Revolut (Multinational* Card Masking Financial Service)

Site Development Tool Suggestions
1

Website

https://www.revolut.com/

Short description

Quote I put on my PR:

Revolut is an International* alternative towards services like privacy.com and MySudo for card masking. You can use disposable and non-disposable virtual cards for each indivdual use (eg. One-time use for one-time payments and dedicated virtual cards for subscriptions among other things). Be warned: In your bank statement when you add money to revolut, the bank knows you have spend it there, but then you’re trusting Revolut with your transactions and financial.

*Except Korea, Russia, Turkey and China. Supported countries are found here and on the homepage in the country selection

Why I think this tool should be added

Since we recommend only US Services [MySudo and privacy.com] when it comes to card masking and there is discussion on if PG should recommend services for non-US people, I thought I’d make my first attempt. Making a thread to comply with pull requests rules.

This is based on this pull request on github

Kind Feedback is appreciated as always

I see some concerning statements in the thread, that would not be true anymore let’s get some FAQ obviously this is based on my experience:

Q: Can you use a fake billing address?
A: Yes, personally I was able to trick HIDIVE once into thinking im in the US, the transaction went through. Watch out for some exceptions like Apple, you may likely not be able to trick Apple into thinking you’re in the US with billing, however all other billing information except country to my understanding can be faked

Q: Masked Cards are pointless as it’s in your name anyways
A: Untrue, for providers that there was no necessary reason to do so I have never given them my full name, if only abbreviations like G, Transactions still went through. I still do not see solid evidence that the card can reveal your full name, outside of my experience that it isn’t. The statement must be coming from people’s experience of being forced to put the full name, I never was.

Q: Revolut shares data with Facebook/Meta
A: Was true back in 2020 (when that article was written) but today checking both using Report for com.revolut.revolut 10.94 - εxodus and AppManager on my installation of Revolut, this no longer exists. However it is true that forms of google analytics do exist in the app, I have not seen signs of AppFlyer doe. Of course I am open for others to confirm or deny with evidence for the reason of denial [Keep in mind this refers to the android application itself not what’s done outside of it]

I want to make clear that this is based on what I see and experienced, I am not trying to shill the app, it’s very concerning to see statements like this yet privacy.com gets away with it like that, at least revolut meets the necessary criteria.

Section on Privacy Guides

Financial Services

2 Likes
2

I have a COI on this so i will not vote in this.

I do however want to highlight:

Also please be aware that card masking is pretty pointless in EU as all your cards will be in your own name.

3 Likes
3

I honestly have reached my limit so I cant self vote either lol

Hmm interesting I did not know, I mean I know they’re by no means that privacy friendly but I wasnt expecting the worst
But unless people here use WhatsApp, I suppose it’s a non-issue but we can warn or people can contribute to this warning

Edit: I checked, the article is as of 2020 though, above statement applies and more importantly the newer exodus scan show there is no longer facebook trackers:

im gonna install app manager and dig into it

Edit: confirmed by using app manager, it no longer has facebook trackers, I don’t think the article is valid anymore @ph00lt0, It does have google measurement services is what you need to worry about but im curious if privacy.com does too anyways, not that any of the criteria mentions specifically that
though as expected exodus for this time is not wrong
@user1 it is no longer true the facebook one not mentioning being back in 2020

also untrue, for a while I’ve never given my full name to services that do not require to have it and transactions do go through

4

Does Revolut allow you to provide fake billing info to vendors like privacy.com does? My understanding was that one of the big differences is that you still need to provide proper information and that disqualifies it from being reccomended.

  • Cards must not require you to provide accurate billing address information to the merchant.
5

It took me some time to dig up this old thread: Card masking tool

At the time I did not have this COI. For the rest I will stay out XD.

6

yes, can confirm as someone who personally uses it
the only instance I can think of that forced to use my real country was with Apple (and only country iirc), other than that yes.

7

If this is the case, then I don’t see any reason to move forward with this reccomendation.

1 Like
8

untrue, I can use fake names or first letters like for example G and transaction will go through
if I think that’s what ph00lt0 implies.
(I just noticed that statement)

9

1757358457908
17573584579082000×1186 186 KB

You really don’t need the SDK in order to do this. This option is still as of today enabled by default. And you can only opt out after sign up. So the data can be shared until doing that.

