questions I had. I asked a bunch of questions to see where the people have received the data. Who has reported my card as stolen. Where exactly it was used in Las Vegas, etc etc. Nothing. They couldn't provide me with anything.
> You can never rely on banks to give you your money back, since they want their fraud statistics to remain low, even if that means refusing you your money.
Isn't Revolut explicitly not a bank? I thought it was some kind of non-bank pseudo-gift card FinTech thing?
I've never had any problems disputing transactions with my normal regular boring bank that doesn't have an app.
The story is just bizarre and I do not understand how the card issuer/bank can act like that in good faith, of course we only have one side here. Still it really comes off as an organization who acting in a space they are not qualified to be in. Let me guess, they started out to disrupt this space?
anecdotal+
As for his comments about banks not wanting to act on fraud, I have had two fraudulent CC transactions in one year and both times I felt as in my bank and Visa did very well. I also had two issues with Ebay where they and PayPal reacted quickly in my favor. I think for the most part those who are experienced in this arena are quick to act to preserve their reputation because that is what people see, they don't see their "fraud" reports.
The traditional banks have been getting a lot a negative press over large frauds criminals pretending to be solicitors in house purchases and making off with large sums.
The banks are claiming GPDR for not disclosing the fraudulent accounts criminals set up to receive £
Get an account with a reputable bank. In my bank I have a personal banker that I can contact (phone, email, message) in case I need anything (you will get this privilege after a certain amount of income per month, but it's easily reached if you work in IT). I was even able to get money back after I paid for something that I never received (simple debit card). And also many people forget that you may need a larger mortage or loan in the future and I don't think Revolut will help you with this. And in the case of my bank they have a modern mobile and web application, I am not missing anything (Face ID, Touch ID, virtual card generator, retrieve money from ATM with a generated code from the mobile app, open account from mobile app...).
That's a shame. I am very pleased with Tatrabanka in Slovakia. They have a lot of local branches but you never need to go there, all can be handled through mobile app, internet banking or through phone (they use voice fingerprinting).
Actually I had a similar issue with my Piraeus Bank credit card being stolen while I was on a trip in Italy (back in 2011). They charged my card over 3300 EUR after I returned to Greece. Went over to the nearest branch, looked at the transactions with the representative, signed a document that I never made them and that was it. No funds lost. All transactions were cancelled in a few days, new card issued.
Keep in mind that the fraudulent transactions were similar (air tickets etc.).
It's really sad that Revolut didn't even attempt to contact the ticket vendors. This must be nerve-cracking...
It is :( Piraeus is pretty cool, their apps have been convenient. The biggest issue with me is that I can't split bills with my friends because it costs 3 euros and takes a day to send money to a different account, while Revolut makes that use case easy.
> banks in Greece aren't in good shape or very convenient
You can probably find a reputable bank with a nearby branch. Even an online-only relationship with a reputable bank, regulated by a reputable national authority (e.g. the U.K., Switzerland or France), would be a good idea.
Maybe I'm just old but I would never put my money in an institution where I can't go to their branch/office and talk to a human. Typically this is hardly needed with all the digital convenience but when things go wrong, it is truly worth it.
That's not a guarantee anymore; in some banks here, the person behind the desk is just a glorified form filler. Everything has to go to the central offices anyway.
I'm with ING here in Romania and one day I went to a "human" there and took out some cash that I wanted to deposit. They got scared that I took out money in front of them. Banks are not the same.
So far I’ve had only great experiences with Revolut. Using them mostly when abroad, the currency exchange features are nifty, as is the fact that you can load up with money from credit cards with no fee (in the EU). Generally I find them pretty innovative and way superior to all traditional banks I’ve ever been a customer of.
But it’s obvious that this doesn’t translate into an equally good experience once there are problems.
So this case is a good reminder to use these neobanks mindfully and to not put too many eggs in this basket.
I had a similar issue around two years ago (multiple travel transactions, some Indian), although it was one of my physical cards (which I had barely used anywhere). I didn't have enough funds at the time so nothing was charged and I immediately reported the card stolen. After this I've tried to keep my balance below €300 with the rest in vaults to minimize the risk - whenever I need to make a larger transaction I just withdraw money from the vaults before.
Non refundable debit card purchases isn't a problem unique to Revolut.
If this happened with a bank of america debit card, you'd face the same problem. This is why I explicitly refuse to carry debit cards. Only ATM cards and credit cards.
If you use DEBIT cards, you don't get the same kind of protections you get with CREDIT cards.
Yes, that, and credit cards also have +30 days of float essentially built in. So when you run into billing errors or fraud you have time for it to unwind itself / you won't have actively lost money until you need to settle up.
I find it weird they accused you of lying, considering every time I purchase airline tickets the bank receives the full ticket information including the PNR (name information and ticket number) for the issued ticket.
For fraudsters wouldn’t that be a huge risk ordering tickets in your own name? Or is there another dimension I’m missing here?
Seriously! I have no idea, I assume they can just call the merchant up and ask whose name the tickets were purchased in. I'm pretty sure they won't be in mine, what would be the purpose of that? The scammer just wasted a bunch of tickets if so.
I don't know why they don't just call the merchant and get the details. I tried but they wouldn't give me anything or revert the transaction.
Also, I just realize there's yet another, even larger declined transaction in the GBP tab (after I canceled the card). So the fraudster actually tried to buy even more travel stuff.
> For fraudsters wouldn’t that be a huge risk ordering tickets in your own name? Or is there another dimension I’m missing here?
There was a scheme with the German federal train operator Deutsche Bahn last year where they'd buy tickets, cancel them and get a (transferable) voucher for the amount. These vouchers weren't tied to the original transaction, so when the payment was denied later on, the fraudsters still had the "clean" coupon, which they then sold with a margin.
The 2 times I had fraud issue with my credit card it was people buying plane ticket. One time it was on Easyjet for a ticket a few hours later and it was clear that the name was completely made up (strangely it appeared on my credit card statement).
It seems that travel/air ticket are a major source of fraud.
Credit/debit cards are outdated and should be replaced by flexible and safer methods that allow fine-grained control over the payment (i.e one time payment, recurring, limits on recurring etc).
Everyone with your card number can take money from your account. How stupid is that? Like giving the user/pass of your online banking.
Exactly, I don't understand why we can't do "push" money transfers and we have to do "pull"... Cryptocurrencies have a much better use case when it comes to the transaction UX. I also think some countries like the Netherlands have a "push" system that seems convenient.
Many countries have that (e.g. Portugal has had it for over a decade), the problem is that they generally don't work across borders. Hopefully SEPA can help with that.
It is very dangerous to use banking apps or sites from Android phone. Please Google how many "root" exploits are around. Any application or website can attack your phone, and if it succeeds then your money are gone. You should use a phone only as a second factor for authentication.
It's well known the working conditions at Revolut are appalling and a complete meat grinder. Top execs have a gangster attitude and have no problem backstabbing their way to the top.
The financial/banking sector is a fertile ground for them, so they will not fail.
I'm still baffled that "leaking card details" is enough to compromise an account. You'd think money would have better security than some random website, but instead you basically need the equivalent of just the login and no password to get access to the money.
From the way in which the CEO of this company treats he's own employees you can imagine how he will treat he's clients. This company is just toxic, there are other better options that solves the same problem, N26, Monzo etc check them out
Note: I don't work for a competitors, but i hate this kind of toxic company cultures since i've been working in similar environments in the past, and this for me is already a strong "ethical" motivator to not use such product.
I notice a couple of the transactions there are in Greece. I am a Brit living in Greece, and I am SURE some very reputable Greek websites are compromised. My card details get leaked when I buy on Greek sites, I am sure it's them.
Some might look good, but that is not because they care about you. It's because doing good things make their customers and employees happy, and thus keeps the money flowing.
Look, if your response to encountering terrible customer service is to declare that everyone has terrible customer service then you were likely to continue to receive terrible customer service.
If, instead, your response to receiving terrible customer service where to say "this company is awful!", and take your business to someone else with better customer service then perhaps the companies with better service will thrive.
Replace "doesn't care about you" with "doesn't think that keeping you happy is in their financial interest" and there is no loss of clarity. The former rolls off the tongue much more easily, though.
Sigh. Corporations consist of people and it is absolutely possible that a corporation (that is not too big) cares deeply about an issue. The whole improve the world stuff can be bullshit, but it can also be true.
Besides, it does not matter here. Even if it's about doing good things to make customers happy it is noteworthy when a company stops doing that. Amazon had the best customer support ever and now screwed me over, Revolut does what looks like criminal fraud enablement just for screwing with Stavros (probably to enable the power trip of someone in that company) - those things matter regardless whether it's because of the absence of prior real care for the customer or the absence of prior proper treatment out of business reasons.
The people might care, yes. But the people are also bound up in a chain of command and fiduciary responsibilities that can (and often will) render their caring moot.
If you have the VCs or stockholders putting on the pressure to deliver more money, it can be really difficult to do the right thing.
This is the case with most modern companies which have outside investors. In contrast, employee-owned companies seem much more ethical and caring toward their customers.
I'm moving to the UK soon and was looking at Monzo for my bank. Looking at Monzo, not Revolut, and others, which ones would everyone here recommend for bank accounts, debit cards, and credit cards?
Btw, there is a procedure in all banks called dispute request (chargeback request). None of the banks will give you the money back to your debit card without the knowledge of the seller. Imagine how many free items or service you can get if that's possible. So it's not about Revolut.
To open a dispute the transaction needs to be settled. After that Revolut or any other bank can give you the option to fill the form and start the dispute procedure where the seller can place their arguments against it.
After you submit a dispute the card issuer will review both arguments and make a decision (it depends on the bank). Most of the times when the seller doesn't submit evidence against the dispute you'll receive your money back.
> Btw, there is a procedure in all banks called dispute request (chargeback request). None of the banks will give you the money back to your debit card without the knowledge of the seller. Imagine how many free items or service you can get if that's possible. So it's not about Revolut.
