In mid-December, my phone was stolen outside a pub in London.
The thief accessed my Revolut online money account and transferred £2,050 from my savings to another Revolut user.
The next day they took an Uber to Selfridges using my account and I assume had a nice time spending my money.
I asked Revolut if it would reimburse me, as I was a victim of theft and fraud.
It refused, telling me there was no ‘suspicious activity’ or ‘attempted logins’. I don’t think this is fair.
I’m also concerned that someone was able to make such a big transaction without knowing my passwords or any of my security information. Can you help? C.E, London
Nicked: C.E had his mobile phone snatched outside a pub – but that was only the start of his problems as the thief proceeded to raid his savings
Helen Crane of This is Money replies: Mobile phone thefts are soaring in the capital with one stolen every six minutes last year according to the Metropolitan Police. I’m sorry to hear you’ve been a victim of this.
Unfortunately, swiping smartphones is a lucrative game for criminals. Not only do they get a valuable piece of tech they can sell on, but also the chance to get into the person’s bank and online shopping accounts and go on a spending spree at their expense.
Sadly, I suspect this is happening all over the country. It happened to a friend of mine in Birmingham recently, in a similar situation when he was in the street waiting for a taxi home after an evening out.
He was hit and knocked to the ground, to distract him while the thieves made away with his phone.
They took money from accounts with two different banks, opened a large overdraft with one of them, and also spent on his credit card with a third bank.
The damage came to a grand total of £7,000, which he did manage to recover – but only after weeks of anguish and what seemed like endless calls and messages back and forth with the three banks and the police.
In your case, the thief made a transfer to another account with Revolut. Even though you have the name on that account, you said the police told you they couldn’t help.
But how are people getting in to these accounts? Most money apps require a password for entry, or for the person to use their face or fingerprint to prove it is really them.
Revolut itself says on its website: ‘To make sure we know it’s you, customers accessing Revolut via the mobile app are asked to provide either a Pin, passcode, or biometrics (i.e. fingerprint or facial recognition).’
In both your case and that of my friend, you are tech-savvy people and were absolutely insistent that you didn’t have your pin or passcode saved anywhere on your phone, and had never sent it in an email or message that the thieves may have been able to dredge up.
I’m not a scam expert, but it seems there are two options. The first is that these thieves are computer wizards and have found a way to get around the passcode requirement.
The second, and much more likely, is that they had been watching you in the pub and seen you enter your passcode earlier in the evening – most likely when paying for a drink at the bar.
This is known in fraud circles as ‘shoulder surfing,’ which makes it sound a lot more fun than it actually is.
You asked Revolut if it would refund you the money, as you had been the victim of theft and fraud.
‘Shoulder surfing’: It seems the fraudster may have got C.E’s Revolut passcode by looking at him when he was paying at the bar
However, your request was rejected, on the grounds that there was ‘no suspicious activity’ or ‘attempted logins’. You made a complaint about this, but it was also rejected.
According to the Financial Ombudsman Service, financial firms (I am using this phrase in lieu of ‘banks’ as Revolut does not have a banking licence in the UK) should, in most circumstances, refund a customer if a sum comes out of their account with they have not authorised.
In many cases, they will also agree to refund if it is obvious that a scammer has tricked the account holder into authorising the payment.
Your case is slightly tricky, as to Revolut it would have initally appeared that the transaction was made – and therefore authorised – by you. It was made on your phone, and your passcode was entered.
But once you explained that you had been robbed, Revolut should have given you the money back.
A look at your transactions should have proved that sending more than £2,000 from your savings to someone you had never paid before, in the middle of the night, was not typical activity for you.
I do question whether an extra layer of security could have been applied, for example asking for an answer to a secret question – though with so much of your personal information contained on your phone, it would need to be something the thief couldn’t quickly look up.
I contacted the e-money firm to ask why it hadn’t paid you back in the first place – and to try and find out how the thief got into your account.
I’m really pleased to say it has topped up your savings account by the entire £2,050 taken, as well paying you an additional £250 as a goodwill gesture.
Protect your passcode: It is a good idea not to have the same code for a lot of different apps
A Revolut spokesman said: ‘We are very sorry to hear about C.E’s case, or any instance where our customers are targeted by ruthless and highly sophisticated criminals.
‘On further investigation of (his) case we have issued a full reimbursement for the stolen funds, in addition to a goodwill payment in recognition of the distress experienced in this case.
‘Revolut works hard and invests heavily to protect and support customers. We have observed an increase in networks of criminals attempting to steal devices from unsuspecting individuals and we continue to take action to identify and prevent unauthorised access.
‘As with all emerging threats, we urge our customers to take care, remain vigilant and encourage users to regularly update their passcodes and not to use the same passcode across multiple applications.’
Revolut also confirmed that your account was indeed accessed via your passcode.
This serves as a warning to guard your phone and online banking passcodes as carefully as you would protect your Pin number when withdrawing money from a cash machine or paying in a shop.
In the wrong hands, those few little numbers can do a lot of damage.
As Revolut said, it is also not a good idea to make it so that one password would give a thief access to every single thing on your phone.
But I also think finance companies need to get wiser to flagging large and suspicious transactions – even if they do at first appear to come from the account holder.
If they don’t, they are simply playing in to the phone swipers’ hands.
CRANE ON THE CASE
Some links in this article may be affiliate links. If you click on them we may earn a small commission. That helps us fund This Is Money, and keep it free to use. We do not write articles to promote products. We do not allow any commercial relationship to affect our editorial independence.