‘Sorry you lost the money’: Couple loses thousands of euro of wedding savings in Revolut ‘ordeal’

[Brendan Burgess]

The same issue was raised by an audience member on Tonight with Katie Hannon a few weeks ago.

Her Revolut account was drained via Apple Pay in France while she was in Ireland.

I felt sorry for her, but it was pointed out to me afterwards that she had to actively add her Revolut account to that Apple Pay account.

Revolut seems to be saying the same thing in the Irish Times case

It said “our understanding is that the customer provided details that allowed a third party to add a card into an Apple Pay wallet which carried out the disputed transactions. Our view is that the customer could have done more to protect those sensitive details. Customers are explicitly told never to share one-time passwords (OTPs) with anyone else.”

So the fault appears to lie with the customer in both cases.

Apple Pay is the safest way to pay because the merchant never gets the credit or debit card details.

 

[Brendan Burgess]

But as it's time consuming and draining to resolve any problems with Revolut, I keep a maximum of €200 in my Revolut account.

It's crazy to put all your wedding savings in Revolut.

Brendan

 

[DannyBoyD]

....had to actively add her Revolut account to that Apple Pay account.

Apple Pay is the safest way to pay because the merchant never gets the credit or debit card details.

I'm a bit confused? How is 'Apple Pay' safer if that was how the account was hacked?

 

[Dr Strangelove]

With these kinds of things there are two possibilities:

1) a business with extremely sophisticated data systems is compromised by a clever criminal
2) an individual customer is careless and is tricked by a clever criminal

One is not impossible but the other is more likely.

 

[murphaph1]

I'm a bit confused? How is 'Apple Pay' safer if that was how the account was hacked?

The account was likely compromised by the account holder messing up, nothing technical. Apple or Google pay add a layer of abstraction between the real card and the merchant. The merchant never even gets to know the real card details when using these wallets.

 

[shweeney]

But as it's time consuming and draining to resolve any problems with Revolut, I keep a maximum of €200 in my Revolut account.

It's crazy to put all your wedding savings in Revolut.

Brendan

at the very least put the bulk of the money in a "Pocket" so it's not accessible directly from the card.

 

[Calico]

So much of that piece was a cut and paste from emails and Revolut's T&C's.

Another handy article for Conor to go with his endless "top ten ways to save money" lists.

But then I guess we all need an easy first week back after Christmas!

 

[Bobby123]

Hi all,

The story was written about me and I am happy to answer any questions. So many of you are confused about how it happened/the story and that's exactly how I feel. No one can explain to me how it happened, I have always thought of myself as mostly scam aware and my mother and best friend both work in banking (one in the fraud department of HSBC).

I was as honest as I possibly could be about the situation and after going through all texts and emails could only find that delivery scam message that must have been fake and I updated my address and phone number. It was bad timing as I was waiting for a 24 hour delivery. This was about a week before the money was taken so it didn't initially click.

As I said - happy to answer any information. I did travel through the airport the day before the money was taken but I was on 5g the whole time. Again, I am aware not to use public wifi as these are known as unsafe.

 

[Bobby123]

Sorry @murphaph1 absolutely. I don't in any way mean that Revolut needs to provide this data to the media - in fact they absolutely should not do so. But they should provide it to the customer on request to support the position they are taking around whether it was fraudulent or not, and where the potential responsibility resides . Whether the customer understand what they were told, believe the response given, accepted it or simply don't want to hear they messed up is a totally different matter.

And yes, it is very hard to comment on any particular case without having access to the raw transaction evidence. Everything else has levels of 'abstraction' and bias inherently built into it, including the customers version of events. As they say, there are three sides to every story - yours, mine and the truth

I am the customer in the article and revolut gave me no information. In fact, they gave Conor way more information than they ever gave me. When I requested information they said they couldn't give it to me as it was "internal". For example - when was the device added, which phone number was used, where it was added, they wouldn't give me any of it.

 

[Brendan Burgess]

Hi Bobby

Why had you so much money in a Revolut account?

What if you had needed it for your wedding and then Revolut had blocked your account?

Brendan

 

[Brendan Burgess]

could only find that delivery scam message that must have been fake and I updated my address and phone number. It was bad timing as I was waiting for a 24 hour delivery. This was about a week before the money was taken so it didn't initially click.

