If I lose my phone can my Revolut, N26 and Raisin accounts be cleaned out?

P

Pmc365

Registered User
Messages
247
dubliner8 said:
Can you elaborate on this, that there has been a violation by the account holder? My phone was stolen at a bar, then the thief made google pay transactions at multiple premises. The way I see it the only violation is trusting google pay and internet banks and having all of these and email on the phone that I walk around with. Now even with that you would expect Revolut and N26 to refund fraudulent payments. In replies from people on here or on Reddit etc there is this naivety about Revolut expressed / the false sense of security with phone payments that I had seems to be pervasive. In the meantime given that one cannot trust Revolut et al with one's money I have removed as much of this from the phone I walk around with and put a lock on my email app to ward against having a significant amount of money stolen again.
Click to expand...
Please forgive my naivety but I have a significant amount of money in N26, Bunq and Raisin. If I loose my phone how could a thief and what is the liklihood of hin stealing money from these accounts when he doesn't have my password for Raisin or my PIN? I'm not on Google pay.
 
Last edited:
Pmc365 said:
Please forgive my naivety but I have a significant amount of money in N26, Bunq and Raisin. If I loose my phone how could a thief and what is the liklihood of hin stealing money from these accounts when he doesn't have my password for Raisin or my PIN? I'm not on Google pay.
Click to expand...
It helps that you're not on Google pay. I would still protect my email account / not have that on the phone as they could do a password forgot request with N26 and potentially transfer money out. Just think about any potential vulnerabilities and try eliminate them.
 
Re Possibility of my N26 Savings being stolen...

I have blocked transfers from my N26 Savings( where most of my money is) to the "main account". I think a 4 digit pin is required to unblock this. You must transfer from N26 Savings to main a/c to then transfer to 3rd parties so I hope a password forgot request wouldn't work if they accessed my e mail unless they reset the pin, which according to N26 app can be easily reset by having access to my physical debit card and entering a number on it. So they would need access to my email to reset the password and my debit card to access the pin by resetting it in the app and of course my phone. Perhaps I should keep my debit card separate from my phone. I rarely use it anyway.


This is how the pin is reset on the n26 app:

"If you’ve forgotten your PIN code or want to change it, you can do so at any time. Simply follow these steps:

  1. "Open your N26 app, go to My Account, then Settings, and then tap Security or click
  2. Choose Change confirmation PIN
  3. Enter your card token, the 10-digit number that appears below your name on the front of your card (for N26 Smart, You, and Metal cards, the number appears on the back)
  4. Create and confirm your new confirmation PIN"
 
Last edited:
Pmc365 said:
Please forgive my naivety but I have a significant amount of money in N26, Bunq and Raisin. If I loose my phone how could a thief and what is the liklihood of hin stealing money from these accounts when he doesn't have my password for Raisin or my PIN? I'm not on Google pay.
Click to expand...
So firstly, they have to crack the phone. There was a study done in 2012 which showed that 26.83% of a 4 digit phone PIN could be got within 20 guesses because people are lazy and use things like 1111 or 1234 for their PIN. I doubt very much if it has changed to any great degree since then.

It's even easier if you've been dumb enough to have something (such as your driving licence) with your DOB in your phone wallet. Why, because people use their DOB, or reverse it for their PIN. So if you've lost your phone, there is probably a 1 in 3 chance at least, of the thief cracking your PIN quickly.

Now for the payment apps. I don't know some of these apps but are they PIN, Password or a combination of both?. If your email app is unlocked, maybe all they have to do is press on the reset password button on the app and the chances are, they are in. That's assuming your PIN for the app is not the same as for your phone of course (which for a lot of people it is). And that's assuming you don't have a document saved on your phone with all your passwords and PINS on it. Or a password manager with the same PIN as your phone. Or an email that you've sent to yourself with Password on it and a list of all your password and PINS on it. Or something else silly like that
 
thedaddyman said:
So firstly, they have to crack the phone. There was a study done in 2012 which showed that 26.83% of a 4 digit phone PIN could be got within 20 guesses because people are lazy and use things like 1111 or 1234 for their PIN. I doubt very much if it has changed to any great degree since then.

