Yes, but this has always been an issue for any service that allows you to find your contacts. It’s not a privacy issue per se, since you have to consent and the other person needs to know your number to see (just like look up by email with Twitter). iMessage rats you out in the same way, and attackers can use that method to target phishing scams towards Apple customers, it’s been known to happen. The same technique has also been used to target phishing texts and emails towards PayPal customers. It’s a standard industry-wide implementation.
Monzo does the same thing, although they don’t show the contacts mobile number in app, so it’s harder to know which user belongs to which mobile number using that script method. They are the only financial app I’m aware of it that obscures it in that way though.
There are methods Revolut can use, such as not showing the phone number in app, or using usernames instead for the services that require you to be identified by mobile number.
But this utility has always existed with service providers, and in turn this exploit has always existed with them. The usability trade off to prevent a rate case of targeted phishing isn’t usually worth it, and the method is actually more privacy friendly than alternatives. Revolut probably can and should do more to obscure the identifiable info so it’s harder for the bad guys identity which contacts are Revolut users, but that’s not going to put an end to phishing.
If it concerns you with Revolut, it should concern you with others who have an identical feature, and in some instances, you don’t even have a choice of opt in or opt out. It’s not a feature I’ve ever needed to use with any service, so I’ve never turned it on. The only exception is with iMessage, as that’s not a possibility.
To avoid any confusion, this is the setting you need to turn off (disallowing contacts access won’t turn it off):
Honestly, not really. Revolut’s implementation is pretty standard. But there are things some services do to make it harder to exploit, like in Monzo’s approach, as the Monzo app doesn’t show you which phone numbers link to which Monzo user.
To give you more peace of mind, we’re adding more detail in our terms about how we “safeguard” your money.
You know that sinking feeling you get when you pay someone and moments later realise you put the wrong account details in? We’re addressing this by introducing an ability for our support teams to reverse some mistaken payments made into Revolut accounts.
As you probably know, if you exchange more than our free exchange limit in a month, you pay a fee. This limit is decreasing to £1,000 each month (which, our research shows, most of you won’t hit anyway). Above that limit, our fee will stay the same at just 0.5%, and we’ll let you know if an exchange will be subject to a fee. Our Premium and Metal plans still have unlimited exchange, as they always have.
You will continue to enjoy the same interbank exchange rates on weekdays. For exchanges at the weekend, we’re slightly increasing our mark-up for major currencies from 0.5% to 1%, to cover our risks when the market moves (as it has a bit recently). The mark-up for other currencies is staying the same – see the full list here. (Remember, you can avoid this fee completely by making an exchange on weekdays.)
Our most popular payment types, such as payments to Revolut users, domestic transfers and Euro transfers within the Single Euro Payments Area are remaining free. If you make any other transfer to an account outside of your country, your first payment each month is also remaining free , but after that there will be a fee of 50p per payment.
If you make a transfer to a country that is not in its national currency, there will be a fee of £3 for USD transfers (like US Dollars to Brazil) or £5 for non-USD transfers (like GB Pounds to Brazil.) We’ll always let you know beforehand if a transfer you are about to make will incur a fee.
These changes will take effect from August 12 2020
Ignoring Brexit - can anyone say if paying Euros from my (UK) Euro accounts to non-UK Euro account (non-revolut) will still be free or not?
Also introducing monthly limits in the middle of the month is begging for confusion… ‘each’ month implies per calendar month to me, rather than rolling-30 day windows?
Fantastic news! They day they start using their U.K. license is the day they become my primary account. Unless any of their competitors improve between now and then.
Interesting, although I think personally the issue for me isn’t the lack of license I think it’s the brand portrayal. I don’t know why particularly, but I always have viewed revolut similar to the way I view crypto. A bit techy, a bit risky and a bit less grounded. I think the fact it does so much is actually a bad thing for me, it’s more of a utility card than a keep funds in bank. Not sure how they would turn that around for me personally.