You have a Revolut account.

The scammers have an Apple Pay account.

They have your personal details.

They try to add your Revolut card to their Apple Pay account.

You must approve it in Revolut. They can't add it themselves no matter what information they have.

Brendan

 

[Brendan Burgess]

Revolut can't tell Conor Pope exactly what you did wrong, but this strongly hints at it:

The statement warned people not to “provide your personal financial details, one-time passwords (OTPs) and full PIN, password or passcode to anyone else.”

It urged people to “beware of scam texts and spoof phone calls. Revolut will never phone you with regards to your account security without first confirming via our secure in-app chat. If in doubt, contact Revolut directly using our in-app chat.”

 

[Dermot]

Hi Brendan,

The man is I'm sure annoyed enough over the loss of his money and I'm sure he realises now that he should not have that amount in the account.

 

[Bobby123]

You have a Revolut account.

The scammers have an Apple Pay account.

They have your personal details.

They try to add your Revolut card to their Apple Pay account.

You must approve it in Revolut. They can't add it themselves no matter what information they have.

Brendan

Hi Brendan,

To answer your questions revolut said that the account was "added to google or apple pay" there was never any proof from revolut that the transactions were used with apple pay despite numerous requests. I spoke to Apple support and they also could only access my phone from their end and could see nothing on their end. One user online suggested their are new apps which make it look like the user is using apple or google pay but I have no further evidence of this.

The wedding fund was dumb, we were about to pay for the catering. I have used revolut since 2019 and I've always been happy with their service. I had no reason to believe that my money being in revolut was unsafe.

I want to add that I have now received the money back from the merchant so I have no reason to lie about giving away my card details or anything.

 

[Gordon Gekko]

It’s good that you got the money back from the merchant. But the bottom line is that money cannot simply vanish or be taken from someone’s account without a mistake being made by him or her somewhere along the way. You must have disclosed details somehow or logged into a fake website or portal at some stage.

 

[Dr Strangelove]

I spoke to Apple support and they also could only access my phone from their end and could see nothing on their end.

Well wasn’t the card added to someone else’s Apple Pay account?

 

[Bobby123]

It’s good that you got the money back from the merchant. But the bottom line is that money cannot simply vanish or be taken from someone’s account without a mistake being made by him or her somewhere along the way. You must have disclosed details somehow or logged into a fake website or portal at some stage.

Yes you're totally right it's just so frustrating trying to figure out how it happened. It's obviously something to do with the delivery details I entered but even then adding it to an online wallet they would have needed a code. Anyway, hopefully I can figure it out one day so I can sleep again.

 

[MugsGame]

I think this is poor form from Revolut. They should be able to provide far more details to justify the source of the transaction.

It's not impossible that the payment masqueraded as ApplePay to the merchant and the merchant's payment processor, without actually being an ApplePay transaction. There have been successful attacks on online payment protocols previously, and sometimes processor systems are not as robust as they should be in validating the claims on a digital transaction.

However, it's more likely that it was a genuine ApplePay transaction.

@Bobby123 if you are certain that you did NOT provide a Revolut dynamic authentication code to a third party and did not approve any Revolut popups related to adding your card to a new ApplePay wallet, then it's possible there's malware on your phone or computer which is silently forwarding SMS codes to a fraudster.

When your mobile phone receives texts, do they appear on your computer? (there's a few ways this might be setup, depending on your computer and phone).

 

[Brendan Burgess]

So if I have someone else's credit card details
name
Address
CC number
CV code
Expiry date

Can I add it to my Apple Pay account and use away?

We have heard two Revolut cases.

Is this also happening with AIB and BoI?

Brendan

 

[Gordon Gekko]

Yes you're totally right it's just so frustrating trying to figure out how it happened. It's obviously something to do with the delivery details I entered but even then adding it to an online wallet they would have needed a code. Anyway, hopefully I can figure it out one day so I can sleep again.

Was there something else in the context of the wedding? Some supplier where things felt a little off or someone took your card away to pay for something or it was out of your sight in some way shape or form?

I’ve heard that some rogue taxi drivers are copying people’s card details when they pay for journeys late at night.

Perhaps it was someone on this wedding trail where you pay for all sorts of things who managed to get your card details and your email address plus other info which enabled them to phish and then combine the various pieces of information?