It's even easier if you've been dumb enough to have something (such as your driving licence) with your DOB in your phone wallet. Why, because people use their DOB, or reverse it for their PIN. So if you've lost your phone, there is probably a 1 in 3 chance at least, of the thief cracking your PIN quickly.

Now for the payment apps. I don't know some of these apps but are they PIN, Password or a combination of both?. If your email app is unlocked, maybe all they have to do is press on the reset password button on the app and the chances are, they are in. That's assuming your PIN for the app is not the same as for your phone of course (which for a lot of people it is). And that's assuming you don't have a document saved on your phone with all your passwords and PINS on it. Or a password manager with the same PIN as your phone. Or an email that you've sent to yourself with Password on it and a list of all your password and PINS on it. Or something else silly like that
Click to expand...
I think N26 security is weak.
I use an unguessable 4 digit pin for n26.
If you have your email on your phone and your n26 app on the phone and thief accesses your phone they can reset the password by sending e mail to n26.
Then once in your app they can reset the 4 digit PIN. N26 asks for a number on your debit card ( called a token number) but if you don't have this then they send a text message to verify you when resetting pin. They do not post out a letter when resetting the pin like some Irish banks. That's the weakness. Once the PIN is reset they can transfer out of your account.

To prevent this should I maybe buy a cheap android phone for all my banking apps and keep it at home with no access to my e mail or maybe invest in a good tablet.

What about Raisin. Would it be easy to access this?

I have a Samsung. I use a pattern to unlock phone. Can this be easily breeched or would a pin be better.

I use biometric fingerprint for accessing N26 app. would I be better to use a password and disable biometric?
 
Last edited:
Pmc365 said:
I think N26 security is weak.
I use an unguessable 4 digit pin for n26.
If you have your email on your phone and your n26 app on the phone and thief accesses your phone they can reset the password by sending e mail to n26.
Then once in your app they can reset the 4 digit PIN. N26 asks for a number on your debit card ( called a token number) but if you don't have this then they send a text message to verify you when resetting pin. They do not post out a letter when resetting the pin like Irish banks. That's the weakness. Once the PIN is reset they can transfer out of your account.

To prevent this should I maybe buy a cheap android phone for all my banking apps and keep it at home with no access to my e mail or maybe invest in a good tablet.

What about Raisin. Would it be easy to access this?

I have a Samsung. I use a pattern to unlock phone. Can this be easily breeched or would a pin be better.

I use biometric fingerprint for accessing N26 app. would I be better to use a password and disable biometric?
Click to expand...
Does Raisin or n26 give you a physical card? If so, I am sure there are people who keep it with their phone.
 
Pmc365 said:
I think N26 security is weak.
I use an unguessable 4 digit pin for n26.
If you have your email on your phone and your n26 app on the phone and thief accesses your phone they can reset the password by sending e mail to n26.
Then once in your app they can reset the 4 digit PIN. N26 asks for a number on your debit card ( called a token number) but if you don't have this then they send a text message to verify you when resetting pin. They do not post out a letter when resetting the pin like Irish banks. That's the weakness. Once the PIN is reset they can transfer out of your account.

To prevent this should I maybe buy a cheap android phone for all my banking apps and keep it at home with no access to my e mail or maybe invest in a good tablet.

What about Raisin. Would it be easy to access this?

I have a Samsung. I use a pattern to unlock phone. Can this be easily breeched or would a pin be better.

