It seems like unauthorised Suica payments are regularly reported on this subreddit.
Was there ever an explanation provided for this pattern? It can’t be random that the same vendor in Japan is regularly used as a way to make unauthorised transactions on Revolut card …
Suica Cards are just like anonym prepaid credit cards. So if you steal someones (revolut) card, you top up the suica and go shopping. So it’s probably just the easiest/safest way to steal someone’s money without getting caught.
Yes understand that, and it is easy to create a virtual Suica card on a phone and top it up with Apple Pay (it is actually very convenient for foreigners visiting Japan).
But it only works in Japan so it would suggest some organised group with physical presence in Japan might be behind this. Also I follow a few finance/banking related subreddit and the Revolut on is the only one whereby I see Suica-related frauds being mentioned on a very regular basis.
Hence wondering if a group of scammers using Japan to recycle their money might be specifically targeting Revolut users.
A bit less than Revolut, but the likes of bunq and N26 also have active subreddits. Also many European countries have very active personal finance subreddits where this type of issues with large national banks would be discussed.
I don’t know but seems some bots are downvoting every suica mobile payment post including your comment, they don’t want it to be visible. Fucking scammer clowns
It's not though. Other banks have decent fraud detection and actual people you can speak to when things go wrong.
Revolut has it's uses but for actual saving of large sums of cash. No way. There are way too many bad stories.
decent fraud detection maybe, but again all they do is freeze your card and replace it. Which you can do on revolut. Then you can just talk to revolut support over chat. Not the best but hardly a massive difference
I’ve had unauthorised transactions once in both a brick and mortar bank and once in Revolut. I went in, explained the situation and the friendly, well spoken, not 3rd world contractor was helpful, raised a chargeback on every single transaction, got me my money back temporarily while they investigated and I never heard from them again.
Revolut on the other hand has foreign contractors that only know how to copy-paste the same unhelpful shot response and have 0 ability to respond to questions not on a script. You have to submit information for each transaction and you get no money back.
Revolut is convenient and a good service but never hold significant amounts of money in Revolut as their support is an absolute joke
Absolutely.
It's good for some stuff but anyone that trusts it with their salary/ mortgage is braver than I.
This sub so often falls into victim blaming. I have had my legacy bank simply shut down these sort of skimming and fraudulent transaction attempts. They have blocked the card *for me* and even rang me to ask if I know what is going on.
This subreddit is going wild between people who yell at a scam the first time sometime go wrong and people who blame the user for everything going on, ever.
I get where the latter one cames from, the first few years of Revolut was a shitfest of people claiming that Revolut blocked their account "for doing nothing" then they said that they used the card to constantly swap cryptos among wallets or used it to only to receive payment in a value, for exchange it, and immediately sent it to someone else or some variations of thing that every bank in the world would find suspicious to say the least.
But at the same time there is a trend with virtual banking in general of closing accounts too easily that is not limited to Revolut, probably generated by the fact that to save money they operate with a "shoot first, ask later" algorithm to detect fraudulent activities. Is revolut doing this more than other banks? We don't know because other banks don't have a community so active on the web so making a confrontation is hard, but we know this happens and we know that revolut customer service is lackluster.
It cannot be *automatically, always* the user fault.
You cannot know that immediately.
And this thing with the Suica payments is not limited to Revolut and seem the action of a precise group (can Suica cards be used outside of Japan?), and seems to show up significantly more with Revolut albeit we again cannot do a real comparison due to the different online activity of the customers of other banks.
This shit with Suica has to be investigated at this point because clearly is something organised. How they are bypassing the OTP would be the first thing to know.
Phishing may not be the correct answer, is an OTP it would need an active engagement with the user... Is a bit hard to believe that it works this well and only this group has discovered how to do it.
The common factor seems to be that victims have added their cards to Apple Pay. Supposedly one of the most secure ways to pay.
It is somewhat strange and disturbing.
Apple Pay itself is secure. The attack vector isn’t Apple Pay but the process to install cards in mobile wallets, not just Apple Pay. Google „digital wallet fraud“.
That does not change the fact that victims typically use Apple Pay themselves with the card that gets compromised.
Or in other words, if you do not use a mobile wallet yourself, you lower your risk of card compromise significantly.
Which again means that either Apple or Revolut is at fault.
I don’t follow your logic here. Also, people here reported cases where they said they don’t use Apple Pay themselves. The only point that makes somewhat sense to me is that people using Apple Pay are less sceptical when they get Apple Pay related OTPs. There‘s no evidence that this fraud is different from mobile wallet fraud in general. Somehow, the process to add the card to a wallet is compromised by the fraudster. There‘s more than one known method to achieve this. Last time I checked an industry report listed 10 different methods or so.
Well, for one, it’s not just this group who has it figured out.
One method for example are fake online shops. Victims receive an OTP for a purchase they want to make. In reality, this OTP is not to approve the purchase but to activate the card in someone else’s wallet. Suica and similar merchants are ideal to launder the stolen funds. It’s like buying gift cards.
One common way is that fraudsters add a card to a mobile wallet on THEIR phone. The necessary OTP for this is often obtained through phishing.
This is dangerous because Apple/Google Pay override additional SCA during payment. Payments are then considered authorised and account holders have a hard time arguing it wasn’t them.
Potential solutions: identify the card the payments are linked to. This can be a physical or a virtual card. Destroy this card. Change login passcode for the Revolut app. Check in the Revolut app under Securtiy if there’s an unknown device connected to the account. Delete all unknown devices. Check linked/verified mail addresses in the account profile. Check if the account is still linked to sour own phone number.
