Hacker News new | past | comments | ask | show | jobs | submit login
I just had over a thousand Euros stolen and Revolut is siding with the thief (stavros.io)
705 points by jstanley 23 days ago | hide | past | web | favorite | 352 comments



Revolut's CFO recently 'resigned' from the company in light of claims that Revolut switched off an anti-money laundering system that flags suspect transactions.

Revolut cited 'personal and health reasons' for the CFO's resignation. Whatever those personal and health reasons really were, they clearly passed quite quickly as within the space of a few weeks, said CFO has joined another FinTech company as their new CFO.

The company quite literally has the words "get sh*t done" in giant neon letters on their office wall. They live by the mantra of move fast and break things. That mantra is inevitably going to cause problems when your entire business is dealing with real money owned by real people in one of the most heavily regulated industries in the world.


>Revolut's CFO recently 'resigned' from the company in light of claims that Revolut switched off an anti-money laundering system that flags suspect transactions.

Revolut's CEO[1] is the son of the top bureaucrat of Russian Gazprom, which has been implicated as the main channel of - you guessed it[2], money laundering for Russian oligarchs [3].

[1] https://en.wikipedia.org/wiki/Nikolay_Storonsky

[2] https://panamapapers.sueddeutsche.de/articles/56fec05fa1bb8d...

[3] https://www.ft.com/content/2ebff9ee-38f6-11e9-b856-5404d3811...


As a Russian, I would like to point out that both degrees he has got (Moscow Institute of Physics and Technology and New Economic School) are from top-tier institutions. Money can't buy them and in general they are not attractive for rich kids.

Also, Gazprom Promgaz != Gazprom. It's "a research institute for Gazprom" [1].

[1] https://en.wikipedia.org/wiki/Gazprom_Promgaz


Money can definitely buy them


I would not be so sure abou that. But money can for sure buy you people who make your thesis.


It's always a possibility to "buy a degree" when enough money is involved. Look at what happened with the London School of Economics, which is a top 10 university worldwide.


Easy to draw conclusions, right? I wouldn't be so negative without any evidence.


I'm Ukrainian. Recent history has taught me to not trust any Russian citizen for any reason whatsoever.


[3] is paywalled. and there is no connection between [1] and [2] (i think putin's friends would crack up laughing at the prospect of laundering billions through a british startup).

but the premise is correct - a unicorn who raised 5m for an online bank startup is hardly a serious option.


> The company quite literally has the words "get sh*t done" in giant neon letters on their office wall.

That has become one of my red flag. I want to deal with people and companies focused on the quality of their products and businesses, not on doing "shit" (taking their motto literally).


Absolutely. "Move fast and break things" is barely acceptable for services where failure is mostly just annoying, like social media. If your product is banking, medicine, transport, or anything else that can seriously harm people, "move fast and break things" amounts to criminal negligence.


Amen.

Another example of a field that I'm personally aware of and in which this kind of attitude should not be acceptable is cybersecurity. If your job is to protect people, then EVERYTHING you release has to be bulletproof.


As someone in cybersecurity, I would offer an alternate perspective: That sometimes you have to lock things down despite not being absolutely certain of side effects, being willing to take some outages, if you ever expect to get something done.

Analysis Paralysis is a real thing. Sometimes you just have to do it.


Choosing to lock things down when you're not certain of the side effects... that's the sort of thing that will, at worst, cause outages due to protocol access or authentication (which are both easily fixable). It's a smart move... and helps initiate the "Canary in the coalmine" built-in feature.

The "move fast and break things" crowd are generally the same people that will choose to open things up in the name of "getting shit done". They'll drop firewalls, expose services publicly, and generally go out of their way to avoid security because they see it as a hurdle to achieving their primary goal. In my experience, this lack of foresight almost always causes cascading problems in the future that grow exponentially worse the longer they're left unchecked.


People try to replicate what worked elsewhere without asking themselves if there any differences between the businesses.

That's normally a red flag, for a banking business a mortal sin.


How many times do ex-Googler's blindly parrot, "well at Google...", without asking themselves about exactly that?


Even worst, when wannabe-Googlers do that.

"Well at Google, they'd use a global distributed fault tolerant Hadoop cluster for their data store." "Dude??? We're building a Wordpress site. We're gonna run MySQL on the same shared server as the php code."


While I'm not a big fan of Atlassian's software - I did end up in their old offices for various hackerspace related meetups a long time back.

They had a big sign on the wall "Don't fuck the customer."

That's a much better ethos that "move fast and break things", or "Get shit done" in my mind... (Even if it is just performative customer facing propaganda, at least it shows that management understands that's a key requirement customers want to be told they'll meet...)


And after reading about their work culture, I also don't tend to trust companies that grind their employees down and spit them out. Banking is high pressure at the best of times, but reading about how they work doesn't fill me with confidence in their quality.


"Move fast and break things" is my red flag. I kind of get it for early start-ups in, say, the social media space where the phrase was coined. But when I hear it remotely connected to health care, or critical data, I cringe. I even cringe when I hear it applied to Facebook now, now that it's de-facto a communications platform and whether we like it or not it is depended on by people for important communications and things they are led to believe are private.

Don't move fast and break things. Move productively and build things.


"measure twice, cut once" in big cedar letters on the wall of my next business.


"Safety Third"


the first startup i worked at had a 'get shit done' poster on one of the walls. I think it was more of a fellowkids thing, meant to be half serious/funny and looked more like cargo-culting a startupy phrase.

it was a great place to work - engineering was pretty lax, most of us were there only from 10-4.


I prefer "Move cautiously and make things".

As in, spend your time making something you'd be proud to sign your name to.


> personal and health reasons

That could easily be a way to say that he got threatened to leave that anti-money laundering system switched off 'or else'. Keep in mind that as soon as you create a way for organized crime to do their thing on your service and you are making money of them that they will happily consider you to be in their debt. It happens in the movies, and sometimes it happens in real life.

Someone I know peripherally had something like that happen to him because of a series of movie theaters. Not good, even if you are not aware that such things are happening.

This is why casinos, online gambling, bitcoin related stuff and payment systems as well as two-sided market places always require extra care, before you know it you have a bunch of criminal coat tail riders on board.


Also Revolut CEO's father is CEO of Gazprom (or some division, I'm not sure I understand their structure). And it got it's money from DST Global incubator, which has Kremlin ties.

Meaning, despite their London HQ, Revolut is Russian owned and Russian managed pseudo-bank.

Giving them more money might not be great idea.


Considering both senior politicians in Lithuania and Luxembourg have raised formal concerns about Revolut's bid for a bank licence, specifically because of the CEO's alleged Kremlin ties, I'm willing to assume there's some substance to that concern.


Them not having the license also means that the deposits aren't insured the way they normally are in EU, meaning you get nothing if things go wrong.

We use Revolut around the office to split bills for lunches, etc, but I wouldn't keep more than few bucks in there.


edit: They have a banking license but current account customers now still get an e-money account only - quite confusing state. With an e-money account, the client money is supposed to be in a separate account and if they go under, you still get your money. (FCA regulates all this)

They have a banking license from Lithuania (but customers are not switched to it) which might be revoked by Lithuania and they are trying for another license in Ireland.

Thanks to comment below - edited this make more sense.


Revolut received its banking license from Lithuania in December 2018, but hasn't switched its customers over yet. After the family connection with Gazprom became public, Lithuania started considering revoking the license, and Revolut applied for another one in Ireland. It's not clear now, when and which banking license Revolut will start using. It's worth pointing out, though, that Revolut already has more customers than there are tax payers in Lithuania[1].

[1] https://www.theguardian.com/money/2018/dec/22/lithuania-icel...


As an Irish person who watched the crapshoot of our banking regulation in 2000s I can assure you that this does not fill me with confidence.


thanks, you are right, I have edited my original response (which itself is quite confusing now) - the Revolut state of regulation quiet confusing - better to stick with Monzo in UK/N26 in EU.


