Lessons from bank fraud featuring Revolut

"Innovate fast and fail faster!" is a mantra that many fintech companies are following. Some successfully, some not so much.

Take example of Revolut, who seem to top the UK charts for the most fraud complaints.

(source: https://www.bbc.co.uk/news/articles/cj6epzxdd77o )

Originally published on: https://www.linkedin.com/pulse/lessons-from-bank-fraud-featuring-revolut-vladimir-jirasek-xakqe/

In my option the text messages should not be used in banking applications, as these are easily spoofed. I personally do not bank with Revolut. My banks of choice are Barclays and Starling Bank.

The innovations that Starling brings to the login security are:

New device must be authorised with your video where you read out a set phrase. This is manually checked by bank staff. Every login to a bank's app via web browser uses QR code that you must scan with your Starling app on your smartphone. This protects against spoofing attacks as the the attackers will not have that QR code (it is only showed after password first authentication level with a password).

Lessons learned for banking customers

Be vigilant when someone calls them pretending to be from the bank. My technique is not to divulge any personal details and tell them I will call back. Look sceptically at any bank that sends you a text message as part of regular authentication procedure.