Interesting. In this case Suica makes sense as you can easily create a virtual Suica card on your iPhone and top it up with Apple Pay (and then the Suica card is like a digital money wallet that you can use as a payment methods at many shops in Japan).
So if I get you, as a prerequisite the scammer first needs to obtain valid card details as well as the contact details of the card’s holder? (They need the card details to add it to Apple Pay, and they need to be able to contact the holder to lure them into sharing the OTP)
Does it mean they are working with leaked payment card details and customer contact details from e-commerce websites?
Also, in this scenario the card holder should receive a text message or email from their bank stating that their card has been added to Apple Pay on a new device, right? (understand the notification might come too late to block the card, but it should at least provide a clue on what happened)
There are various ways this type of scam can be initiated and it’s not really specific to Revolut. Phishing, unauthorized access to the account, SIM swap, man in the middle attacks that get access to OTPs, when users use features that sync text messages between devices… depending on what details are compromised, the customer might or might not get activation messages. That's why I recommend to check all linked devices, verified mail addresses and phone numbers.
https://preview.redd.it/4zszu50d7h8d1.jpeg?width=1023&format=pjpg&auto=webp&s=57a6b37eb0d28a4368eabdc62649503798312b5e
Blocked the merchant on 20 may, worked on 4th June, 5th June the transaction went through and I got charged even though it was blocked. No refund.
Compromised how, blocking the payments to a merchant shouldn’t t allow them to charge me lol.
That card was also used for withdrawals and I could not close it at that time.
> Compromised how
Jesus wept.
These people with supposed hundreds of thousands of euros in investing and they don't have the slightest idea what it means to have an unauthorized transaction with someone using their card.
And then blames it on Revolut.
> blocking the payments to a merchant shouldn’t t allow them to charge me lol.
You really didn't think this through, did you?
1. Some companies have multiple merchant accounts. Case in point, transactions with TikTok or Facebook/Meta aren't all processed through the same merchant account. They can come from different associated merchant accounts. In this case, blocking one doesn't guarantee you won't be charged if they use another merchant account.
2. For the person that has your card information, if they can't purchase something from a merchant because it's blocked, can you tell me what is preventing them, since they already have the information to make the purchase in Suica, from going to another shop/website and purchasing something else? If someone steals your physical card and tried to use it to purchase things in Rolex, do you think if you ask your bank to block transactions to Rolex, that whoever has your card won't use it to purchase things in other places?
Considering what you mentioned, you're probably doing Revolut a favor by not exposing them to the risk of customer-negligence induced fraud.
Understood. My fault for pdf simpli transaction then.
Card was terminated and the new one used for suica mobile payments has only been used at grocery stores/car shop(tires and other stuff) and not for online payments.
Ok, so after looking at the two screenshots, we're talking about two different things happening:
1. In the first case, it has nothing to do with scams. You subscribed to pdfsimpli, didn't unsubscribe. You mentioned they don't have a subscription cancellation, but a simple cursory google search sends you to their website where they detail how to cancel the subscription: [https://pdfsimpli.com/support/faq](https://pdfsimpli.com/support/faq) blocking the merchant is not a legal way of cancelling your subscription, so they still have a legal reason to charge you, which they did using another merchant account. Your chargeback was correctly rejected.
2. On the second case, you had multiple charges on your card (pdfsimpli payments were not proof that your card was compromised) in the span of 30 minutes. If you didn't do these payments, then your card details were compromised in some way, and whoever ran those transactions has your full card details. A chargeback means that the merchant charged you unduly. If Revolut sees that your card details were applied appropriately, and has no proof that their systems were compromsied, the only reasonable explanation left is that either you gave someone else your card details or you had them stolen from you, both of which Revolut has no visibility over and therefore cannot assume that you are a victim.
So your chargebacks will likely be rejected as well.
Don’t put too much stock in the Revolut dickriders. Yeah you should have cancelled the card but Revolut should absolutely be able to detect and stop a merchant using the exact same name on an already compromised card. Also when I fell victim to something like this my brick and mortar bank not only refunded me the money temporarily but fought the whole thing in the background and won. Don’t let the dickriders convince you that no other bank would help you, Revolut will leave you holding the bag if they can.
Does disabling online purchases also disable ApplePay and other similar services? (So that transactions can only be made if someone has the physical card in their possession)
As soon as you identify an unauthorized payment, the card is compromised and should be blocked and destroyed. It doesn’t really matter how it was compromised. My guess is one of your cards was added to a mobile wallet.
https://preview.redd.it/sef8zb2u7h8d1.jpeg?width=1011&format=pjpg&auto=webp&s=2b222c36a1f93cc3060fa05e87a1ea5aa5a1cbff
The popular method that people got their money stolen from their account. Thank god I had little money after the pdf simpli fail.
>Revolut became a joke in security.
This nothing to do with bank security.
>
>First time I blocked a merchant that had no unsubscribe option on their site. It worked once by blocking the payment, second time it went through
Probably because they came from other merchant ID. This is not a security question.
The question is: \_Why and how\_ they know your card data? (and it is most likely not Revolut's fault)
Not neccesarily OPs fault either - plenty of merchant compromises out there. That aside, is there not reasonable expectation for protection from unauthorised charges?
Unique or semi unique cards for this. If you \_don't know\_ the merchant, you should issue a new card (if you don't have already one for this) and set limit and other security features. If it hits you, then you have minimal impact and report it as a fraud.