They have a UK bank license now, so deposits are covered up to EUR 100k

They're only covered against bankruptcy though - if someone steals your phone and drains your account, you're SOL.


There’s a YC company called Ysplit which solves this exact problem. I highly recommend it. ysplit.com


Revolut seems overkill for that, maybe try Splitwise?


Venmo seems to be the standard here in the US. Is it not as common overseas?


lol no it assumes a US account. it's not even listed in the app stores here. people mostly use bank transfers for everything since it's free and fast


Haha, yeah, US banking is pretty awful in terms of ease-of-use.

I don't use Venmo myself - I'm at a point where I'd rather just pick up the check that try to split it (using any method). And let me friends pick up the next meal.


I tend to find that Venmo is a bit redundant in the UK - feature-wise, I'm not sure that it does anything that the standard bank mobile apps can't do? (There's a standard person-to-person via mobile number payments system that most banks support & integrate into their apps (https://en.wikipedia.org/wiki/Paym)).


That's nice. I wish US banks would do something like that, so we don't have to rely on 3rd party apps. But, they couldn't even roll out chip & PIN properly.


Gazprom ties, AML system randomly going offline, regulated by Lithuania...this looks more like a money-laundering scheme than a bank.


Why does being regulated by Lithuania make it look it like a money-laundering scheme?


I’m not certain as to the original post’s implication, but the multi-billion-dollar Russian “Laundromat” schemes that have come to light over the past few years fed through Baltic banks, including at least one in Lithuania. I’d think, though, that since these came to light there would be added scrutiny and it wouldn’t be an ideal place for further nefarious activity.


> through Baltic banks, including at least one in Lithuania

Just to clarify: The Russian Laundromat mostly relied on the banks from Latvia and Estonia[1], the two EU countries with the largest Russian population. The only banks which participated in the scheme from Lithuania – Danske and Nordea – were actually Scandinavian, and have either left the country (Danske), or merged with others (Nordea) afterwards.

[1] https://www.occrp.org/assets/laundromat/BarChartBank-big.png


I was thinking about the recently revealed 'Troika Laundromat'–smaller than the Russian Laundromat scheme but still a $5B operation–which involved the Lithuanian Ukio Bankas: https://www.occrp.org/en/troikalaundromat/the-troika-laundro...


This one was really a Lithuanian bank, even though founded by a person who was born in Russia, and who escaped to Russia when the bank collapsed in 2013. There are none of such banks left in the country anymore, and people are very concerned about any possible Revolut's connections to Russia.


> Why does being regulated by Lithuania make it look it like a money-laundering scheme?

It doesn't raise issues per se. But Lithuania has a sizable Russian population [1]. It's also a small country.

The latter means it has less experience supervising novel and complex financial systems. It also makes its regulators easier to unduly influence, either through bribery or threats (e.g. Revolut failing would probably deplete Lithuania's national deposit system).

[1] https://en.wikipedia.org/wiki/Russians_in_Lithuania


A Lithuanian here.

> But Lithuania has a sizable Russian population [1]. It's also a small country.

The Russian population (5%) is a tiny minority here, not represented by any political party in the parlament. It's much bigger (25%) in Latvia and Estonia, as Russians tend to live in the cities near the Russian border[1].

> The latter means it has less experience supervising novel and complex financial systems. It also makes its regulators easier to unduly influence, either through bribery or threats

In this case, there is a common view in Lithuania, that as a tiny economy we should focus on IT sector and follow Estonia's example, trying to be the most modern and innovative state in the EU.

Therefore, there is an entire goverment program for attracting and supporting fintech companies[2], hoping that they will open offices in Lithuania and employ recent graduates, preventing them from fleeing to Western Europe for better job opportunities.

Of course, it makes no financial sense to give a banking license to a foreign startup for such a small economy, but Revolut is extremely popular in Lithuania and the general population sees it as an alternative to Scandinavian banks which have occupied the local market.

As a result, those policitians who have tried to oppose giving the license to Revolut were publicly attacked from all sides as "working on behalf of Scandinavian banks".

[1] https://en.wikipedia.org/wiki/Russians_in_the_Baltic_states

[2] https://www.lb.lt/en/newcomer-programme


> Those policitians who tried to oppose giving the license to Revolut were publicly attacked from all sides as "working on behalf of Scandinavian banks"

I rest my case. That such financial regulation is being politically decided gives Revolut more leeway in Lithuania than it would have in e.g. the U.K.


> That such financial regulation is being politically decided

It's not being politically decided, but multiple senior members of the parlament in the committee on Budget and Finance have publicly expressed their concerns.

I agree that there is a lot of general inexperience in the entire system, and I don't believe that Lithuania would be able to regulate Revolut properly, as it's based in the UK.

The point was, that Revolut was more than welcome in Lithuania, and they didn't need to try to influence anyone. The politicians and regulators were even proud that one of the biggest fintech startups in Europe chose to set foot here.

They also saw that N26 was successfully granted a license in Germany, Monzo in the UK, and Bunq in Netherlands. Therefore, it wasn't seen as such a big risk.


It's HQed in London, so not being regulated there raises questions.

I would guess that regulation in the UK is better, but I'm not really up on my Eastern European/pan European banking regulation to definitively say.


Does it? It seems logical, thinking about Brexit.


Brexit would also be an argument against HQing there too though...


The way I understand it, not really. Financial services seem to operate crossborder just OK, while the licenses are not cross border (I mean cross EU border).


Good point. I believe there are EU directives in place which mandate that if an institution is authorised in one member state it can operate in any other state


> it got it's money from DST Global

So does Facebook, DoorDash, FlipKart and hundred+ other Silicon Valley companies. Revolut also has money from Seedcamp, Balderton, Index and tons of other VCs.

> Revolut is Russian owned and Russian managed pseudo-bank

Since when being a Russian is a crime? Besides if a company is London based it is regulated by UK authorities.

You make it sound like the guy being Russian, DST being Russian (and allegedly having "ties" to Kremlin) is somewhat a red flag. I would like to hear more on the reasoning behind how all that is negative?

Don't Silicon Valley CEOs have ties to White House? Should I not use their products? :)


> I would like to hear more on the reasoning behind how all that is negative?

There is outsized demand for money laundering from Russia, in large part owing to its endemic and unchecked corruption. This is why most recent European money laundering scandals have involved Russian money [1][2][3].

So when you see an AML deficient operation with multiple Russian ties based out of Lithuania, it raises legitimate questions.

[1] https://www.reuters.com/article/uk-danske-bank-eu-regulator/...

[2] https://www.cnbc.com/2019/04/18/deutsche-bank-shares-slip-am...

[3] https://www.insurancejournal.com/news/international/2019/03/...


We have unchecked corruption from the 2nd most powerful politician in the country, no one cares

https://www.nytimes.com/2019/06/02/us/politics/elaine-chao-c...


> We have unchecked corruption from the 2nd most powerful politician in the country

Chao is being investigated by the House [1]. Worst case, we’re talking single-digit millions of suspected malfeasance versus billions in Russia of cut-and-dry graft.

And most importantly, a wrong here doesn’t excuse a wrong there.

[1] https://www.politico.com/story/2019/06/24/house-chao-rules-t...


I thought that she had steered some $78,000,000 in Federal projects to her husband's state and then there were also some questions about the business interests of her family members in China[0]. Also Deripaska[1] just announced he's funding an aluminum plant in Mitch McConnell's state so I suppose it does involve billions in Russian graft. [0]https://www.vanityfair.com/news/2019/06/elaine-chao-china-tr... [1]https://www.cnn.com/2019/04/15/business/rusal-russia-kentuck...


Interestingly, all the banks in your sources involved in money laundering of "Russian money" are big non-Russian (Dutch, German, Estonian, UK, Swedish, French and so on) banks.


> all the banks in your sources involved in money laundering of "Russian money" are big non-Russian (Dutch, German, Estonian, UK, Swedish, French and so on) banks

And Revolut is a non-Russian service. Hence the comparison.

