Today, I took part in a security workshop. I will write a series of articles on Noobz in the coming days about what we learned new on this occasion, but also what we knew, and it was confirmed to us. In this article I want to talk about Revolut, the security of this service and why I don't even trust it anymore. 
UPDATE 10.05.2019! The article has been updated with Revolut's position. Certain terms have been replaced to remove any suspicion of malice, which may appear to be directed at the parties involved.
I will cover the subject as much as I can think of, as I have experienced the relationship with this service and documented the experiences of others.
I made a Revolut account
This is what happened in February, before we went on the # 10countries # 14cities # 20days. Based on the recommendations of my friends, I said that Revolut is only good for a travel experience in Europe. I activated the account in a few minutes, and to do that I had to transfer 50 lei from another account to it. Something I didn't think was okay, but I said obey the rules.
Then, naturally, I ordered a physical card. The Romanian Post should have arrived in time for our departure (time limit - 3 weeks). I had caught the period when I didn't have to pay 25 lei for the card, so no money was withdrawn from my account.
I received an email notification that my order had been registered and the card would reach me in 14 days. All the best so far!
The 14 days have passed, I have not received any sign from Revolut. Another 7 days passed, and I received nothing. We went on our European tour, but no one ever contacted me for delivery. No physical card came in the mailbox.
We return to Romania in March and try again in April
I said that maybe while we were away something happened and the postman didn't reach me. So, I ordered the card from the Revolut app again. That's in early April, before Easter. Today is May 9th and no card has reached me. I received the same notifications at the beginning as when I first ordered the card and nothing more.
I decided to close my Revolut account
For me, everything is as simple as possible. You fooled me once, let me be ashamed! You fooled me a second time, shame on you!
Why do I say I'm fooled? Well, if you tell me that in 14 days a product sent by you will reach me, I expect you to keep your word. The first time there may be an error, we are all wrong at some point. But when the second time comes, what do you see, I don't really believe in coincidences.
I transferred the 50 lei from the Revolut account to another card and tomorrow I will contact a representative of theirs to close the account. I read in the application that immediately after the operations are completed they can request the deletion of the account. I just found out something I didn't know. Even with the deleted account, Revolut "is obliged to keep the data on former users for 6 years". Although it is not authorized by anyone to carry out banking activities, the company formulates the answer: "as an authorized financial institution we are obliged to…" .
Yes, Revolut is licensed by the UK Financial Conduct Authority under the 2011 Electronic Money Regulation. Regarding the regulations in Romania, all the member states of the European Union apply the same regulations. This is Directive (EU) 2015/849 against money laundering and terrorist financing, together with Regulation (EU) 2015/847. Anyone interested in finding out more can access this link.
Basically, the Romanian Police has a more difficult control over the frauds that can take place through Revolut. And it seems that fraud is on the rise. This is just a simple online search or in the Revolut community.
The frauds in which Revolut is present are not few
The latest case of Revolut fraud that I heard about and that caught my attention is that of Timotei Campean. During May 7, money was repeatedly stolen from his Revolut account. In total about 2390 euros. He deactivated the card in the first minutes, notified Revolut, but no one came to him in time with a solution. Basically, at this moment, the person is "relieved" of this money and could have to wait for the solution for 45-60 days, depending on the Visa or MasterCard policy. You can find his full story on his Facebook page, updated in real time.
UPDATE 10.05.2019, time 18:30! Timo got his money back in 48 hours
I don't know if the article I wrote on Noobz influenced Revolut's rapid action in any way, or if the article Groparu wrote has anything to do with it. I hope it is only about the professionalism of the parties involved and not about the implementation of a crisis strategy.
If you take into account Timothy's comment published after he received his money, you kind of question yourself again. He did not receive any official response from Revolut Romania or Revolut Great Britain on his situation and what actually happened to the money. To which is added the fact that today I was asked for several iterations of this article by the representatives of Revolut in Romania. You draw your own conclusions. I'm not implying anything, I'm just asking myself some questions. 
I believe, however, that even with the money recovered, Timo should file a complaint with the Romanian Police. An answer to his case would be a clear example of how good it is to act if you were stolen by cloning cards (if this turns out to be the case).
In the meantime, there have been two more attempts to withdraw money from the account
Luckily he had a balance of 0. "Even if the user has disabled the frame, he can see the transaction attempts". To prevent this from happening again, Revolut says that "the card should be DELETED permanently."
Revolut's customer support service leaves much to be desired. The only way to find someone in the company for now is to chat and wait. You can come with the mother of the evidence, also 45 - 60 days is the legal term to do you justice, said the Revolut representative for Noobz in a telephone conversation.
He just tells you that "this is our procedure". Go on, God have mercy. You can go to the Romanian Police, but you might make your way in vain. At least that was the case for some of the users who have complained in the past about fraud involving bank transactions as a result of card cloning.
From Romania you will be answered 2 days later than from Great Britain. Greater love for someone to make fun of you, for your money.
Revolut, accomplice to fraud? Current legislation says no
Currently, although you report to Revolut that a transaction has not been authorized by you and must be URGENTLY blocked, what do you think is happening? Revolut says "Sorry, you have to wait until the transaction is complete, then we'll file a complaint."
Seriously? I mean, I'm telling you CANCEL THE TRANSACTION THAT I DIDN'T AUTHORIZE IT, you say it has to be complete to make a complaint? I understand that these situations are related to Visa and Mastercard and they can follow the necessary procedures for the injured party to be compensated.
What does Revolut say about that?
According to the company, “once the transaction has been processed, even if it appears in the application as pending, it can NO longer be stopped by Revolut. That's because the money is no longer at Revolut. Once the chargeback procedure is started, it is processed in accordance with Visa and Mastercard regulations. They differ in both process and resolution time. ”
In the end, I still think that a company that claims to offer you the safest money management service on the market should be more involved when you are the subject of fraud.
Accidents can happen frequently, that's for sure. But I don't understand how you can't block the money from leaving your account? How can you not block that money and redirect it to another valid account of the beneficiary, until it is discovered who the thief is? How can you, with such great carelessness, say that you are sorry, but let the man sit relaxed and get his money to the robber, so that he can be recovered. Why doesn't Visa, MasterCard and Revolut work together to get you compensated in less than 45-60 days? Why do you have to wait so long for justice?
And, another question arises: shouldn't the way these services are regulated be optimized? Aren't some major risks being lost that only affect the end user? I'm asking!
You may receive the money back, you may not receive it
It depends on whether it turns out to be a real fraud. Both in the case of Revolut cards and in the case of banks. Timo's case is ongoing.
I'm curious to find out the outcome anyway and I'll keep an eye on its updates. It's just that, whether he gets his money or not, the man has been treated with the utmost disrespect by Revolut. I think Revolut has a lot of work to do in terms of customer support. Especially now that it has announced that it has exceeded a portfolio of 250,000 users in Romania.
For me, what happened to Timo and the delay in the arrival of the cards were the things that determined me to delete my account. I have no guarantee that one day I will not be able to replace Timo. In fact, there is no guarantee that you will never be the victim of online fraud. He won't even have cash stolen.
It's human to be wrong
You may not pay enough attention to the settings you enable in the app. The passwords used may be weak, especially since the Revolut consists of only 4 characters. Of course, the password is just a first step in security. According to Revolut, "compromising a card has absolutely nothing to do with the password used to access the application." 
"A compromise card means that it was cloned at the ATM or when you made an online payment on a site," says Revolut. "In Timo's public case, it is about withdrawing a sum of money in RON from an ATM in Ferentari.", Something that Revolut says has nothing to do with the application. Because I don't know exactly how card cloning works and how you can transfer money from an app, if you cloned a card without using the app, I'm looking forward to a response from Revolut on this topic.
Regarding passwords, cybersecurity experts say that there should be no password below 8 characters. And if possible, make it as complex as possible. But we will talk about this in the coming days, when we detail in several articles everything we know about user safety in the digital environment.
Can the user be blamed for the fraud that targeted him?
He may be guilty of failing to set a maximum daily withdrawal threshold. That he didn't have a strong enough password, that he didn't deactivate his card when he wasn't using it, or that he didn't activate location-based security.
That he chooses too easily to use a particular service. He can be guilty of many things. But not that he was the victim of a theft. He had no way of knowing that his card could be cloned and especially that the money in his Revolut account could be transferred by such a simple evildoer.
Revolut has obtained a European banking license. The Revolut service is not regulated on the market in the same way as a traditional bank, so the state authorities do not seem to have control over the application. "When they create a Revolut account, users agree to comply with the laws in force in their country. Otherwise their access to the account may be suspended / restricted. We actively collaborate with the regulatory institutions in each country in which we operate and Revolut user accounts can be blocked, ”Revolut told Noobz.
But the service provider can be just as guilty
Well, what security system do you have on the platform, dear Revolut, if you can't tell the difference between a real user and a suspicious user? If the man is called Timothy Campean and the thief Ismail Tural-Ekstra, do you consider him one and the same person? It is a pertinent question to which I am curious, just as you, who read this article, find out the answer.
And Revolut's answer came:
According to the English company, it seems that Ismail Tural-Ekstra is not currently declared a criminal. It is considered by Revolut only "the person to whom a payment was made (it can be a trader or a natural person)".
Until proven otherwise, until a possible fraud is proven, "Timothy may well make that payment to his friend Ismail," says Revolut. So we're waiting to see if Timo is friends with Ismail or has been stolen. The investigation is ongoing. (Timo got his money back, see update above).
Dude, are we crazy, do we really get caught up in any service or product that is "on the wave"?
Folks, be a little more careful and stick your teeth in your pockets. Instead of spending money on Ismail's, isn't it better to take a vacation to rest after breaking your back working for them for hundreds of hours a month?
Revolut is not so sure when it comes to card cloning
If it had been, there would not have been so much fraud. The transaction authentication system would have been more rigorous. In addition, there should be a notice before you count on Revolut that if you are the subject of a fraud, you have to wait 45-60 days for justice to be done.
Yes, we like simple things. We have a mania to give credence very easily to very well marketed products and services. But when will we document things more carefully before we act?
Unfortunately, we only do this when we are victims. Until then, we pray to the Saint "it can't happen to me" and say that others are unlucky or stupid that they didn't make sure of X, Y, Z things.
I do not accuse Revolut of anything, not to be misunderstood! To make accusations, you need evidence. I'm just asking myself some questions, as a current customer and potential victim of fraud (in case I'm unlucky).
Revolut should give back to the fraudulent people the money back faster than in 45-60 days
Revolut should have given Timo the money back and then settled his accounts with the thief or Visa and MasterCard. Let him follow the necessary procedures and wait for the money back.
But, it seems that Revolut does not agree with me, as a user. "Revolut is NOT waiting to receive the money back from the thieves and is not in charge of recovering it for return", is the company's statement.
According to Revolut, the company "gives back fraudulent people money, there is no doubt. The resolution procedure is the same as for banks. " It would be useful if this aspect was mentioned big, fixed under the user's eyes, when he makes his account in the application.
If I don't understand the financial system, I'm really waiting to be enlightened by someone
But when it comes to my money and the potential dangers that a service or product can put me in, I ask a lot of questions.
What if Timo was through Australia, Indonesia or Papua New Guinea? What if it was his only money and he didn't even have water to drink? It seems that Revolut would have done the same, because "this is the procedure".
I understand that any bank is waiting for the transaction to be completed before any action can be taken. But why? Why is it normal for the thief to have another chance to get his hands on the money and disappear. If you can stop transactions, why not do it? I don't understand that and I would love to know!
The answer came today, May 10, 2019 from Revolut: “because the money has entered the circuit and is no longer with you. You can't stop them! ”
I do not recommend Revolut
Not as long as the security system feels, as a user, that it is fragile. I have to be convinced that's not the case. Not as long as customer support is only on chat, exclusively in English and with such a great lack of respect for the customer.
Not as long as Revolut is only authorized by the UK Financial Conduct Authority under the 2011 Electronic Money Regulation. I want to see a regulation specific to banks, because we are talking about money, mine, yours, ours.
Especially in the context of Brexit in the UK.
You can contradict me
You are free to do so if you have the necessary arguments. Just don't say, "It can't happen to me."
When Revolut meets all of the above criteria, I will test the service and return with an opinion. So, Revolut, I'm waiting for you to convince me, and I'll turn to the others. Until then, guard your pockets, physical or virtual!
PS: Do not compare with Uber or other services in Romania that are not yet regulated. Revolut works with money, in a way that many of you do not understand. It's a completely different scheme for this company. And, according to someone on Facebook: "money is safe only in the sock at home."
PS-PS: Groparu wrote an interesting article about Revolut card cloning, for those interested.
Photo article
Subscribe to YouTube Noobz | Follow us on Instagram | Like Facebook Noobz