When my wallet was stolen years ago, the thieves immediately used my VISA to buy clothes worth ~700 euros. When I realized it was gone, I informed by bank who disabled my cards. I was told to just wait for the statement, mark all sales that I didn't do or authorize. I did that and faxed them a copy, the money was back in my account the next day.
You can "get" free items this way, but you'd commit fraud, and if you get caught, you're going to jail. You can also get free money by robbing a bank, but it's not recommended for similar reasons ;)
Stolen card is a different type of thing. In that case they need to prove that the card is stolen (like from where the transaction is made and so on, there are procedures). And it often takes a while and several calls from the bank during the investigation. It was like that for me also 2 years ago when I got my card stolen. They called me several times to ask me questions.
To the card company, the difference between a stolen card that was used by thieves and a seller that fraudulently charges a card is whether you still have access to the card. In both cases, the account holder hasn't authorized the payment, therefore the payment processor had no valid order to process the payment. Since the agreement you have with the card issuer generally only covers authorized payments, they have little ground to stand on unless they can prove that either you did in fact authorize those charges (fraud) or acted with gross negligence (sharing your details with a third party in ways not intended, so not in a payment process).
A payment processor isn't (at least where I am) entrusted with any special powers to make judgement calls on whether you deserve your money back based on a potentially existing contract between you and a third party - that's the court's job. Cooperating with them makes it easier, speeds up the process and ensures an ongoing relationship with them, but you don't have to prove that your card was stolen (which is hard to do anyhow) - they have to prove that it was you that authorized the charge. Getting your money back without their cooperation may involve taking them to court though.
There's a similar thing with SEPA direct debit. You can pull money from any account (it's trust-based; you're required to provide documentation showing that you were authorized to do so when asked), but the account holder can pull it back for a certain amount of time (iirc, it's six weeks, at least here). The banks do not act as a judge here, they simply put your money back into your account and inform the other bank that the charge has been reversed who then in turn takes it out of the pulling account. If the other account holder believes the charge back to be unlawful (i.e. fraud, or or a charge back because of insufficient balance), they have to bring legal action, but they can't use the bank as a tool in the process.
very sorry to hear that. Debit cards are convenient etc, but they don't offer much in terms of fraud protection. The general suggestion is to always use a credit card instead so that you don't expose your own money to theft, but the bank's.
PayPal almost always sides with the consumer, at least. Revolut's treatment was inexcusable. I've been a customer for three years and use them every day, I did not expect to be treated like this in a million years.
This would also never have happened if the message said anything more than "you've reached the limit". Even the mention of amount would have made me immediately suspicious. As it happened, I just didn't think of fraud, or know which card hit the limit, so I just went absent-mindedly fiddling with them.
"They can’t even give a list of all my data under the GDPR so I can see myself, which seems illegal."
You're in Greece? Under the GDPR they're legally required to give you all the data they have on you; this is non-negotiable. I hope you included that in your complaint.
As for the rest, I guess they're just garbage and I'm glad to know I don't ever want to be using their services. Maybe someone from Revolut will chime in here and try to explain the situation.
> Under the GDPR they're legally required to give you all the data they have on you; this is non-negotiable.
To play devil's advocate: they might argue that the fraudulent transaction contains/might contain PII of the fraudster and they are protecting his privacy. Sounds crazy, but I wouldn't be that surprised.
And that's why you should get a credit card from a real bank, rather than a debit card. With a credit card, in case of fraud, the bank will most likely side with you.
(Talking about Europe, not sure the same applies outside Europe, for instance the American banking system is quite different...)
EU as well and anecdotal; I have 3 dutch bank accounts with CCs, Spanish one with Debitcard and Revolut debit card. Chargebacks on the Spanish are the easiest; I mail my bank and they refund whatever I ask them no questions asked. Revolut does so as well but they ask questions. The Dutch Cc ones are the worst; they require a lengthy process and sometimes they still do not side with me even though it is rather obvious. However, if they detect them themselves (the fraud transactions) then they do reverse without issues: I am talking about the ones I report (over many years; it does not happen often, and only in countries that do not use chip and pin for most transactions like US, some places in HK etc).
It's a failure, but it's absolutely not unique to challenger banks. Just remember the news availability heuristic - you're seeing this because it's tech news.
I was under the impression that banks were required to know their customers, which at least until this point has basically required you to visit a physical office with a passport and answer the standard anti-laundering questionnaire. This pretty much has meant that these online-only banks have been illegal to operate. Apparently the "FinTech" boom has resulted in a new low...
They require a passport photo. The anti-laundering part is in the requirements for proof of income, but only for significant amounts in the account or transactioned. For a couple of hundred euro per month they don't ask that.
No physical presence is required to meet those standards; online-only banks have existed for absolutely ages. The Monzo process for example involved a picture of your passport and a short video.
Revolut cited 'personal and health reasons' for the CFO's resignation. Whatever those personal and health reasons really were, they clearly passed quite quickly as within the space of a few weeks, said CFO has joined another FinTech company as their new CFO.
The company quite literally has the words "get sh*t done" in giant neon letters on their office wall. They live by the mantra of move fast and break things. That mantra is inevitably going to cause problems when your entire business is dealing with real money owned by real people in one of the most heavily regulated industries in the world.