(Money laundering has three steps [1]. Dirty Russian money is typically placed with Russian banks. It is then layered between Russian and non-Russian banks before being integrated by a non-Russian bank, thereby masking its origins. Given the amount of dirty money flowing out of Russia, a Russian account tends to gather more scrutiny than e.g. a Danish one in the same way a Colombian account garners more scrutiny than a Miami one.)

[1] https://en.m.wikipedia.org/wiki/Money_laundering


financial services company accused of money laundering with ties to russian oligarchs in London is a little bit different from minority stake in a large american corporation, or even the American government, which at least as of today is still a liberal democracy.


I don’t think the problem is that it has ties to a political entity.

The problem is that that entity is a de-facto dictatorship that is well known for being corrupt.


The fact that CEOs father works as a deputy executive in a government owned company qualifies does not qualify as "ties," in any meaningful way.

Most shareholders and the regulator in control are western based and run by people whose parents aren't employed in Russia's public sector, as far as I know.

Show me a government that's not known to be corrupt.


> Meaning, despite their London HQ, Revolut is Russian owned and Russian managed pseudo-bank. Giving them more money might not be great idea.

Giving any Russian oligarchs more money is always a bad idea.


> Revolut cited 'personal and health reasons' for the CFO's resignation. Whatever those personal and health reasons really were, they clearly passed quite quickly as within the space of a few weeks, said CFO has joined another FinTech company as their new CFO.

Just waited for the golden parachute check to be cashed in.


Maybe there was an argument and the CFO was against turning off the money laundering and lost out and left over that.


The CFO resigned only after the documents passed to The Telegraph by a whistleblower showed that for three months in 2018 Revolut switched off an automated system designed to stop dubious money transfers[1].

[1] https://www.telegraph.co.uk/technology/2019/02/28/revolut-fa...


Maybe that system was low quality and blocked valid transactions?


Maybe it was, but that's not a good excuse. "We wrote some software to prevent money laundering but it was crap so we turned it off"


> We attempted to write some software to prevent money laundering but it didn't work. So we turned it off.

What are you talking about, that's completely reasonable.


That seems like an entirely reasonable response in isolation. Sometimes you write new software and find it just doesn't work in production. Were they not doing anything else to prevent money laundering?


Or "We wrote some software to prevent money laundering but it worked properly and blocked heaps of profitable transactions, so we turned it off"


I saw that but it wasn't clear as far as I remember who did this - it may be the CFO took responsibility for some one else's actions.


> it may be the CFO took responsibility for some one else's actions

CFOs of financial services companies are typically senior AML officers. All AML actions are their actions, and AML liability for AML officers is almost strict liability. If something happens and if best practice wasn’t followed, the AML officer(s) are personally and criminally liable.

If someone could turn off the entire AML scanning system with the CFO’s prior knowledge, sign-off, and ex post facto notification, that’s a deficient AML policy.


It wasn't the entire system. It was some of the rules. They were rules which weren't very accurate, were leading to lots of unhappy real customers, and not catching many fraudsters.

For example, the rules stopped large numbers of women who had bank accounts or their passports in maiden names from transferring money to themselves. Revolut would see an incoming payment from supposedly the same person, but with a different name, and lock the whole account down until documents could be provided proving why that happened.

That means if you top up your Revolut account on saturday to buy some McDonalds, you are now going to be locked out of all financial services for probably 1+ week while you get official documents proving the name change. A marriage certificate isn't enough. If your salary is paid into Revolut, you might default on loan payments, loose your house/car, etc.

All that to stop only the stupidest of money launderers. Smart money launderers know to use business accounts where the name of the account holder isn't checked by any bank.


> Smart money launderers know to use business accounts where the name of the account holder isn't checked by any bank.

I don't quite follow - can you elaborate and explain the scenario?


If a human moves money from "Bob smith" at bank1 to "bob smith" at bank2, they can avoid many of the money laundering checks, because money laundering laws only apply when money is changing ownership.

If a business does the same, and claims they're moving their own money about, the name checks aren't applied, so they can work around many of the checks.


In Germany at least, when you order a transaction you have to specify recipient account holder name and IBAN. Recipient bank checks if the name on the IBAN matches with the one in their records (after normalization to reduce error rates e.g. from umlauts) and if there's an obvious mismatch reject the transaction.

Business accounts however are not checked as tightly as people often enough either outright mis-spell the company name, use outdated company names, specify departments in the name and not the comment field, ...


I'm not saying this is definitely the case, but it could be why he left. Could you imagine if you were criminally liable for something like this, and found out that the monitoring for it was disabled without your knowledge? I'd want to get out of there ASAP.


In a typical bank, AML is not part of the CFO responsibility (instead directly subordinate to CEO), and no sane bank will have a CFO whose experience is chiefly AML.


And use candidates to your job offers so they do free marketing campaigns for you. Basically.

To be honest, fuck Revolut, so use them with little money.

Something is not right with these freaks.


> And use candidates to your job offers so they do free marketing campaigns for you.

Can you expand on this? I'm not sure what the reference is to.



It feels like the "unique" part that makes this something novel about this is that they claim you authorized fraud when you raised your limit, accidentally letting a transaction you couldn't see through.

So the scenario is roughly (numbers made up):

1. You set a £500 monthly card limit

2. Your card is stolen and somebody charges £1000

3. You get a notification saying you have hit your limit

4. The failed, fraudulent, transaction is not listed

5. You increase your monthly limit to £1500

6. The fraudulent transaction goes through

7. You can now see the transaction

8. You cancel your card and report the fraud

9. You're told by raising the limit you authorized the fraudulent transaction that you couldn't see before you raised the limit

That's insane...


> you authorized the fraudulent transaction

I don’t know European banking law. But in the U.S., this isn’t Revolut’s call to make [1]. They can issue the chargeback and then cancel your account, if they think you’re being screwy. But they can’t deny the chargeback unilaterally.

OP should reach out to their national financial services regulator.

[1] https://www.federalreserve.gov/boarddocs/supmanual/cch/efta.... Liability of Consumers for Unauthorized Transfers—12 CFR 1005.6


Unfortunately chargebacks aren't as simple in the EU, in addition to country-specific rules that make them hard to use in some countries.


In France any transaction involving you PIN code is really hard to contest (so if you get your card copied by a skimmer it's tough).

Same with online transactions using 3-D secure (2-factor, usually involving a confirmation code sent by SMS).

For other online transactions however, you just have to ask your bank and they're chargeback the merchant.


Depends on the bank. I had HSBC in France repeatedly deny that they could not and would not perform a charge back forna specific online transaction without a police report.

I ended calling VISA, who conference called my bank branch, explained that they were legally required to perform the charge back. The bank capitulated on the phone, the VISA guy hung up, and the bank said: VISA's opinion aside, we refuse to perform a chargeback.

France...


And what happened when you called VISA again and told them that the bank went back on agreeing to the chargeback?


This sounds like the same fallacy the UK had with chip transactions. The magical fallacy that they're infallible and totally secure, thus all fraudulent transactions are automatically your fault.


In the UK, the law is 100% on your side for credit cards. Just raise a consumer credit act claim, and unless the bank can show serious failings on your part, you'll have the money back.

"proving" that there hasn't been a security breach somewhere in their infrastructure is impossible, so you'll pretty much always win.


It’s interesting that there was quite the criticism of the US “mag stripe” cards when Europe was chip and pin. I recall many Europeans claiming that their system was far more secure and “better.” However, chip and pin puts liability on the customer for fraudulent transactions, while in the US, the liability is on the merchant.


This is not really true.

The merchant takes liability on some transaction types. In the UK, any credit card transaction that is flagged by the customer, regardless of chip and pin, is immediately refunded and investigated.

However - as card cloning of chip and pin cards is still effectively at zero, it's very unlikely that fraudulent chip and pin transactions ever take place without, say, the card being stolen as well.