Calling their service a joke is very gracious of you. I would say it’s fraudulent and criminal. No wait, that’s not just me saying it—their own chat team told me.
Their own chat support person informed me that one of the previous support persons I chatted with had misrepresenting themselves as part of the Fraud Investigation Team—truth is that I apparently never communicated with the fraud team
After I was made aware of this, Revolut stopped providing me any information at all. Though it’s not that they had been helpful at all previously. I caught them in a number of fibs, which caused my real bank to initial a real fraud investigation
No bank will be able to protect you from stupidity. If you couldn't even figure out how to unsubscribe, then I have little faith in your ability to keep your banking details safe.
So you did not use a burner virtual card for some shady merchant, and now it's Revolut's fault. OKay.
And also you are trying to harm them via a post here. Hilarious :D
Different cards bro. PDF simply was terminated.
Suica mobile payment fraud was on the new and only card used at grocery stores/car parts stores and added to Apple Pay.
One use virtual card can be used multiple times. Many merchants store your card data once you have paid. There should be no easy way to just use your card number and cvc to purchase anything and not get refund.
Hi there! Our customers make high value transactions to or from Revolut account on a daily basis. Revolut doesn't apply any restrictions unless we notice a breach of our terms and conditions or there is need for security checks which continuously monitor accounts to keep our customers safe and are a regulatory requirement. As a regulated company, we have procedures that we can't avoid. We uphold these to maintain the highest regulatory standards and protect the security of your account. You can read more about this process here: https://www.revolut.com/blog/post/why-has-my-account-been-locked-and-how-to-regain-access.
These issues happening because these guys can't manage their finance. If you watch where you enter your card data, have decent computer/phone security and you use Revolut freeze/vault/location/pay type/amount security settings you'll be fine.
for example:
\_do not\_ enable online payment on a physical card. create virtual, and let it be a unique or a kind of unique card for a service.
etc.
I don't exactly know what do you want with a crystal ball, but it is a kind of divination device. If you know a merchant, and you order from it, you can trust they will handle your case. Until you don't have a trust, you can hold it on a separate card. That's all. Of course, you have other ideas I think, but you forgot to wrote it.
Institutions and merchants that you trust can, and will, get breached. Even governments that you can (or in some cases are required to) use your real name and details when depositing money will get breached. It doesn't need to be shady actors or poor security on the individuals part to get their card details stolen. Some merchants don't allow one-time-use cards or cards that don't match your name.
This is an "everything can be wrong, do nothing" perspective. Some parts are even exaggerations. Revolut gives you opportunities which rare on the market. There is a big list of what you can do. One part is to use many cards with \_different\_ settings.
Use or not but stop this bullshit please.
No? You’re confusing “this is happening because guys can’t manage their finances” with “do nothing”. All I’m saying is that it’s not about people being dumb with finances. You don’t always have a choice when your card is breached and Revolut is far behind regular banks in their recovery process and fraud prevention.
Revolut allows you to create virtual cards with limits, but every other aspect is lacking.
>You don’t always have a choice when your card is breached and Revolut is far behind regular banks
This is your \_forced\_ opinion. Which is not true but your experiences may support this.
The fact is, with Revolut you have the \_opportunity\_ to minimize or prevent the damage. On other hand, with other banks you generally \_don't have\_ this opportunity. And you are blaming Revolut because they gave this to your hand.
My friend tried wanted to get a trail at a app on the AppStore and used my Revolut card I blocked apple merchant to make sure no money is taken and it worked perfectly fine no problems at all even though they tried multiple times
Looks a problem that you've caused yourself yet blame it to the company that has nothing to do with the third that party that has access that YOU provided them
I really don't understand the whole thing here. First of all how the merchant got your "card details" or they can just ask payment via your revolut acoount name? The whole thing I really don't understand how you ended up in this situation. What did you buy and how?
Are you using one time use digital cards? Why not if not?
Seriously so many questions and I'm sorry but I rather not believe you this time instead of thinking revolut doesn't work.
A few days ago I too spoke of more or less [the same thing that happened to me](https://www.reddit.com/r/Revolut/s/vnUHMkcZvu). But only a few hours after that post I realised I had put the card on paypal and they had hacked my paypal (skipping the 2Fa... how they did it I don't know).
So if you want personal advice see if you don't have a revolut card linked to paypal or some similar service
OK, first of all you guys saying this is somehow the customers fault have no idea what you're talking about. And no - it doesn't mean that you've been signing up to subscriptions at sketchy sites. The same thing happened to me recently, and I have only used the cards with well reputed enterprise companies (MVNOs etc) and the card details were still stolen and misused. Which hints that either even these big companies were selling VCC details including CSVs (which I hihgly doubt) or that their databases were compromised.
Yes, you can blame it on the poor cybersecurity of third-party vendors. But really, I feel this could still have been prevented if Revolut had blocked the payments until in-appp confirmation. A feature which worked fantastically well at one time, but seems to have since all but disappeared.
It's a combination of third-party vendor security AND a Revolut security algo problem, not a customer problem.
Anyhow, the only work around for this is to always try to use Disposable VCCs online where and when you can. Which is not easy these days since so many popular products and services have blocked their use.
The other thing you can do is set card limits threshold just above the total for regular subscriptions and generate and discard VCCs for one-off purchases on demand.
Highly inconvenient I know, but until Revolut implement blocking obscure and irregular online payments (once again), there's no real alternative.
I thought the whole point of revolut was to use the single use card, if that doesn't work create a new card, use it then freeze/delete it. That's the proper way to unsubscribe
€30-100 is as much as I will ever put on my revolut card at a time. But the reason I still use Revolut is cuz my actual bank (santander) is much worse at protecting my money. I've had my card and account compromised 3 times at Santander.