I use biometric fingerprint for accessing N26 app. would I be better to use a password and disable biometric?
Click to expand...
Ah, so that's how the thief in my case got full access to do the top up with N26 perhaps. I had the app on the phone I walk around with and yesterday took that off because of the way you can get into the app by sending a code to the mobile number. I didn't realise that they would also send a code to the mobile number if you didn't have the card token number, that's really weak security. Such a shame that you can't set up two factor authentication with an app rather than SMS.

I bought an HMD Pulse Pro for 185eur from Amazon Germany so that's what I'm using for the payment apps, leaving that phone at home. No idea about Raisin and what security they use, do they also do SMS codes for access?
 
I think the new features coming fairly soon on Android will improve security a lot (if people choose to use them). I have been getting increasingly worried about the amount of information etc. on my phone, especially since a relative recently had theirs pick-pocketed.

(1) The anti-theft measures to help secure your phone if it's (literally) snatched while unlocked
(2) A secure area for apps and files with an additional level of security on it - this is where I intend to keep any at-risk apps

Ultimately, all you can really do though is gain enough time to remotely track and/or reset your phone. This is also being made easier.
 
euroDilbert said:
I think the new features coming fairly soon on Android will improve security a lot (if people choose to use them). I have been getting increasingly worried about the amount of information etc. on my phone, especially since a relative recently had theirs pick-pocketed.

(1) The anti-theft measures to help secure your phone if it's (literally) snatched while unlocked
(2) A secure area for apps and files with an additional level of security on it - this is where I intend to keep any at-risk apps

Ultimately, all you can really do though is gain enough time to remotely track and/or reset your phone. This is also being made easier.
Click to expand...

Last year or the year before I availed of a form of 2 on my Android, however everything I put into it disappeared, that was quite frustrating given the amount of time that took.
Given that we are so far along the road with Android development you'd think things would be far more secure than they are. I won't hold my breath for improvements!
 
On my Android phone I can lock apps with App Lock and this protects any apps I choose with a pin code or biometric login. It also prevents notifications from protected apps. My email and sms messages are protected so that if my phone was stolen they would need my pin or thumb to steal anything.
 
Páid said:
On my Android phone I can lock apps with App Lock and this protects any apps I choose with a pin code or biometric login. It also prevents notifications from protected apps. My email and sms messages are protected so that if my phone was stolen they would need my pin or thumb to steal anything.
Click to expand...
Is that a third party app?
 
dubliner8 said:
Last year or the year before I availed of a form of 2 on my Android, however everything I put into it disappeared, that was quite frustrating given the amount of time that took.
Given that we are so far along the road with Android development you'd think things would be far more secure than they are. I won't hold my breath for improvements!
Click to expand...

Agree, but better late than never. Supposedly starting to be included from Android 15, available in Beta now and release in Q3 2024.
blog.google

Android’s theft protection features keep your device and data safe

Android rolls out theft protection features to safeguard your data before, during and after a theft incident.
blog.google blog.google
 
Páid said:
On my Android phone I can lock apps with App Lock and this protects any apps I choose with a pin code or biometric login. It also prevents notifications from protected apps. My email and sms messages are protected so that if my phone was stolen they would need my pin or thumb to steal anything.
Click to expand...
Thanks Páid. I'd never noticed that setting before. I've anything at risk locked away now.
 
Is it fair to say that these issues occur more on Android than iOS?

I use my payment card with Apple Pay which involves a six-digit PIN or Face ID. The only possible breach is if someone has shoulder-surfs me - a six digit PIN is very hard to guess. And I use Face ID for 99% of screen unlocks so very little opportunity for anyone to see my PIN.
 
Dr Strangelove said:
Is it fair to say that these issues occur more on Android than iOS?

I use my payment card with Apple Pay which involves a six-digit PIN or Face ID. The only possible breach is if someone has shoulder-surfs me - a six digit PIN is very hard to guess. And I use Face ID for 99% of screen unlocks so very little opportunity for anyone to see my PIN.
Click to expand...
No, same security on Android (except fingerprint instead of face)
 
You must log in or register to reply here.
Back
Top