I've got nothing to contribute, except that pretty much every time I ask a PM for clarification on a concern I have at work and they say "oh, that can't happen/never happens" it happens about 30 seconds later. Or it happened 30 seconds ago, which is why I was asking.


Chip and Pin has been out in the wild for what ... 17 years in the UK where I am? And round a lot of the world. So far it has resisted cloning admirably.

I'm not saying Card-present fraud can't ever happen with EMV cards, or that customer liability is the right thing to have, but this technology really does seem to have held up well to attack. Possibly because there are just easier ways to defraud people...


They seem to be orthogonal, if we still just had magstripes then it would be super easy to clone your card and make transactions using it because there's no second factor needed. At least the criminals now have to be organised.

The response to the fraudulent transaction would surely be the same as that's either the bank's call or/legislative.


They are a lot more secure. Magstripe fraud is rampant, an accepted fact of life. Breaches of chip cards are extremely rare and not a fact of life.

Or can you back up this insinuation that smartcard chips that digitally sign transactions are no more secure than magstripes anyone can duplicate?


You can duplicate chip & pin EMV cards too. They are prone to fraud just like mag stripe cards.

https://www.consumerismcommentary.com/chip-credit-cards-frau...


Only when badly designed.

They're theoretically secure (ie. with cryptography), even if practically many can be encouraged to leak their secrets...


There is theory, and then there is what is actually out there.

The fact that something that is actually insecure doesn't have fraud protection is the wrong thing.


I wonder if full "phone only" cards (like the Apple Card but no physical card at all) will become available as an opt-in service at banks at one point, it seems plausible in maybe 10-20 years as Apple/Google pay become more widespread.


No one claimed they're as bad as magstripes, only that they are not 100% perfectly secure.


But if chip cards are much, much more secure than before and chip breaches are negligable (which they are), then why is the default presumption of fraud being the user's fault unfair? Users can and do write their PINs down, give them to other people and engage in other unsafe practices. That's by far the most common way chip cards are breached: social engineering.

I think there's a limit to how much liability system vendors should be expected to take. Insisting on all-corporate liability all the time, even for cases that are basically unsolvable like users deliberately giving away credentials, just socialises the cost of careless behaviour on all card users. Why bother upgrading security at all, in that case?


Nobody claimed they where 100% secure, at any point in this thread, during the development of the technology or during the rollout.


Then we're all agreed, and I have no idea what repolfx is so indignant about.


They generally are for credit cards. Debit cards often have less protection but for credit cards, Visa and Mastercard will allow chargebacks similarly to the US.


It's even more insane because I set the limit to 200ish, so bill payments routinely give me that error message, so I didn't really think anything of it.

Also, apparently the declined transaction shows up, but it takes a while. It didn't show up on my list even though I got the notification, so I thought it just doesn't show and I went to the limits to raise them.


> Also, apparently the declined transaction shows up, but it takes a while.

I have had multiple times when the most recent transaction showed up only after restarting the Revolut app.


Yeah, same. Sometimes I needed to force-close, sometimes it wouldn't even show my balance, etc. It doesn't do this too often, but often enough.


If you set it to 200, why did you then increase it by 1000- which is a) an insane increase and b) the perfect amount for the transaction to go through?


I didn't increase it, because I didn't know the transaction amount. I just set it to "off", which was the default. I also did this on a few of my cards, since I didn't know which card was hitting the limit.


Even if he'd removed the limit entirely, that doesn't show intent to allow that specific transaction through.

What if he was removing it to make a completely different payment?

It seems like terrible UX to not allow/require individual approve/reject on transactions that triggered the limit.


> It seems like terrible UX to not allow/require individual approve/reject on transactions that triggered the limit.

This would have been a massive improvement, agreed. Maybe they have to make a call within a few seconds and can't ask your permission first, though, so maybe that's not possible.

Still, the notification could have shown "Your transaction to MERCHANT for AMOUNT on CARD was declined because of your limit". That would have avoided this whole disaster.


It is possible. Some other banks do it exactly this way. If the transaction amount is large enough, they ask you to authenticate on their app and confirm the transaction.

I suspect that by wanting to move fast they put less emphasis on the features that are more time-consuming to implement.


I guess they built the transaction limit assuming that your merchant would tell you the transaction was declined, but neglected to address the case where you weren't the person hitting the transaction limit with your card.


but this happens, I don’t know why the author said it doesn’t. i get notifcations with the merchant and the amount (that can also be seen in the app). maybe there was a temporary glitch?


Do you get the amount and merchant in the notification that you reached the limit? Mine doesn't (check the screenshot).


hmm, you are right. I checked and the only notifications that I'm getting with the amount and merchant is when the card is blocked (I always keep it blocked and unblock it when I need to do purchases). I had the impression that's everywhere.


on sixt this month i had a transaction with google pay that is connected on my revolut card. that it took 2 days to show up. even support could not see it. they kept saying the top up will ve reversed, even when it was a completely different issue.


Out of interest don't you get any penalties for all those declined/failed payments?


No, the card is canceled so it's not even the user's problem any more.


He means in the ordinary case, where you regularly hit the limit before, just through legitimate transactions.


Oh, no, there don't seem to be any penalties. I only get a few failed transactions here and there anyway, but so far it's been 100% "legitimate transaction getting restricted", so I trained myself to raise the limit.


It didn’t even mention which card this transaction was on, just no trace. Thinking it was a recurring bill payment that’s getting declined, I started looking into my cards, disabling and re-enabling limits.

I am guessing that you are the author of this blog post. For a long term user, you seem to have made a lot of assumptions and mistakes. You also seem to have a few cards on your account. I can't tell if you froze ALL of your cards, either immediately upon discovering the fraudulent event or before raising/disabling limits and then 'deal' with the rogue virtual card afterwards.

Revolut is a pre-paid card. You can't expect expect the same level of protection or consumer rights, which are provided by a Credit Card or a bank registered in your jurisdiction.

Regardless, you should post this in the Revolut community for more visibility and probably get an actual resolution, before jumping on the GDPR angle ─ which will fail to provide with you enough details, as most financial institutions will redact any information on fraudulent transactions ─ stating in some vague language that it is an on-going fraud/crime investigation, hence they are not allowed to discuss it etc.

Good luck.

https://community.revolut.com/


>Revolut is a pre-paid card. You can't expect expect the same level of protection or consumer rights, which are provided by a Credit Card or a bank registered in your jurisdiction.

Er, are you sure?

In the UK marketing: https://www.revolut.com/a-radically-better-account

it is described as "Free UK current account". That's the name of a full, normal, bank account. I would expect it to have the full consumer protection, FSCS, etc.

If it doesn't, they're committing some pretty massive advertising fraud...


>I would expect it to have the full consumer protection, FSCS, etc. If it doesn't, they're committing some pretty massive advertising fraud...

You can expect all you like, but there is no UK FSCS protection. They have frequently ran into trouble with their advertising campaigns!

https://www.pymnts.com/news/payment-methods/2019/revolut-ad-...


> For a long term user, you seem to have made a lot of assumptions and mistakes.

What were they?

> I can't tell if you froze ALL of your cards, either immediately upon discovering the fraudulent event or before raising/disabling limits and then 'deal' with the rogue virtual card afterwards.

I froze the card the charge was made on immediately after I discovered the fraudulent transaction, yes. I didn't freeze anything before removing the limit because I didn't think it was fraud until quite a bit after I saw the large transaction go through.

Initially I thought my work had used my card to book a trip for me or something similar. I didn't even imagine someone could have gotten my card details somehow.


> Initially I thought my work had used my card to book a trip for me or something similar. I didn't even imagine someone could have gotten my card details somehow.

I must be missing something here. Is sharing your card details with your workplace, so they can spend your money on your behalf, a normal thing for you (or anybody) to do? Legitimately asking here because I don't understand this at all.


A blunt question on that point: So what?

Let's say someone shares their card details with their workplace. For some reason beyond your or mine understanding. Which causes them, in a rush, to think "Ah, must be that, I'll drop the limit". Does this justify that person losing their money that was stolen from them via fraudulent charges?


