The scammer some how added their Revolut card to an Apple pay wallet. How does adding a card to Apple pay work? For Google wallet, you need the card details including the CSV. After that you need to verify the card by either logging into the banking app (in this case Revolut) or by using a code sent to the phone number your bank has for you.The article was bizarre and unbalanced in my view. It danced around the salient issue. The implication seems to be that the ‘victims’ in some way disclosed their details. If that’s the case, it’s their fault.
Is it bizarre or just a back and forth of he said she said without either party being able to back up their side of the story?The article was bizarre and unbalanced in my view. It danced around the salient issue. The implication seems to be that the ‘victims’ in some way disclosed their details. If that’s the case, it’s their fault.
I just reviewed some of my transactions on Revolut. There is no distinction on the transaction list on the app between an online transactions, a POS transactions or Apple Pay transactions. It also does not tell me how the transaction was authorised [PIN, MFA on app etc]. Revolut will obviously have this detail available to them internally, and should be shared with the complaints. Only then would it be possible to understand their role in the situation and what responsible resides with them.Surely they are the party that have a history of what happened.
I don't think a lot of people appreciate the security steps and measures they should take to keep their money safe online.Like most of you, I am confused by the article. There are two issues here - firstly is how the money was accessed from the Revolut account and secondly how easy or not it is to deal with Revolut once a 'bad' transaction occurs. I am guessing that they are not great to deal with in times like this, but despite having used them for many years, I have never had an issue with them or experienced any 'bad' transaction thankfully.
Revolut (like most of the fintechs - N26/Monese etc) support lots of security features traditional banks dont readily offer. This includes the ability to have have vaults/pockets etc that isolate funds from the main account. If someone is saving for something in particular, surely the funds are best placed to be moved into a pocket for safer keeping (both security and bad spending habits). Also Revolut gives you much more control on what type of transactions are permitted on a card at a point in time, including self-managed spending limits, ability to turn on/off online payments, location-based security, swipe payments, ATM withdrawals, contactless payments (and allowing you set your own limit on this). So from a security perspective, I would say the likes of Revolut put much more control into peoples hands via the app than traditional banks. However, this means that people also need to understand this and know what settings are best suited for them and be willing to dynamically change them as required [e.g. when abroad on holidays etc].
I remember having swipe payments disabled on my card and having a payment rejected somewhere - I simply checked the app to see the cause of the rejection, unlocking it and processing the transaction again !
>>So all that the couple was able to establish was that the transactions appeared to have been carried out in person by someone who had access to their Apple Pay details.
From the article this appears to be how the funds were believed to be accessed. The person must have put the Revolut card on Apple Pay. My understanding on Apple Pay is you can make payment with the physical device (iPhone or Apple Watch) but you have to enter the devices security codes. Online payments are also possible - but limited to Apple devices and require use of touch id to work directly, or if no touch id needs to be connected to the iPhone via bluetooth. [I only use Apple Pay with my physical devices and never online]
https://support.apple.com/en-gb/102626
In summary, I think there is more to this story than is reported here. I think the card details were compromised in some way to support the payments - either physical skimming of the card magnetic strip [with PIN also likely compromised] or virtually where all details, including ccv were compromised. However, with 2FA/MFA on the Revolut app, I find it surprised if these were fully online transactions, but rather Point of Sale transactions which do not require authorisation via the app. But POS transactions need to use either PIN or ccv details.
I don't know if Revolut supports the signature option for authorising payments, but my understanding is the physical card is required for signature payments also (so we are back to card skimming) !!
Revolut is never going to explain exactly what happened. Banks aren't in the business of advertising any potential weaknesses in the system, even if it's the customer's fault. It makes it look like Revolut is hiding something, but they aren't. Well, they are but for good reason.
I tend to agree with all that but we are essentially only getting one side of the story because Revolut won't comment on these things in the media. No bank will. Revolut may actually have told the customer what happened but the customer doesn't want to hear it. It's really hard to know what really happened in this case.If I had 2500 taken from my account and Revolut were saying it was my fault rather than theirs, the least I would expect is for them to prove this. This means a copy of the transaction details including the source of the transaction, type of transaction and how it was authorised. I dont have access to this data - they do, so if they want to state that its my fault, they need to share this information to prove its my fault.
I would expect the same with an Irish bank. If I had a transaction I claimed was fraudulent and they could see it was authorised by PIN, they need to share this to show it was an issue on my side rather than just say "you messed up mate, I am not refunding it"
Sorry @murphaph1 absolutely. I don't in any way mean that Revolut needs to provide this data to the media - in fact they absolutely should not do so. But they should provide it to the customer on request to support the position they are taking around whether it was fraudulent or not, and where the potential responsibility resides . Whether the customer understand what they were told, believe the response given, accepted it or simply don't want to hear they messed up is a totally different matter.I tend to agree with all that but we are essentially only getting one side of the story because Revolut won't comment on these things in the media. No bank will. Revolut may actually have told the customer what happened but the customer doesn't want to hear it. It's really hard to know what really happened in this case.
Subject access Request would be a place to start.If I had 2500 taken from my account and Revolut were saying it was my fault rather than theirs, the least I would expect is for them to prove this. This means a copy of the transaction details including the source of the transaction, type of transaction and how it was authorised. I dont have access to this data - they do, so if they want to state that its my fault, they need to share this information to prove its my fault.
what's wrong with the Joe Duffy routeSubject access Request would be a place to start.
Comes across as a sob story rather than giving the exact particulars on what happened. Think that is more up Conor's street anyway - he has ended up with egg on his face before when he didn't understand the detail
seriously ? I know some people are not very tech savvy, but writing your ATM PIN beside your bank cards is rather special !People can be really lax with basic security.
I was sitting across from a woman today who had her ATM PIN taped on the inside of her phone cover in huge letters, right beside the little slits containing her bank cards. It literally said AIB PIN XXXX. I also noticed she had no security code/face ID on her phone, she just swiped to open. A disaster waiting to happen.
If I saw all this in 30 seconds while daydreaming on public transport you can bet that clever criminals are spotting these opportunities on a daily basis and taking advantage.
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?