A British small business owner unknowingly opens his Revolut account on a normal Tuesday in January – and finds he’s missing more than £62,000. He is said to have spent them at Cartier in the luxury department store Selfridges. But he was never there. Instead, a stranger shopped there with his money, who had stolen his card details the day before with the help of a clever trick.

As Thomas Crooks told the financial portal This is Money, the scammer called him from a number that appeared to belong to Revolut. He asked him to re-authenticate his Apple Pay. Crooks thought nothing of it – after all, the caller knew his name, address and card number. So Crooks gave him the Apple Pay access code that had been resent to him. The fraudster was able to load his victim’s card onto his smartphone and go on a shopping spree.

Crooks isn’t the only one who fell for this or very similar scams. “This is Money” describes three other cases and cites a fourth victim who set up a Facebook group for Revolut customers who were victims of fraud. Even if the others affected did not lose as much money as Thomas Crooks, their experiences of how Revolut looked after them after the incident are similar: they could not reach any employees of the fintech by phone, only in writing. And according to the report, they don’t feel that Revolut took their problem seriously.

One sufferer, who says he has lost £1,750, says customer service couldn’t be more disinterested. “They don’t refund for fraud and blame the customer.” A customer who lost almost £10,000 describes in the report how Revolut initially accused her of having spent such a large sum at Selfridges herself. Another customer complained about the “very brutal, slow-response system of chat messages.” He recognizes this as a fatigue tactic on the part of Revolut.

Unlike ten other British financial institutions, the fintech has not joined the Contigent Reimbursement Model (CRM). In it, banks voluntarily undertake to repay victims of certain types of fraud. The guidelines of the British supervisory authority FCA state that banks must compensate their customers after fraud – but only if it cannot be proven that a customer has acted negligently.

When asked by Finance Forward, a Revolut spokeswoman emphasized that the fintech warns customers if they receive a request for card authorization. “Do not give this code to anyone, even if it claims to be from Revolut. Do not enter it anywhere – unless you want to add your card to a new device” – that is the wording of the warning message. In January, Revolut also sent an email to all customers to warn them of the scam. “We will never call you about your personal account without first contacting you via our in-app chat,” it says. And further: “We evaluate the circumstances of each individual case when deciding whether to reimburse funds stolen by criminals.” The fintech does not comment on the individual cases. The spokeswoman emphasizes: Revolut works hard and invests a lot to protect customers.

Consultant and cyber security expert James Bore sees it differently. “Challenger banks tend to invest a lot less time and money in fraud prevention than established banks,” he tells Finance Forward. Bore worked for a fintech for a while, but quit. The reason: “I got the impression that they didn’t care about the safety of their customers.” He himself only uses accounts at neobanks as a kind of wallet, and rarely deposited more than £150 there. He advises other customers to do the same.

According to “This is Money”, 489 new complaints about fraud at Revolut were reported to the Financial Ombudsman Service (FOS) in the first two months of this year alone – this puts the fintech in second place behind Barclays, writes the portal. The FOS was set up in the UK in the early 2000s to settle disputes between consumers and financial service providers.

Niels Nauhauser from the Baden-Württemberg consumer advice center calls on the banks not to shirk their responsibilities. “The institutes are obliged to offer absolutely secure payment services.” Instead of just informing customers about common scams on their websites, they should stop the fraud themselves.

He advises customers who are not taken seriously by their banks when they have complaints to contact the Bafin supervisory authority. Because the financial institutions would have to meet legal requirements for a functioning complaints management system.

As a foreign company, however, Revolut is only subject to limited supervision by the Bafin. So far, the fintech has had a “specialized banking license” from the Lithuanian banking regulator, but has been trying to get a license from the UK regulator FCA for more than two years. However, the FCA criticized the audit of the fintech’s balance sheets, which was carried out by the auditing company BDO, as “insufficient” in September last year, as the “Financial Times” reported. Revolut only managed to present its 2021 annual report in March of this year .

The numbers look impressive at first glance, with the neo-bank posting 185 per cent growth in revenue to £636m (€710m) and reporting a profit of £26m (€29m). The number of customers also grew strongly, from eleven million at the beginning of 2021 to currently 25 million. But the deposited credit per customer could only be increased from 418 to 450 pounds. This shows that many customers only use Revolut for part of their expenses.

This article first appeared on Finance Forward