No, it's not. I was just super confused by the charge and what's what I thought. It makes no sense, and yet the probability ranked higher than "fraud" in my mind.


Revolut community is censored. You cannot post everything there, probably this story will be never visible there.


> Revolut is a pre-paid card. You can't expect expect the same level of protection

The hell I can't. If they can't make their service secure and stand behind it when they fail, they have no business providing the service at all.

What Revolut's legal status and responsibilities are, I don't know. (Although the update says that they did eventually refund him, so clearly someone was aware they fucked up.) But implying that it's the user's fault for not anticipating Revolut's insecurity is absurd. He did make a mistake, but so did Revolut, and they should have (and, eventually, did) make it right.


>What Revolut's legal status and responsibilities are, I don't know.(Although the update says that they did eventually refund him, so clearly someone was aware they fucked up.)

I also use them as my main debit card, because I (mistakenly) thought that the immediate notifications and safety limits would keep me safer in case of fraudulent transactions.

My comment was referencing the above statement from the blog post, which highlights the fact that using this card as a debit card is not a prudent decision. There was absolutely no implication that Revolut was blameless, in any way whatsoever!

I am glad that the matter has now been resolved. For your reference, this card is not protected under the UK Financial Services Compensation Scheme, neither does it provide protection under Section 75 of Consumer Credit Act 1974. However, it is regulated by the Financial Conduct Authority(FCA) under Electronic Money Regulations 2011 and Section 12 describes the complaint handling procedure, which requires the consumer to follow the dispute resolution process by contacting the business first, before escalating it to the Financial Ombudsman Service. In most cases, there is a resolution before it reaches FOS.

https://www.fca.org.uk/publication/archive/emoney-approach.p...

https://news.ycombinator.com/item?id=20263121


Why would you raise the card limit? Panic?


In my case, it was because it's a thing that happens frequently. I set limits low and I routinely get transactions failing, so I raise/remove the limit and they retry.

It generally happens when recurring bill payments come through, so I didn't really think much of it, I did what I do when a transaction fails. If I had seen the amount, I definitely wouldn't have done anything like that.


> I set limits low and I routinely get transactions failing, so I raise/remove the limit and they retry.

What's the point of a limit, if you automatically remove it whenever something is over the limit?


It didn't start out like that, but yep, it just trained me to override it. The rationale was that I could first see the transactions that fail, but the UI doesn't encourage that.


What's the point of a banking app, if it doesn't show you the failed transaction after sending you a vague notification about a limit being reached (due to that transaction)?

It's weird to me that the focus is on Stavros not doing this or that, when the original failure was the bank's. If the notification had said "This transaction here failed because it hit the limit" none of this would have happened. If the app had shown that transaction in the list, none of this would have happened.

Yet here we are asking why the user didn't react perfectly to the failures of the bank. It's weird.


If it happened to be the day your bills go out, you might just assume you messed up in your planning.

And there's no weird transaction listed, so assuming it's a standing order wouldn't be unusual.

And yeah, "panic", the fees for missing payments on some bills can be fairly high so you probably can't wait till beyond 2pm that day.


UPDATE: Revolut have emailed me in response to my official complaint (possibly after seeing my post gain attention, I can't say for sure). They admitted it was a mistake to decline my chargeback and have refunded me the purchase.

They also said they would take measures to avoid this from happening again, hopefully they make good on that promise.

Thank you all very much for your help and support, I hope this doesn't happen to anyone else.


It's disgusting that you had to raise a shitstorm on their internal support, then on twitter and then hacker news to get your chargeback.

Will others be savvy enough to raise this attention? I would rather that a regulator went to bat for you and slapped them with a large fine. Because as it stands they can do the same thing to everyone else, only give refunds when someone raises attention and perhaps this only accounts for 1% of the cases.

They are going to take measures to swat stories down quicker before they create bad press, but there is likely a good reason for their behavior so expect no uniform change.


It's becoming increasingly clear to me that most customer support for modern tech products is happening via social media. Building a large enough following that you're capable of generating an outrage machine when something goes wrong is becoming almost a kind of insurance policy now.

In the short term, I imagine this is better for companies, since a very small number of these incidents actually generate enough outrage to need fixing. In the long term, I wonder if companies will ultimately regret creating an environment where every consumer immediately goes public with every complaint they have on social media as soon as something goes wrong?


Yeah, that's completely inexcusable. Maybe I should have given them time to respond to the official complaint, and maybe they would have fixed it, but I don't want to tell a company "someone just stole 1k euros from me, please stop them!" and hear back "it's your fault".


It of course will happen to others, who will have no recourse when they don’t have the same platform to seek redress. It’s your own fault as a Revolut customer if you continue to use them for holding your funds after being made aware of their behavior. Use a real bank!


I used to like them but then this happened:

- they froze my account.

- they required documentation.

- the chat was broken. There was no way to contact them and send the documentation.

- I found them in Twitter, someone from Revolut passed my issue along. No one called me.

- They kept messaging me in the chat. I could see the numbers piling up but the chat was "opps something went wrong" and a blank page.

- I tried all: cache, restart etc...I didn't want to uninstall.

- after two weeks I took the big risk and uninstalled the app. It was very tense...I installed it again (it worked luckily) and I could finally chat again. Problem solved.

They never called me, I could not call them, the problem was on their end but I had to find a way and take the risks.

Never again.

Fintech is just banks with a sleek interface and no experience after all.

[EDIT: formatting]


Fintech has good products and bad products, just like every other sector.

Monzo, for instance, is excellent.


I suppose so. I guess we are coming out of the phase when a nice app was enough to convince that "this is so much better than a bank". We're maturing as customers.


They also don't care about their employees [1][2] and I believe are now under investigation for money laundry.[3]

[1] https://www.theverge.com/2019/3/3/18248826/revolut-workplace...

[2] https://twitter.com/phillipcaudell/status/110108122935141580...

[3] https://cryptonomist.ch/en/2019/03/01/revolut-cfo-money-laun...


Under PSD2 this is illegal - sadly the implementation date is in Sep 2019. Appalling treatment and Revoult has been getting some bad press recently - you should complain to Financial Ombudsman - https://financial-ombudsman.org.uk (assuming you are dealing with Revolut UK, and they have not switched to Revolut Payments UAB for EU customers)


I already filed a complaint with them, but apparently Revolut can just refuse to reply and that's that. They also told me as much, they said I have to file a formal complaint with them first. They said something like "we will refuse to process any other complaint until the formal complaint process is complete", but since they're judge, jury and executioner on this, I don't have much faith.


> since they're judge, jury and executioner on this

They’re not. It sounds like Revolut is regulated in Lithuania; complain to them [1]. I’d also light up your own country’s national financial regulator.

(If you can find nexus with the U.K., they’re a good one to get involved [2], too.)

[1] https://www.lb.lt/en/sfi-disputes-between-consumers-and-fina...

[2] http://www.financial-ombudsman.org.uk/


I had Chase screw up a similarly obvious dispute. Long story short, Newegg send me a defective monitor, they claimed it was damaged on return, and then dithered on the refund. After I filed a dispute Newegg sent the defective and now broken monitor back to me. They then responded to the dispute saying I never returned the item and gave the tracking as proof. Chase inexplicably (how could they send back the item if I never returned it?) sided with them.

All the CFPB did for me was forward my complaint to Chase who (politely) told me to go fuck myself.


I've never dealt with the CFPB. However, three times I have complained to regulators about companies misbehaving. It appears that every time the regulators did little beyond forwarding the complaint, but in every case it resulted in the company promptly behaving itself.


> All the CFPB did

CFPB is a joke. Your state financial regulator and the Fed enforce Regulation E in the United States.


Do you have a link to where I should complain?


Google <your state> financial regulator. In New York, we have the DFS [1], for example.

Note that the rules are less strict for returns than for fraud. You’ll want to include proof of shipping the return, but the merchant and network have some discretion. (VISA is more consumer-friendly than MasterCard with return chargebacks; AmEx is the best.)

[1] https://www.dfs.ny.gov/


>The Department does not regulate national banks (examples: Bank of America, Wells Fargo, Chase, Citibank, PNC) or federal credit unions, whether operating in Georgia or elsewhere.

https://dbf.georgia.gov/consumer-resources


It doesn't regulate, but depending on the state they'll often mediate. (New York has mediated disputes between national banks and me, for instance.) Otherwise, the OCC [1] is worth a try.

[1] https://www.occ.gov/topics/consumer-protection/index-consume...


I mean, the CFPP mediated my dispute as well. Chase told me to go fuck myself and CFPP dutifully reported that to me. The question is whether these organizations can sit as an objective third party, look at my dispute, and force Chase to do the right thing.



The only choice that doesn't route me to the CFPB is:

>The company asked me to pay a fee before they would issue me credit.


Under Online Shopping, did you check "I never received merchandise" and "I did not receive a prompt refund"?

You never did receive what you ordered: a working product.

One time, I just had to tell a company while I was on the phone with them, that I had this specific website open on my computer and was filling out the form. That got them to resolve the issue immediately.

Unfortunately, this would only address the issue with Newegg, not Chase. But you should still get your refund, or the monitor, which you can then return for a refund (if you ended up buying another one somewhere else already). If Newegg says it's too late for a refund, tell them to read their own ToS which says you are elligible for a refund, or that you will sue them in small claims court. Or you could use your credit card's warrenty if it has one.

Heck, if your credit card has warranty coverage, did you try using that? From what I understand, if you try returning a defective item and the store won't accept it, the credit card company will just write you a check.

Just open a new case with the credit card company and don't refer to the old issue/case.


>Under Online Shopping, did you check "I never received merchandise" and "I did not receive a prompt refund"?

Ah, I went down the Credit Card path.

>Heck, if your credit card has warranty coverage, did you try using that? From what I understand, if you try returning a defective item and the store won't accept it, the credit card company will just write you a check.

By the time I thought of this I was out of the warranty time frame. I did bring it up in my CFPB complaint though, but I don't recall if they addressed that specifically when they told me to pound sand.

>Unfortunately, this would only address the issue with Newegg

Newegg banned my account after the dispute. Since they sold a defective monitor as "certified refurbished" and then fraudulently answered the CC dispute I don't have any faith they will voluntarily resolve the issue. Unfortunately, this level of customer service is par for the course for them.


> Newegg banned my account after the dispute.

Newegg banned my account after I told their support that someone else logged into it, changed the password, and purchased a $1000+ camera with a gift card. I'm not sure if it counted as a dispute or not, as the money wasn't mine and it wasn't shipped to me. I found it odd that I had no option to reset my password and continue using it. I stopped shopping with Newegg after they silently deleted an entire transaction/order on my second account; all I ever got was the initial order confirmation; it took a call to their support to find out that it was not something I did wrong, but they couldn't tell me why it was cancelled.


You can take them to the small claims court in the UK. They are not judge & jury. They have to have reasonable evidence that you knowingly let the fraud happen.


This is great information, I will, thank you!


>Revolut can just refuse to reply and that's that. They also told me as much, they said I have to file a formal complaint with them first.

Revolut can't refuse to reply. They are literally advising you on the first step to file your complaint in this procedure, as prescribed by the Financial Ombudsman Service. It is there to exhaust your query, in order to either resolve the matter amicably or to arrive at some satisfactory conclusion and more importantly it exists to filter out any frivolous claims.


The Ombudsman's site says:

> Your complaint has been sent to the trader. They can either suggest one or more dispute resolution bodies to work on the complaint or they can decide not to proceed with an out-of-court settlement of your complaint.

> You do not need to do anything more at this stage.


this is scary - I am sure you can take them to small claims court for this if you are in UK as they are refusing to engage via the ombudsman.


I'm with N26 -- tried signing up with Revolut as I heard they had some cool features I didn't have with N26 e.g virtualized cards and crypto currency support.

Signed up with my Passport and transferred €50 to the newly created Revolut account. I wait a week still no money in the Revolut account -- contact support. They explain I'm not registered and that I have to register first -- I'm at a loss as they could issue me an IBAN and I'm still not "registered" -- apprently I have to present a passport that isn't American because "they don't accept US passports" even though they did during my onboarding -- since I didn't have another passport available (my Irish one) I asked them to return the money and close the account. It took them 8 weeks to return the €50 with me chasing them everyday for the last two weeks.

I don't understand why N26 accept US passports and Revolut don't.


Because Revolut dones't want to have to manage FACTA and other US extraterritorial laws. Here is Switzerland having a US passport is a good reason to be banished from your physical bank very quickly. US passport holders are seen as a liability and not as a customer. That's also one of the reason that make renouncement of US citizenship quite popular in Switzerland if you have dual citizenship.


I've been told it's not just being US citizen but also, for example, being US tax resident for the current year


US citizens and us tax residents are essentially the same burden here. Nobody wants to deal with that unless the potential profits outway the additional costs of the admin


>Because Revolut dones't want to have to manage FACTA and other US extraterritorial laws.

So this is a competitive advantage of N26 over Revolut?


maybe they just don't know yet that they don't want to accept people with US passports :-)


This. This is the right answer


N26 have been pretty solid for me and they have a number I can call if I need something. N26 is where I keep my money and Revolut is what I use for day-to-day stuff, but I still had enough money that the fraudster managed to steal 1k :/

I have switched to N26 now.


Sorry to hear about your trouble. For me the deal-breaker for Revolut when I was looking at my options was that it's not really a bank, while N26 is (which means deposits are protected up to 100k). So I went with them and have no regrets so far.


From one evil to the other then? I would definitely not keep my life savings in some virtual "start-up" bank.

Get a serious one and automatically transfer some money onto your fancy cards every month, if you like their service for everyday payments.


The reason I went with N26 is because they're German -- the German government will guarantee all savings up to €100k -- this is not the case with the others hence why Revoluts "EU banking licence" doesn't offer as much consumer protection as simply being a German bank. It just means they get more access to EU markets by abiding by certain terms.


N26 is also known to not help you when you're a fraud victim (https://heise.de/-4355970). And they're currently on a watchlist because they usually fail to prevent money laundering (https://heise.de/-4429143).


I was victim of a fraud (a shop factured me twice, then they refused the pay me back the money) while paying with N26. They helped me to get my money back, so from my point of view they help fraud victims.


Looks like it :/ I don't store my life savings there, certainly, I just had "more" money in N26. You're right, though, I should transfer just as much as I need to them.


N26 is an actual bank that offers actual current accounts, unlike Revolut.


I know this was the case but both N26 and Revolut have EU banking licences -- as of the past year.


N26 refused to update my name in the account when one letter changed. They requested documentation my country cannot issue, and just sending them two passports, old and new wasn't enough.

That took them more than a month to figure. More than a month of a constant email ping-pong where they were requesting more and more documents, some of them multiple times over and over.


I work there, It sucks. I can imagine being a customer


Their crypto support is a joke. You can only buy and sell with them. You can't transfer in or out. So in effect, you don't have any crypto. You are just paying them to convert money into something you can't use.


They are pretty clear in their terms about what you are doing when trading crypto. Trading crypto in Revolut is like trading contract for difference on stocks.


Because our government decided to play 1000 pound gorilla about our citizens hiding money in foreign countries.

Never mind that the big fish they are really after wouldn't have it in their own name and thus are basically unaffected. It's a lot easier for companies to simply say no US customers than have our idiots in Washington after them.


They only let you buy and sell crypto, you can't send it anywhere.


FACTA might be the answer.


"How hard must being a bank be, it's just a few numbers in a database."

After all those new-ish, app-based banks are for people with too much time on their hands. You mostly can't talk to anyone, and when they answer it's just a copy-paste from their FAQ. They also lack features, e.g. Kontist doesn't support international bank transfers. Support will tell you "well it could work, but we can't give you any assistance". I don't have six months until your development team understands and implements some protocol!


> You mostly can't talk to anyone

No phone number should be a dealbreaker for banking. 99% of the time, you don’t want to talk to a banker. But that 1% of the time can make or break you for months or years.

These start-ups (e.g. Bank Simple, Revolut, et cetera) prey on consumers who have only experienced the 99%. You don’t want to have a 1% event, like fraud, or an issue overseas, or a liquidity crisis, with a service you can’t talk to. (It’s also bad enough when it’s your first time with an issue. You don’t want to be banking with someone who’s (a) never solved that problem before either and (b) not available to talk to.)


> No phone number should be a dealbreaker for banking. 99% of the time, you don’t want to talk to a banker. But that 1% of the time can make or break you for months or years.

To be fair, even having a phone number may not help. I spent four months at the beginning of the year trying to get HSBC to close a business account. When visiting the branch I was told I needed to phone head office as they deal with business accounts. After speaking to first line customer support I was told many times "someone will call you back" but nobody did.

Eventually they closed it, but I never received a refund for the account charges between when I requested the closure and it actually being closed, which I was promised.


> 99% of the time, you don’t want to talk to a banker. But that 1% of the time can make or break you for months or years.

This is why I still use my local Sparkasse (credit union) and pay ~9€ a month. They can sort out pretty much everything instantly - need a second card for your s/o, a secondary account for handling freelancer income, or a loan? No problem, show up and get what you want.

Additionally: when you're up for buying a house and all the lender bank has to look is the credit score, you will be paying more interest than if you apply for a credit at the bank that has handled your business over decades. None of the "new online banks" does real estate financing.


> Additionally: when you're up for buying a house and all the lender bank has to look is the credit score, you will be paying more interest than if you apply for a credit at the bank that has handled your business over decades.

Which country are you in? This has most definitely not been the case for me anywhere I've lived. It's irrelevant if you were a customer with the bank before the mortgage application or not.


> Additionally: when you're up for buying a house and all the lender bank has to look is the credit score, you will be paying more interest than if you apply for a credit at the bank that has handled your business over decades

[citation required]

In my experience neither credit score nor past business have a significant impact on interest rate. Price and value of the house is everything.


> you will be paying more interest than if you apply for a credit at the bank that has handled your business over decades.

Is this actually true? That would be a real reason for me to do the same, but if not I would prefer my money to stay with the GLS, which invests it ethically.


For what it's worth, Monzo seems to be the only 'challenger bank' that's getting this right. They have the 24/7 in-app chat support that's super helpful, but then also a phone number you can call if you're into that. My every interaction with them as a customer has been fantastic.


I called the phone number on the back of the Monzo card today a few times. There's a recorded message saying that they're too busy and then they hang up. That phone number is bogus.


Hey, thanks for flagging. I will look into that. The number is definitely meant to be staffed at all times


I've had negative but acceptable experiences with Monzo and Starling. Would recommend both of them, and actively use both myself.

I've had negative and intolerable experiences with Curve, TransferWise, Tide, and Revolut. I would recommend avoiding all of them. Not all of them offer banking solutions (Curve being the odd one out in that list), but the three that do are all e-money, which I guess speaks for itself.


My experience with Curve has always been great.


What was wrong with transferwise out of interest?


I was impressed at first with the chat support but each time they've been unable to solve my problem and promised to get back to me, but never did. So, while you don't have to hold for 20 mins on the phone and get passed around like a normal bank, it takes literally days to sort something out. But they're great otherwise!


This is why I will always bank with the old-school banks. Being able to reach someone on the phone -- or even turn up at a branch -- makes it a lot harder for them to ignore you when there is a major issue that needs resolving. But then, my "traditional" bank has a very good app, and treats me extremely nicely, even when I've had all of a few euros (or less than zero euros) in my account.


Even the old school banks have their issues, HSBC and money laundering for cartels comes to mind.

Money is power and power corrupts seems to apply too often with this stuff.


Well, my bank is a co-operative with a corporate duty to invest in social and ecological initiatives, so other models are possible (and successful!).


HSBC laundering money doesn’t affect my current accounts. Not saying that issue isn’t important, but that doesn’t hurt my personal access to funds.


Don't kid yourself. Post cartel scandal, opening an HSBC account transcended difficult to impossible in certain jurisdictions.


Yup. For all their flaws and bureaucratic inertia, big banks still have the largest coffers for providing a well-rounded product. Given how backend vendors like Fiserv can be hacked and have 0 repercussions doled out to them, I simply could never recommend banking with local mom-and-pop banks. Just avoid HSBC and Wells Fargo, and you're good.


don't use their insurance. Recently I was in Istanbul and the insurance didn't activate. Their app did not register me as in Turkey. All permissions were ok, Google Maps worked and I purchased a cappuccino with the Revolut physical card in Istanbul. Still, according to them I was not in Istanbul and there was some problem on my end.

So, I was uninsured. Imagine if this happens when you are in the US and you get sick. This is serious stuff, it's just too risky to let them play with it.


How do you know the insurance wasn't activated? Why does the insurance activate based on location rather than date?


I believe that the standard card has the option to purchase insurance and it will be billed only for those days that you were abroad. I don't think that you have to activate anything if you have a plan that includes insurance (premium/metal).


If you are billed only for the days you are abroad that makes sense but how does the user know whether or not the insurance is active?


Exactly. You can't activate it manually. It's activated by the GPS.


If GPS can be spoofed by Pokemon Go hackers this seems like a dumb thing to base anything important on like insurance being active or not. What the fuck?


From user perspective: What are the odds that somebody is going to follow you when you leave your home country and do targeted GPS spoofing specifically for you while causing some kind of accident/harm to you?

From Revolut perspective: insurance theoretically could be abused but i doubt they haven't calculated the risks as it would mean losing money although i don't see how this is different than me getting travel insurance online and just providing some travel info that from X to Y i need it.


I experienced the other end of the spectrum with Revolut. My wife saw an advert on Facebook for a and indoor children slide, it looked quite nice for a 100 bucks and since I was busy with work, I didn't due any due diligence and ordered the item. Received the confirmation email, then life went on. In about 2 weeks time, I remembered this order and wanted to check the progress. I opened the order summary link from the email, but it was a 404 and oddly the site looked very different than before, this was the first time I had a feeling, I may have been scammed. I replied to the order email, and asked them for a status update. There was no reply within 2 days, so I went to the site again, and looked for the contact details. I found and email address(Gmail), but no company details whatsoever. This was the time when I realised, I got scammed. Anyways, I sent an email to that address, but of course there was no reply. A day later and decided to figure out where is the site hosted and going back to the contact form, I found a new contact email address(an Outlook one). Since then, I checked the site a few times and the contact address was a different one multiple times. Anyways, I realised it is a scam, found out the site is on Shopify, reached out to them and they directed me to my bank. I contacted Revolut, briefed them about what happened, and they started the chargeback process. Oddly a few days after they did that, I got another email from the merchant with a tracking code. In about 2 weeks I received a fidget spinner like plastic crap from China, which I never ordered. I notified Revolut about this too and they also told me, the merchant sent them proof me doing the transaction and want not to allow the chargeback, but since I said at the beginning it was me doing the transaction, just never received the items, I just need to fill out another form, stating this and they will carry on, trying to get my money back. As of today, I still didn't get my money back and I am not sure I ever will, but Revolut was really helpful during the process so far. I am more dissapointed with Shopify, I thought they vet their merchants or at least care about reports of misconducting ones, but they didn't give a crap about me telling them about a scam site running at them. I also found crazy that they don't force the merchant to disclose company details, that's required by the law in many countries.



This is great, thanks, I plan to. I was going to file with the UK small claims court because I didn't know which jurisdiction, but this is perfect, thank you.


FWIW - having to wait for pending transactions to post before filing a chargeback is how traditional banks have treated me, and I'm guessing is probably just part of the Visa/Mastercard dispute resolution process (someone who knows better might correct me here). Though you'd think a next-gen mobile-only bank would be able to put some additional automation around the process so that they would contact you again on the day the transaction posts to confirm you want to go through with a chargeback, or something like that.

The rest of the story looks really, really bad for Revolut - I have never had a traditional bank speak to me like that before.


Visa/Mastercard use a DMS or dual-message system that is basically a digitisation of the paper-based "click-clack" machines, possibly with a phone-based pre-authorisation.

The first message is the auth which comes online. This can only be accepted or declined. Once it has been accepted the value of the transaction is reserved against the credit limit but no movement of funds takes place. The issuing bank can remove the auth manually, but this just releases the credit, it has no impact on what happens next.

The transactions are posted to the account in overnight batch, during which the card system will attempt to match the pending auths and remove them. Some transactions (such as recurrent ones) will have no matching auth. There is no opportunity at this stage to "reject" a transaction, the batch is applied or it isn't. The issuing bank will typically get or more batches per BIN.

The dispute process at this point involves the issuing bank (Revolut) issuing a chargeback against the acquiring bank, which triggers a process during which each bank has certain timeframes to reject or accept the chargeback. So from this standpoint Revolut is basically following standard process.


> having to wait for pending transactions to post before filing a chargeback is how traditional banks have treated me

Yeah, I guess they have a reason for doing that, though I don't know what it is. Still, I would have thought they can cancel it in cases of fraud? Maybe it's so you can't "dine and dash" or similar.


That's why they are called _transactions_. They are an immutable journal of amounts coming in and going out.


Why the hell would you even use a "virtual" card? With the rate at which personal data is being stolen day after day and companies as large as Equifax being breached, why would you trust your money with an all-virtual bank? Especially one that is so new? It's just asking for trouble. I've had the same bank since I was 17 and they have literally never let me down, and the couple of times I had a fraudulent transaction occur, they automatically flagged it and called me to ask if it was legitimate.


Virtual card is a disposable card that you can use X times (or whatever you set it up). For example, i use virtual cards for services that require CC info in order to register for trial, this way i don't have to remember about my trials expiring and getting charged (because i set the virtual card to be used only once / delete it right after i have used it).


Fintech companies market their products specifically towards people who see themselves as "rugged individualists" who don't need the nanny state to look after them, or millennials who are untrusting of big banks after 2008.

I fall into the second category, but I'm also aware that what little I have in $bigBankCo is covered under depositor's insurance, and I'm good as long as I don't sign up for their usurious lines of credit or things like that.

And I've seen way too many smarmy startup dudes promising customers the earth, moon and the stars if they join their revolutionary "non-bank". No thanks.


"Virtual card" is a thing in their app. You still have a physical card. The virtual card is for shady shops and such, so that you can delete it afterwards with a single click.


Bitcoin and some of the financial startups seem like efforts at educating the public about why regulation exists.


My physical bank charges quite a bit for international payments on my credit card (even all in Euro). Revolut doesn't. That said, I avoid keeping money there, even if that means waiting a day or two for the SEPA transfer to clear before I can use it.

I also keep money in two different "regular" banks, since I don't trust those much either.


Revolut indeed does not care for you.

I was one of the early adopters and their ardent evangelist. I probably hooked more than 10 people to Revolut. Before they were giving any incentives for referrals.

But their customer support turned to shit, their exchange rates became less 'fair', and their service became much, much worse.

A few examples...

(1) I traveled to the US, had troubles activating the travel insurance, contacted customer support, got it working. All good. A few months later, I find weird charges on my account. Contact customer support, ask about the charges. Turns out they charged me insurance fee for days that I was apparently insured, a month later. Best part: I had absolutely zero proof that I was insured at the time I was supposedly insured (take a guess how that would work out for me if I had to make a claim).

(2) I was trying to use their travel insurance again (between my first trip, and their fraudulent charge). The insurance is supposed to auto-activate when you travel abroad, but it did not. Contact customer support as soon as I realised (after arriving to the US), but they refused to activate it cause I already reached my destination. Had to get a different insurance, having to drive 1.000 km in the US without health insurance, before my new travel insurance kicked in. Luckily, nothing happened.

(3) We tried to open a company account. Us three owners were registered as authorised persons in the application form. Our application got refused, no explanation. Plus they froze PERSONAL accounts of my two co-founders for around two weeks. No access to their funds, no explanation. Try contacting the customer support, only to have a bot spew boilerplate nonsense at you. After a few weeks, their accounts just started working again. Explanation? Apology? You wish.

Bottom line is, they can't be trusted, let alone relied upon for anything even remotely important.

Worst thing is their entire pitch was about how they are on a mission to improve 'bad old banks', yet they failed on very fundamentals of banking.

For me, they are a Ryanair of financial services: cheap, but will screw you if they get a chance; and good luck if anything goes wrong.

A few days ago they sent an email offering their Metal cards for referrals. A few years ago I was doing that for free. Today there is no chance I would recommend Revolut to anyone.


Its funny to see that "Digital" only banks are failing to solve the problems which they were created for :)


Before I signed up for Revolut I did a bit of research and found some incidents that made me more cautious than usual. Unfortunately at the end of my analysis I found no better option, so I signed up. But knowing what I do, I have 2 rules:

- don't keep a significant sum there; not more than what I can afford to loose if things go wrong

- keep unused features disabled at all times, activate and deactivate features or card only when I want to use it. Practically my card is blocked until I want to use it and blocked again as soon as I paid.

My balance today is ~ $35. I will top up when I need to pay more, it is enough for a coffee, a snack or to fill in gas (I ride a bike, even with expensive European gas it's still ~ $25 for a full tank).


I had good luck with tranferwise.


I’ve been happy with TransferWise for years as well. Their support is decent, and their products/services are some of the best available.


Same here, but I have recently changed to Revolut for transfers abroad since even for very large transfers the TransferWise “fee” (exchange rate plus transfer fee) is at about 1.4%, while Revolut is at about 0.4% if you withdraw cash from an ATM. This is if your end goal is to get cash on the other end, rather than services where Revolut would have an even sharper edge. If someone has another viable alternative I am all ears as I am hardly enamoured by Revolut’s app and behaviour.


With all this effort, cash seems much easier option.


One of Revolut's selling points is fee free overseas card purchases. Some people have travel schedules where local cash is actually an annoyance, and topping up the app balance via mobile before paying for something certainly isn't any harder than withdrawing extra cash.


I'm a Revolut customer and as far as I can tell that is BS. Always cheaper to transfer in via Transferwise. I only use Revolut for single purpose/use cards so my primary PAN isn't floating around in public.


It is hard to get gas at night without a card. I'd say it is the biggest use case for a physical card.


Very interesting. I must say that I have always been interested in this application, but when I see that on exodus it is listed 8 trackers + 40 permissions I conclude only one thing : I am the product that must be sold.


Thanks for posting this.

I haven't yet got on the 'challenger bank bandwagon' mainly due to laziness.

This has made me a lot more hesitant to do so. Certainly not with revolut, who are now notorious for a broken growth-first mindset.


I'll get on the bandwagon once these companies do something that puts money in my pocket. Orange back in the day used to offer a savings account with 4% interest. That's how you build market share.

All I hear from these upstarts is how easy their app is to use, and how frictionless my payments will be. These are utterly meaningless platitudes. Show me the money.


I've been using Transferwise for a while now, and at least on the face of it, they seem quite boring and sensible. They're the first non-bank that's been granted direct access to the UK's faster payments network.


Do TransferWise let you keep money with them and give you a card? I thought they were just a transfers company.


That used to be the case. They've recently launched their "Borderless Account" that comes with its own debit card: https://transferwise.com/gb/borderless/

(the card is an ugly neon green, but works fine in my experience)


The card just happens to the same color as my 3d printer wallet :) https://www.thingiverse.com/thing:3218830



Oh fantastic, thank you!


Last time I checked they don't support associating their borderless card to a Greek postal address.


Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: