By Lawrence White
LONDON (Reuters) – “Have a great day!” was not the way Gavin Rennick expected ‘Zlatan’, an agent for his bank, Revolut, to end their instant messaging chat about the 46,000 pounds ($56,470) scammers had stolen from his account in just 24 hours.
Fraudsters posing as Revolut staff had called him, warned him of “suspicious activity” on his account and persuaded him to log in to the app to take various steps to avert it — thereby enabling them to empty his account.
Their action had left the 32-year-old from Belfast stranded in Australia and penniless. Turning in his panic to Revolut’s in-app chat-based support, he was confronted with a gauche messaging bot ‘Rita’, who passes more serious complaints on to humans.
“It made me think where is the human side of banking, you need to realize you’re dealing with human beings who’ve lost a lot of money and are scared,” Rennick said.
Revolut said that the security lapses stemmed from phone numbers which can be faked or ‘spoofed’ by fraudsters, rather than due to its app, adding it was rectifying shortcomings in its response to fraud.
Digital banks like Revolut, which has racked up 7 million customers worldwide since it was set up four years ago with the backing of venture capital, are growing at lightning speed, luring new, mostly younger customers with snazzy apps, cheap access to cash abroad and low rates on foreign exchange.
Revolut and peers such as Monzo and Starling are set to treble their total customer base from 13 million to 35 million in the next year, consulting group Accenture (NYSE:) predicts.
However, if things go wrong, fraud victims at Revolut can find themselves without the support infrastructure offered by traditional banks.
Rennick said he was refunded ten weeks after his money was stolen following a stressful battle with the help system.
Four Revolut customers, including Rennick, who lost at least $150,000 in total, said the chat was slow, written in poor English and unhelpful. All were eventually refunded, simply finding the funds back in their accounts.
The attacks on Revolut are part of a growing problem facing banks, with some 1.2 billion pounds stolen in 2018 from lenders in Britain alone according to industry body UK Finance.
The Financial Ombudsman Service said complaints about frauds and scams rose to over 12,000 in the 2018/19 financial year, an all time record and up 43 percent on the previous year.
Britain’s Financial Conduct Authority has said banks need to focus on fraud prevention, not just reimbursement, to restore customers’ faith.
For customers like Rennick, a key part of restoring that trust is the way fraud is handled.
Revolut acknowledges some problems in how it handled fraud cases and in how its in-App chat works, due to a lack of resources and adequate response systems.
The company on Sept. 2 said it has opened a new customer service center in Portugal and will hire up to 400 staff there for handling enquiries from customers worldwide.
Revolut has meanwhile diverted staff from other tasks to manage fraud attacks.
“It is incredibly expensive to have people answering the phones for fraud cases because there are clear peaks in demand, but it’s really important for resolving a case quickly and being able to explain to a customer what’s happened,” said Richard Emery, an independent expert who specializes in helping bank fraud victims.
“The online chats just felt so incompetent, they had no idea what’s going on, it gave me no confidence I’d get my money back,” said Victoria Frost, an airline cabin crew worker and scam victim, who said many of her colleagues use the app.
Soups Ranjan, San Francisco-based head of financial crime risk at Revolut, told Reuters his unit was hiring aggressively to reach an eventual total of around 140 anti-fraud workers.
In many cases Revolut is adding features now that would have helped the recent victims, he said.
Frost was deceived by a text message that appeared to come from a Revolut phone number, asking her to click on a link to what appeared to be a legitimate company website.
Scammers in these SMS-message or ‘smishing’ attacks use security holes in the text messaging system to ‘spoof’ or impersonate a company’s phone number.
Revolut said all its customer interactions are done by in-App chat and it never calls users or invites them to log into websites in this way.
Revolut acknowledged that the names such as Mila and Zlatan that customers see when talking to in-App help are pseudonyms, designed to prevent service staff from being identified.
“I have a serious concern with organizations like Revolut where you cannot talk to someone and they have no facility for phoning you,” bank fraud expert Emery said.
Ranjan said Revolut has improved the tone and professionalism of its help staff and is looking at adding phone support in the near future.