10

It’s not about the sdk at this point, I checked receivers, services, providers and activities in App Manager, None of them returned Meta or Facebook

However yes now that it’s toggleable thing, Should be correct that they no longer needed it to be in any of those categories and it should be default off

That said I agree I should make a privacy guide on it to opt out alot of this

11

https://www.revolut.com/legal/privacy/

Littely mentions Facebook but okay

12

How about just checking yourself before making assumptions

with that said I was late to say but better late than never but I do agree that they likely no longer need it to share data and I agreed to make a guide opting out of those before using

13

The problem is. If you opt out it is done after your data is already shared. You are the one making assumptions here tho sorry. Let alone that the ethics and practices of this company have nothing to do with privacy.

I will stay out of this discussion. I think I made my point clear.

1 Like
14

You mean to tell me that telling you to make an app manager check or equivalent for the facebook trackers to confirm that I confirmed myself using it (even decompiling the apk, whatever) is me assuming things?

Harsh

and as I said, never disagreed, they likely no longer need any component of meta to do this anymore [and if you think they’re gone, untrue, viber still has one of those facebook components lying around so it is gone just in the revolut app], I agree. But not for the fact it has facebook trackers or rather components in the app.

1 Like
15

I still cannot understand this.
Revolut is a neo bank, not masking service.

They offer a disposable one time generate card which is only useful to protect from leaking your main card to a rogue website, it doesn’t mask your purchases like privacy.com. The bank can’t hide transactions from itself.

There’s nothing private oriented on Revolut, they require KYC to open an account (as any other bank) and they rely massively on profiling.

2 Likes
16

Just a couple of points about fake names and addresses etc. For Revolut and other providers.

If you do something illegal/fraudulent the card can be linked back to you. (Yes even with privacy.com they require KYC)

Fake names/addresses are only useful for privacy purposes.

With Revolut and other European providers merchants have the option of running an Account Name Inquiry. This costs them money. Some merchants skip it entirely. Some run it only when they suspect fraud. Some run it when you first add and card. You can swap up your your name a bit. But the card issuer reports back a score of how accurate the name is. Without revealing your name directly. I’m not certain how privacy.com handles fake names and gets around this kind of check.

Addresses are easier to fake. Only the digits are usually checked. And checks normally can’t happen on cards issued in other countries. 50 Fake Street could just as easily be 50 Made up street. There are some other quirks here that can also be used to shift things. If it is even checked at all.

Merchants use other services to help detect fraud that rely on a whole host of data. Using fake details increases the chance of getting the transaction declined.

5 Likes
17

I’ve been looking at Wise and Revolut lately for disposable card services and both of their privacy policies seem not great; both saying that they share your information with third parties including social media sites and marketing firms. Revolut says you can opt out but I’m not 100% confident with them.

18

as you said, as any other bank
privacy.com also requires kyc yet we recommend it
also closed source
and also kind of implies there are third parties on the platform with the cookie part

Cookies

We and our partners use cookies or similar technologies to offer an enhanced experience and Services to users who wish to allow them. These technologies help us analyze trends, administer the website, track traffic, and gather information about users. For information on how to block cookies, see below.

We use cookies to track preferences and settings (e.g., so we can remember your preferences, like whether you’ve selected a “do not display banners” option), for sign in and authentication (e.g., so you don’t have to sign in each time you return to the site, or sign in again whenever you move to a new webpage), and for analytics purposes (e.g., to count page visitors or obtain statistics about our Services’ operations that help us improve our website and Services). We may use cookies from third-party providers.

if no KYC + Data shared now becomes a criteria, might as well get rid of card masking all together.

if just data shared not being abusive, I can see not adding revolut indeed as privacy.com’s aside from the concerning “we and partners” in the cookies, is pretty good

1 Like
19

Privacy.com require KYC. You can use Revolut as just an intermediary if you want to hide transactions from another bank. But that’s the same as using Privacy.com.

1 Like
20

this is a very good statement and I appreciate for having the same sentiment

I want to add that for addresses, most don’t check at least in my experience and those that do usually pins down to the country (my experience with Apple).

Other than that this is a worthy of a solution to add to on top of my statement :heart: