Gavin Rennick had £46,000 stolen from his Revolut bank account by scammers in just 24 hours. He did not expect his instant messaging chat regarding the ordeal to end in: "Have a great day!".
Fraudsters posing as Revolut staff had called Rennick. They warned him of "suspicious activity" on his account. Then, they persuaded him to log in to the app to take various steps to avert it. This enabled them to empty his account.
Their action had left the 32-year-old from Belfast stranded in Australia and penniless. Taking his panic to Revolut's in-app chat-based support, he was confronted with a gauche messaging bot 'Rita'. This bot passes more serious complaints on to humans.
"It made me think where is the human side of banking, you need to realise you're dealing with human beings who've lost a lot of money and are scared," Rennick said.
Revolut said that the security lapses stemmed from phone numbers which can be faked or 'spoofed' by fraudsters, rather than due to its app. They added it was rectifying shortcomings in its response to fraud.
Revolut has racked up 7 million customers worldwide since it was set up four years ago. Digital banks like Revolut, with the backing of venture capital, are growing at lightning speed. They are luring new, mostly younger customers with snazzy apps, cheap access to cash abroad and low rates on foreign exchange.
Revolut and peers, such as Monzo and Starling, are set to treble their total customer base from 13 million to 35 million in the next year, consulting group Accenture predicts.
However, if things go wrong, fraud victims at Revolut can find themselves without the support infrastructure offered by traditional banks. Rennick said he was refunded ten weeks after his money was stolen following a stressful battle with the help system.
Four Revolut customers, including Rennick, lost at least £122,179 ($150,000) in total. They said the chat was slow, written in poor English and unhelpful. All were eventually refunded, simply finding the funds back in their accounts.
The attacks on Revolut are part of a growing problem facing banks. Around 1.2 billion pounds were stolen in 2018 from lenders in Britain alone, according to industry body UK Finance.
The Financial Ombudsman Service said complaints about frauds and scams rose to over 12,000 in the 2018/19 financial year. This was an all time record and up 43 percent on the previous year.
Britain's Financial Conduct Authority has said banks need to focus on fraud prevention, not just reimbursement, to restore customers' faith. For customers like Rennick, a key part of restoring that trust is the way fraud is handled.
Revolut acknowledges some problems in how it handled fraud cases and in how its in-App chat works, due to a lack of resources and adequate response systems.
On September 2nd, the company said it has opened a new customer service centre in Portugal. It claims it will hire up to 400 staff there for handling enquiries from customers worldwide.
Revolut has meanwhile diverted staff from other tasks to manage fraud attacks.
"It is incredibly expensive to have people answering the phones for fraud cases because there are clear peaks in demand, but it's really important for resolving a case quickly and being able to explain to a customer what's happened," said Richard Emery, an independent expert who specialises in helping bank fraud victims.
"The online chats just felt so incompetent, they had no idea what's going on, it gave me no confidence I'd get my money back," said Victoria Frost, an airline cabin crew worker and scam victim, who said many of her colleagues use the app.
Soups Ranjan, San Francisco-based head of financial crime risk at Revolut, told Reuters his unit was hiring aggressively to reach an eventual total of around 140 anti-fraud workers. In many cases, Revolut is adding features now that would have helped the recent victims, he said.
Victoria Frost was deceived by a text message that appeared to come from a Revolut phone number, asking her to click on a link to what appeared to be a legitimate company website.
Scammers in these SMS-message or 'smishing' attacks use security holes in the text messaging system. This enables them to 'spoof' or impersonate a company's phone number. Revolut said all its customer interactions are done by in-App chat and it never calls users or invites them to log into websites in this way.
Revolut acknowledged that the names such as Mila and Zlatan that customers see when talking to in-App help are pseudonyms, designed to prevent service staff from being identified.
"I have a serious concern with organisations like Revolut where you cannot talk to someone and they have no facility for phoning you," bank fraud expert Emery said.
Ranjan said Revolut has improved the tone and professionalism of its help staff and is looking at adding phone support in the near future.
Source: Reuters London, 05 September 2019
Reporting: Lawrence White