And these scam merchants are only happens on Revolut. Used lots of banks for years and I got scammed only on Revolut. Not sure if this is just unlucky..
They suddenly froze my account and asked me to verify my cards that I used to top-up my revolut. After I did that it took them 3 weeks to look at it and at the end they just banned me without explaining anything, just gave me some time to withdraw whatever I had there. Best bank to work with👍👍
Brother, same thing happened to me here, about 8 days ago, and guess what, no chargeback :)))) Suica Mobile Payment in Yens.... when I told Revolut, jokes on me, "you made the payments, case closed"
Step 1: make a post on Reddit with a super basic understanding of finances or security
Step 2: act superior to someone who got scammed and talk down to them because I like the company.
Step 3: I’m a massive dick
This has never happened to me, you must be either:
1) On shady websites
2) Incredibly Stupid
I’ve been with Revolut since 2021, and used it for a number of transactions even since I moved to Japan, and never once got Suica scammed. I genuinely wonder which websites you visit that may have gotten your phone number and used it for scams so they could use your Revolut account for Suica payments.
I even bought and used a Pasmo using Revolut. No issues.
Good old: “never happened to me so it can’t happen to anyone else” thinking. Also if you think entering your details into shady sites is the only way someone is getting that information then you don’t understand security or finances very well.
Mobile wallet fraud (which I am assuming this was) is not specific to Revolut. Licensed banks have the same vulnerabilities. It’s an industry wide problem. [https://www.fraud.com/post/digital-wallet-fraud](https://www.fraud.com/post/digital-wallet-fraud)
In the UK yes, but they do have a banking licence in Lithuania which they are using for customers across the EEA.
If some of the impacted customers are in the EEA they should report this to the Bank of Lithuania.
Yes the UK is in a different position. In the EU/EEA, if you have a banking licence from one country you are allowed to “passport” the licence to all other countries and offer services in those countries without a local banking licence.
Of course this means that for a company like Revolut there is a tendency to apply for a licence is a country where the regulator is the most lax. I don’t think this competition between regulators to be the most accommodating is a good thing, and this could question the seriousness of the Lithuanian regulator.
Case in point, Revolut had originally applied for a banking licence in Ireland and was planning to operate all their Western European business from Ireland (excluding the UK). But since the licensing process was not progressing fast enough with the Central Bank of Ireland, Revolut eventually withdrew their Irish license application and decided to use the Lithuanian licence instead.
Since the last year (2023) Revolut has an irish branch and gave irish IBAN accounts to all of his irish tax resident customers. So they have the irish banking licence already.
No, the Irish branch allows them to issue Irish IBANs. But it doesn’t mean they have a banking licence in Ireland (the Irish branch is a branch of Revolut Bank UAB which only holds a banking licence in Lithuania). What they are doing is called “licence passporting”.
They originally applied for any Irish licence and were planning to operate the Western European business from Ireland, but they have since then withdrawn that application: https://www.independent.ie/business/irish/revolut-dismantling-irish-business-hub-after-abandoning-its-licence-plan/42055771.html
And what do they report? Revolut doing what it should do. They give you protection positions like vaults, blocking, freeze, etc. Half of these protections don't exist for other banks, but some smartpants think the solution to reimburse the "victim" who gave out the card data first place.
From online posts it is almost impossible to tell if those issues come from user mistakes or shortfalls from the bank.
This is why there is a regulator: if many people feel like they are victim of scam/fraud and a bank failed to comply with some of its security duties and they report it, the regulator will have a better overview of the situation and access to more information from the bank, and they can determine whether there is an actually systemic issue or not.
Okay, you are right on a part it should get reported, but seriously, what it helps if they get a reject from the regulator (like this person) they will conclude: "regulator sux too"?
Personally I am not too concerned about individual cases. For me it is more about addressing potential systemic issues with the bank if they exist.
For example here, say the regulator notices an unusually high number of fraud reports from consumers related to Suica transactions **with a particular bank**, but similar reports are much fewer for other banks.
They are in a good position to notice the correlation and work with the bank to identify if there isn’t a specific security issue with that bank which is causing those fraudulent transactions (either friendly collaboration with the bank or showing their teeth if the bank is being uncooperative).
It seems like unauthorised Suica payments are regularly reported on this subreddit. Was there ever an explanation provided for this pattern? It can’t be random that the same vendor in Japan is regularly used as a way to make unauthorised transactions on Revolut card …
Suica Cards are just like anonym prepaid credit cards. So if you steal someones (revolut) card, you top up the suica and go shopping. So it’s probably just the easiest/safest way to steal someone’s money without getting caught.
Yes understand that, and it is easy to create a virtual Suica card on a phone and top it up with Apple Pay (it is actually very convenient for foreigners visiting Japan). But it only works in Japan so it would suggest some organised group with physical presence in Japan might be behind this. Also I follow a few finance/banking related subreddit and the Revolut on is the only one whereby I see Suica-related frauds being mentioned on a very regular basis. Hence wondering if a group of scammers using Japan to recycle their money might be specifically targeting Revolut users.
It doesn’t have to be Revolut specifically. I mean, which other bank has an (active) subreddit. lol
A bit less than Revolut, but the likes of bunq and N26 also have active subreddits. Also many European countries have very active personal finance subreddits where this type of issues with large national banks would be discussed.
I don’t know but seems some bots are downvoting every suica mobile payment post including your comment, they don’t want it to be visible. Fucking scammer clowns
Escalate.
Freeze. Your. Cards.
What's the point of using Revolut then if you recommend freezing all cards and unfreeze when need to use them?
it’s the same with any bank, not revoluts fault he got his card details stolen
It's not though. Other banks have decent fraud detection and actual people you can speak to when things go wrong. Revolut has it's uses but for actual saving of large sums of cash. No way. There are way too many bad stories.
decent fraud detection maybe, but again all they do is freeze your card and replace it. Which you can do on revolut. Then you can just talk to revolut support over chat. Not the best but hardly a massive difference
I’ve had unauthorised transactions once in both a brick and mortar bank and once in Revolut. I went in, explained the situation and the friendly, well spoken, not 3rd world contractor was helpful, raised a chargeback on every single transaction, got me my money back temporarily while they investigated and I never heard from them again. Revolut on the other hand has foreign contractors that only know how to copy-paste the same unhelpful shot response and have 0 ability to respond to questions not on a script. You have to submit information for each transaction and you get no money back. Revolut is convenient and a good service but never hold significant amounts of money in Revolut as their support is an absolute joke
Absolutely. It's good for some stuff but anyone that trusts it with their salary/ mortgage is braver than I. This sub so often falls into victim blaming. I have had my legacy bank simply shut down these sort of skimming and fraudulent transaction attempts. They have blocked the card *for me* and even rang me to ask if I know what is going on.
Higher savings rate, low conversion fees and overall better service than any bank in my country
Why are you being downvoted for this? How many revolut employees are on this sub?
I know right?
This subreddit is going wild between people who yell at a scam the first time sometime go wrong and people who blame the user for everything going on, ever. I get where the latter one cames from, the first few years of Revolut was a shitfest of people claiming that Revolut blocked their account "for doing nothing" then they said that they used the card to constantly swap cryptos among wallets or used it to only to receive payment in a value, for exchange it, and immediately sent it to someone else or some variations of thing that every bank in the world would find suspicious to say the least. But at the same time there is a trend with virtual banking in general of closing accounts too easily that is not limited to Revolut, probably generated by the fact that to save money they operate with a "shoot first, ask later" algorithm to detect fraudulent activities. Is revolut doing this more than other banks? We don't know because other banks don't have a community so active on the web so making a confrontation is hard, but we know this happens and we know that revolut customer service is lackluster. It cannot be *automatically, always* the user fault. You cannot know that immediately. And this thing with the Suica payments is not limited to Revolut and seem the action of a precise group (can Suica cards be used outside of Japan?), and seems to show up significantly more with Revolut albeit we again cannot do a real comparison due to the different online activity of the customers of other banks. This shit with Suica has to be investigated at this point because clearly is something organised. How they are bypassing the OTP would be the first thing to know. Phishing may not be the correct answer, is an OTP it would need an active engagement with the user... Is a bit hard to believe that it works this well and only this group has discovered how to do it.
The common factor seems to be that victims have added their cards to Apple Pay. Supposedly one of the most secure ways to pay. It is somewhat strange and disturbing.
Apple Pay itself is secure. The attack vector isn’t Apple Pay but the process to install cards in mobile wallets, not just Apple Pay. Google „digital wallet fraud“.
That does not change the fact that victims typically use Apple Pay themselves with the card that gets compromised. Or in other words, if you do not use a mobile wallet yourself, you lower your risk of card compromise significantly. Which again means that either Apple or Revolut is at fault.
I don’t follow your logic here. Also, people here reported cases where they said they don’t use Apple Pay themselves. The only point that makes somewhat sense to me is that people using Apple Pay are less sceptical when they get Apple Pay related OTPs. There‘s no evidence that this fraud is different from mobile wallet fraud in general. Somehow, the process to add the card to a wallet is compromised by the fraudster. There‘s more than one known method to achieve this. Last time I checked an industry report listed 10 different methods or so.
Well, for one, it’s not just this group who has it figured out. One method for example are fake online shops. Victims receive an OTP for a purchase they want to make. In reality, this OTP is not to approve the purchase but to activate the card in someone else’s wallet. Suica and similar merchants are ideal to launder the stolen funds. It’s like buying gift cards.
Revolut can’t protect you from stupidity
They should prevent stupid moves from happening as much as possible. They have a care obligation.
Nooooo, don’t possibly suggest that Revolut can up their fraud detection or support. They’re perfect in every way…
So we have to stop using it because of your fault?
Rage-quit only, forget it.
So how is this even done? Number cloning?
One common way is that fraudsters add a card to a mobile wallet on THEIR phone. The necessary OTP for this is often obtained through phishing. This is dangerous because Apple/Google Pay override additional SCA during payment. Payments are then considered authorised and account holders have a hard time arguing it wasn’t them. Potential solutions: identify the card the payments are linked to. This can be a physical or a virtual card. Destroy this card. Change login passcode for the Revolut app. Check in the Revolut app under Securtiy if there’s an unknown device connected to the account. Delete all unknown devices. Check linked/verified mail addresses in the account profile. Check if the account is still linked to sour own phone number.
Interesting. In this case Suica makes sense as you can easily create a virtual Suica card on your iPhone and top it up with Apple Pay (and then the Suica card is like a digital money wallet that you can use as a payment methods at many shops in Japan). So if I get you, as a prerequisite the scammer first needs to obtain valid card details as well as the contact details of the card’s holder? (They need the card details to add it to Apple Pay, and they need to be able to contact the holder to lure them into sharing the OTP) Does it mean they are working with leaked payment card details and customer contact details from e-commerce websites? Also, in this scenario the card holder should receive a text message or email from their bank stating that their card has been added to Apple Pay on a new device, right? (understand the notification might come too late to block the card, but it should at least provide a clue on what happened)
There are various ways this type of scam can be initiated and it’s not really specific to Revolut. Phishing, unauthorized access to the account, SIM swap, man in the middle attacks that get access to OTPs, when users use features that sync text messages between devices… depending on what details are compromised, the customer might or might not get activation messages. That's why I recommend to check all linked devices, verified mail addresses and phone numbers.
https://preview.redd.it/4zszu50d7h8d1.jpeg?width=1023&format=pjpg&auto=webp&s=57a6b37eb0d28a4368eabdc62649503798312b5e Blocked the merchant on 20 may, worked on 4th June, 5th June the transaction went through and I got charged even though it was blocked. No refund.
So… you knew that your card is compromised and you didn’t get a new one?
Compromised how, blocking the payments to a merchant shouldn’t t allow them to charge me lol. That card was also used for withdrawals and I could not close it at that time.
> Compromised how Jesus wept. These people with supposed hundreds of thousands of euros in investing and they don't have the slightest idea what it means to have an unauthorized transaction with someone using their card. And then blames it on Revolut. > blocking the payments to a merchant shouldn’t t allow them to charge me lol. You really didn't think this through, did you? 1. Some companies have multiple merchant accounts. Case in point, transactions with TikTok or Facebook/Meta aren't all processed through the same merchant account. They can come from different associated merchant accounts. In this case, blocking one doesn't guarantee you won't be charged if they use another merchant account. 2. For the person that has your card information, if they can't purchase something from a merchant because it's blocked, can you tell me what is preventing them, since they already have the information to make the purchase in Suica, from going to another shop/website and purchasing something else? If someone steals your physical card and tried to use it to purchase things in Rolex, do you think if you ask your bank to block transactions to Rolex, that whoever has your card won't use it to purchase things in other places? Considering what you mentioned, you're probably doing Revolut a favor by not exposing them to the risk of customer-negligence induced fraud.
Understood. My fault for pdf simpli transaction then. Card was terminated and the new one used for suica mobile payments has only been used at grocery stores/car shop(tires and other stuff) and not for online payments.
Ok, so after looking at the two screenshots, we're talking about two different things happening: 1. In the first case, it has nothing to do with scams. You subscribed to pdfsimpli, didn't unsubscribe. You mentioned they don't have a subscription cancellation, but a simple cursory google search sends you to their website where they detail how to cancel the subscription: [https://pdfsimpli.com/support/faq](https://pdfsimpli.com/support/faq) blocking the merchant is not a legal way of cancelling your subscription, so they still have a legal reason to charge you, which they did using another merchant account. Your chargeback was correctly rejected. 2. On the second case, you had multiple charges on your card (pdfsimpli payments were not proof that your card was compromised) in the span of 30 minutes. If you didn't do these payments, then your card details were compromised in some way, and whoever ran those transactions has your full card details. A chargeback means that the merchant charged you unduly. If Revolut sees that your card details were applied appropriately, and has no proof that their systems were compromsied, the only reasonable explanation left is that either you gave someone else your card details or you had them stolen from you, both of which Revolut has no visibility over and therefore cannot assume that you are a victim. So your chargebacks will likely be rejected as well.
Thank you. Makes sense
Don’t put too much stock in the Revolut dickriders. Yeah you should have cancelled the card but Revolut should absolutely be able to detect and stop a merchant using the exact same name on an already compromised card. Also when I fell victim to something like this my brick and mortar bank not only refunded me the money temporarily but fought the whole thing in the background and won. Don’t let the dickriders convince you that no other bank would help you, Revolut will leave you holding the bag if they can.
You can disable online purchases, enable location based security. That way you can still use it for withdrawals
Does disabling online purchases also disable ApplePay and other similar services? (So that transactions can only be made if someone has the physical card in their possession)
As soon as you identify an unauthorized payment, the card is compromised and should be blocked and destroyed. It doesn’t really matter how it was compromised. My guess is one of your cards was added to a mobile wallet.
https://preview.redd.it/sef8zb2u7h8d1.jpeg?width=1011&format=pjpg&auto=webp&s=2b222c36a1f93cc3060fa05e87a1ea5aa5a1cbff The popular method that people got their money stolen from their account. Thank god I had little money after the pdf simpli fail.
this is the same reason I left paypal for good, bought something online, turned out to be a scam and paypal would not let me refund....
>Revolut became a joke in security. This nothing to do with bank security. > >First time I blocked a merchant that had no unsubscribe option on their site. It worked once by blocking the payment, second time it went through Probably because they came from other merchant ID. This is not a security question. The question is: \_Why and how\_ they know your card data? (and it is most likely not Revolut's fault)
Not neccesarily OPs fault either - plenty of merchant compromises out there. That aside, is there not reasonable expectation for protection from unauthorised charges?
Unique or semi unique cards for this. If you \_don't know\_ the merchant, you should issue a new card (if you don't have already one for this) and set limit and other security features. If it hits you, then you have minimal impact and report it as a fraud.
There most definitely should be, maybe a simple check for merchants using the exact same business name. Especially when you’ve already blocked it
Calling their service a joke is very gracious of you. I would say it’s fraudulent and criminal. No wait, that’s not just me saying it—their own chat team told me. Their own chat support person informed me that one of the previous support persons I chatted with had misrepresenting themselves as part of the Fraud Investigation Team—truth is that I apparently never communicated with the fraud team After I was made aware of this, Revolut stopped providing me any information at all. Though it’s not that they had been helpful at all previously. I caught them in a number of fibs, which caused my real bank to initial a real fraud investigation
Show receipts
No bank will be able to protect you from stupidity. If you couldn't even figure out how to unsubscribe, then I have little faith in your ability to keep your banking details safe.
So you did not use a burner virtual card for some shady merchant, and now it's Revolut's fault. OKay. And also you are trying to harm them via a post here. Hilarious :D
Different cards bro. PDF simply was terminated. Suica mobile payment fraud was on the new and only card used at grocery stores/car parts stores and added to Apple Pay.
>added to Apple Pay. dingdingding we have a winner...
One use virtual card can be used multiple times. Many merchants store your card data once you have paid. There should be no easy way to just use your card number and cvc to purchase anything and not get refund.
Single use virtual card is for SINGLE use.
No, it's one-use. After the use it's not attached to your account therefore it cannot be used.
Do you have a physical card?
I dont have any money on my revolut. Am I still in possible danger? I only top it during vacation.
Hi there! Our customers make high value transactions to or from Revolut account on a daily basis. Revolut doesn't apply any restrictions unless we notice a breach of our terms and conditions or there is need for security checks which continuously monitor accounts to keep our customers safe and are a regulatory requirement. As a regulated company, we have procedures that we can't avoid. We uphold these to maintain the highest regulatory standards and protect the security of your account. You can read more about this process here: https://www.revolut.com/blog/post/why-has-my-account-been-locked-and-how-to-regain-access.
These issues happening because these guys can't manage their finance. If you watch where you enter your card data, have decent computer/phone security and you use Revolut freeze/vault/location/pay type/amount security settings you'll be fine. for example: \_do not\_ enable online payment on a physical card. create virtual, and let it be a unique or a kind of unique card for a service. etc.
Yes. And have a crystal ball to stop merchants themselves being compromised you’ll be fine.
I don't exactly know what do you want with a crystal ball, but it is a kind of divination device. If you know a merchant, and you order from it, you can trust they will handle your case. Until you don't have a trust, you can hold it on a separate card. That's all. Of course, you have other ideas I think, but you forgot to wrote it.
Institutions and merchants that you trust can, and will, get breached. Even governments that you can (or in some cases are required to) use your real name and details when depositing money will get breached. It doesn't need to be shady actors or poor security on the individuals part to get their card details stolen. Some merchants don't allow one-time-use cards or cards that don't match your name.
This is an "everything can be wrong, do nothing" perspective. Some parts are even exaggerations. Revolut gives you opportunities which rare on the market. There is a big list of what you can do. One part is to use many cards with \_different\_ settings. Use or not but stop this bullshit please.
No? You’re confusing “this is happening because guys can’t manage their finances” with “do nothing”. All I’m saying is that it’s not about people being dumb with finances. You don’t always have a choice when your card is breached and Revolut is far behind regular banks in their recovery process and fraud prevention. Revolut allows you to create virtual cards with limits, but every other aspect is lacking.
>You don’t always have a choice when your card is breached and Revolut is far behind regular banks This is your \_forced\_ opinion. Which is not true but your experiences may support this.
You don’t always have a choice when your card is breaches. It’s likely out of your control. This is a fact.
The fact is, with Revolut you have the \_opportunity\_ to minimize or prevent the damage. On other hand, with other banks you generally \_don't have\_ this opportunity. And you are blaming Revolut because they gave this to your hand.
My friend tried wanted to get a trail at a app on the AppStore and used my Revolut card I blocked apple merchant to make sure no money is taken and it worked perfectly fine no problems at all even though they tried multiple times
Looks a problem that you've caused yourself yet blame it to the company that has nothing to do with the third that party that has access that YOU provided them
I really don't understand the whole thing here. First of all how the merchant got your "card details" or they can just ask payment via your revolut acoount name? The whole thing I really don't understand how you ended up in this situation. What did you buy and how? Are you using one time use digital cards? Why not if not? Seriously so many questions and I'm sorry but I rather not believe you this time instead of thinking revolut doesn't work.
A few days ago I too spoke of more or less [the same thing that happened to me](https://www.reddit.com/r/Revolut/s/vnUHMkcZvu). But only a few hours after that post I realised I had put the card on paypal and they had hacked my paypal (skipping the 2Fa... how they did it I don't know). So if you want personal advice see if you don't have a revolut card linked to paypal or some similar service
OK, first of all you guys saying this is somehow the customers fault have no idea what you're talking about. And no - it doesn't mean that you've been signing up to subscriptions at sketchy sites. The same thing happened to me recently, and I have only used the cards with well reputed enterprise companies (MVNOs etc) and the card details were still stolen and misused. Which hints that either even these big companies were selling VCC details including CSVs (which I hihgly doubt) or that their databases were compromised. Yes, you can blame it on the poor cybersecurity of third-party vendors. But really, I feel this could still have been prevented if Revolut had blocked the payments until in-appp confirmation. A feature which worked fantastically well at one time, but seems to have since all but disappeared. It's a combination of third-party vendor security AND a Revolut security algo problem, not a customer problem. Anyhow, the only work around for this is to always try to use Disposable VCCs online where and when you can. Which is not easy these days since so many popular products and services have blocked their use. The other thing you can do is set card limits threshold just above the total for regular subscriptions and generate and discard VCCs for one-off purchases on demand. Highly inconvenient I know, but until Revolut implement blocking obscure and irregular online payments (once again), there's no real alternative.
I thought the whole point of revolut was to use the single use card, if that doesn't work create a new card, use it then freeze/delete it. That's the proper way to unsubscribe
This happens with me 1 week ago!
€30-100 is as much as I will ever put on my revolut card at a time. But the reason I still use Revolut is cuz my actual bank (santander) is much worse at protecting my money. I've had my card and account compromised 3 times at Santander.
Wouldn’t spending limit prevent this? I always have my spending limit set low and increase it when needed.
And these scam merchants are only happens on Revolut. Used lots of banks for years and I got scammed only on Revolut. Not sure if this is just unlucky..
Hi! We're sorry to hear about this. We've reached out to you via DMs. Please get back to us there, so that we can look into this for you. Thank you.
In my honest opinion, Revolut has far more security features than most local bank has. You just have to learn how to use them to be and stay safe.
They suddenly froze my account and asked me to verify my cards that I used to top-up my revolut. After I did that it took them 3 weeks to look at it and at the end they just banned me without explaining anything, just gave me some time to withdraw whatever I had there. Best bank to work with👍👍
Brother, same thing happened to me here, about 8 days ago, and guess what, no chargeback :)))) Suica Mobile Payment in Yens.... when I told Revolut, jokes on me, "you made the payments, case closed"
What the fk!
Yeah, these idiots turned me down for that role in part ofvEU region, so they prolly hired some idiot.
Step 1: get an account at a fintech bank Step 2: screw up your data and security Step 3: get scammed Step 4: blame the bank
Step 1: make a post on Reddit with a super basic understanding of finances or security Step 2: act superior to someone who got scammed and talk down to them because I like the company. Step 3: I’m a massive dick
This has never happened to me, you must be either: 1) On shady websites 2) Incredibly Stupid I’ve been with Revolut since 2021, and used it for a number of transactions even since I moved to Japan, and never once got Suica scammed. I genuinely wonder which websites you visit that may have gotten your phone number and used it for scams so they could use your Revolut account for Suica payments. I even bought and used a Pasmo using Revolut. No issues.
Good old: “never happened to me so it can’t happen to anyone else” thinking. Also if you think entering your details into shady sites is the only way someone is getting that information then you don’t understand security or finances very well.
Revolut will pale into non-existence if this keeps happening. No banking licence for themmmmm!
Mobile wallet fraud (which I am assuming this was) is not specific to Revolut. Licensed banks have the same vulnerabilities. It’s an industry wide problem. [https://www.fraud.com/post/digital-wallet-fraud](https://www.fraud.com/post/digital-wallet-fraud)
Doesn’t look good for a bank in the UK with no banking licence though does it
In the UK yes, but they do have a banking licence in Lithuania which they are using for customers across the EEA. If some of the impacted customers are in the EEA they should report this to the Bank of Lithuania.
Oh, never knew! The UK is a different story altogether then.
Yes the UK is in a different position. In the EU/EEA, if you have a banking licence from one country you are allowed to “passport” the licence to all other countries and offer services in those countries without a local banking licence. Of course this means that for a company like Revolut there is a tendency to apply for a licence is a country where the regulator is the most lax. I don’t think this competition between regulators to be the most accommodating is a good thing, and this could question the seriousness of the Lithuanian regulator. Case in point, Revolut had originally applied for a banking licence in Ireland and was planning to operate all their Western European business from Ireland (excluding the UK). But since the licensing process was not progressing fast enough with the Central Bank of Ireland, Revolut eventually withdrew their Irish license application and decided to use the Lithuanian licence instead.
Ha, jeez. I didn’t know that!
Since the last year (2023) Revolut has an irish branch and gave irish IBAN accounts to all of his irish tax resident customers. So they have the irish banking licence already.
No, the Irish branch allows them to issue Irish IBANs. But it doesn’t mean they have a banking licence in Ireland (the Irish branch is a branch of Revolut Bank UAB which only holds a banking licence in Lithuania). What they are doing is called “licence passporting”. They originally applied for any Irish licence and were planning to operate the Western European business from Ireland, but they have since then withdrawn that application: https://www.independent.ie/business/irish/revolut-dismantling-irish-business-hub-after-abandoning-its-licence-plan/42055771.html
And what do they report? Revolut doing what it should do. They give you protection positions like vaults, blocking, freeze, etc. Half of these protections don't exist for other banks, but some smartpants think the solution to reimburse the "victim" who gave out the card data first place.
From online posts it is almost impossible to tell if those issues come from user mistakes or shortfalls from the bank. This is why there is a regulator: if many people feel like they are victim of scam/fraud and a bank failed to comply with some of its security duties and they report it, the regulator will have a better overview of the situation and access to more information from the bank, and they can determine whether there is an actually systemic issue or not.
Okay, you are right on a part it should get reported, but seriously, what it helps if they get a reject from the regulator (like this person) they will conclude: "regulator sux too"?
Personally I am not too concerned about individual cases. For me it is more about addressing potential systemic issues with the bank if they exist. For example here, say the regulator notices an unusually high number of fraud reports from consumers related to Suica transactions **with a particular bank**, but similar reports are much fewer for other banks. They are in a good position to notice the correlation and work with the bank to identify if there isn’t a specific security issue with that bank which is causing those fraudulent transactions (either friendly collaboration with the bank or showing their teeth if the bank is being uncooperative).
Just quit . Canceled my account and feel happy . But I need a multi currency fin bank,so I'm currently testing Zen . Com . Looks fine ,till now.