Revolut’s Payment System Flaw Allows Criminals to Steal $20 Million: The Impact and Consequences
Introduction
In a startling revelation, it has come to light that Revolut, a prominent fintech company, suffered a flaw in its payment system in the US, allowing criminals to steal over $20 million of its funds over several months. This incident, which has not yet been publicly disclosed, poses significant challenges for Revolut, which has already faced senior departures and a qualified audit of BDO while waiting for a UK banking license.
The Payment System Flaw
The flaw in Revolut’s payment system stemmed from differences between European and US payment systems. When certain transactions were declined, Revolut mistakenly refunded accounts, essentially handing over their own money. This loophole was exploited by organized crime groups in early 2022, encouraging people to make expensive purchases that would later be rejected, and then cashing out the funds via ATMs.
The Failure to Detect the Fraud
Revolut’s systems failed to detect the mass fraud, and the problem only came to light when a partner bank in the US informed the fintech company that it held less cash than expected. Subsequently, Revolut’s US branch requested multi-million dollar cash injections from its parent company to address the issue. It was only around spring 2022 that the company managed to close the flaw.
The Financial Impact
Although Revolut was able to recover some of the stolen funds by prosecuting some of the borrowers, the net loss amounted to approximately $20 million. This amount represents nearly two-thirds of Revolut’s annual profit in 2021, highlighting the significant financial impact of the flaw. The loss related to the theft was not specifically disclosed in the 2021 deferred results, further exacerbating the consequences.
Repercussions for Revolut
This incident adds to the mounting pressure on Revolut, which has already faced a series of challenges. The company has experienced high-profile departures, including its UK bank CEO James Radford and CFO Mikko Salovaara. Additionally, investors Molten Ventures and Schroders have cut the valuation of their Revolut stakes by 40% and 46% respectively. All these factors contribute to substantial uncertainties surrounding Revolut’s future.
The Delayed UK Banking License
Revolut’s journey towards obtaining a UK banking license has been far from smooth. Despite announcing its application over two years ago, the company is still awaiting approval, which significantly exceeds the typical delivery time for such licenses. This delay has raised concerns and led the Financial Conduct Authority to order an independent review of Revolut’s policies to prevent and detect financial crime in 2020.
Insights and Perspectives
While the incident raises serious questions about Revolut’s security measures and oversight, it also highlights broader issues in the fintech industry. Here are some unique insights and perspectives to delve deeper into the topic:
1. The Vulnerability of Payment Systems
The flaw in Revolut’s payment system serves as a stark reminder of the vulnerabilities that exist in financial technology. As the fintech industry continues to grow, it is crucial for companies to constantly assess and improve their security measures to protect against increasingly sophisticated threats.
2. Balancing Innovation and Risk
Fintech companies like Revolut strive to provide innovative solutions to traditional banking services. However, this pursuit of innovation must be balanced with robust risk management systems. The incident serves as a cautionary tale for fintech companies, highlighting the need to find the right equilibrium between innovation and security to avoid reputational damage and financial losses.
3. Regulatory Scrutiny in Fintech
The delayed UK banking license approval for Revolut and the subsequent independent review ordered by the Financial Conduct Authority shed light on the increasing regulatory scrutiny faced by fintech companies. As these companies disrupt traditional financial systems, regulators are keen to ensure that adequate safeguards are in place to protect consumers and the stability of the financial sector.
4. The Human Element in Cybersecurity
While technology plays a crucial role in preventing cyber threats, it is equally important to recognize the human element in cybersecurity. Educating employees about best practices and maintaining a strong culture of security awareness can significantly reduce the risk of such incidents. Fintech companies must prioritize cybersecurity training and establish a robust internal control framework to mitigate potential vulnerabilities.
Conclusion
The revelation of Revolut’s payment system flaw and the subsequent theft of over $20 million highlights the challenges faced by fintech companies in maintaining the security of their systems. This incident serves as a wake-up call for the industry to continuously reassess and enhance their security measures to stay ahead of ever-evolving threats. Revolut’s experience also underscores the need for robust regulatory oversight and a balanced approach to innovation and risk. Ultimately, ensuring the security and integrity of financial systems is crucial for the long-term success and trustworthiness of fintech companies.
Summary
In a shocking turn of events, Revolut, a prominent fintech company, suffered a flaw in its payment system that allowed criminals to steal over $20 million. The incident, which has not yet been publicly disclosed, has further intensified the challenges faced by Revolut, including senior departures and a qualified audit of BDO. The flaw originated from differences between European and US payment systems, and organized crime groups took advantage of it in early 2022. Revolut’s systems failed to detect the mass fraud, and the problem only came to light when a partner bank in the US reported a shortfall in cash. Despite recovering some of the stolen funds through prosecution, the net loss amounted to approximately $20 million, representing a significant financial blow for the company. The incident raises broader concerns about the security of payment systems in the fintech industry, highlighting the need for continuous improvement and balancing innovation with risk management. Furthermore, it underscores the importance of regulatory oversight and the human element in cybersecurity. Fintech companies must prioritize security measures to maintain trust and ensure the long-term success of the industry.
—————————————————-
Article | Link |
---|---|
UK Artful Impressions | Premiere Etsy Store |
Sponsored Content | View |
90’s Rock Band Review | View |
Ted Lasso’s MacBook Guide | View |
Nature’s Secret to More Energy | View |
Ancient Recipe for Weight Loss | View |
MacBook Air i3 vs i5 | View |
You Need a VPN in 2023 – Liberty Shield | View |
Get free fintech updates
We will send you a myFT Daily Digest email rounding last Fintech news every morning.
A flaw in Revolut’s payment system in the US allowed criminals to steal more than $20 million of its funds over several months last year before the company could close the loophole, according to multiple people familiar with the episode.
The incident, which has not yet been publicly disclosed, is likely to add further pressure on the highly regarded fintech, which has faced a series of senior departures and a qualified audit of BDO while waiting for a UK banking licence.
The problem stemmed from differences between European and US payment systems, which meant that when certain transactions were declined, Revolut mistakenly refunded accounts, handing them their own money, according to three people familiar with the situation.
Although the problem first appeared episodically in late 2021, organized crime groups took advantage of the glitch in early 2022, according to three people familiar with the situation, encouraging people to try expensive purchases that would later be been rejected. This would then be cashed out via ATM.
Revolut’s systems failed to detect the mass fraud and the problem came to light when a partner bank in the US told the fintech it held less cash than expected, those with knowledge of the situation told the Financial Times.
This was followed by calls from Revolut’s US branch for multi-million dollar cash injections from its parent company, after which the company worked to close the flaw around spring 2022.
Though Revolut recovered some of the roughly $23 million it stole by prosecuting some of the borrowers, the net loss was about $20 million, or nearly two-thirds of its annual profit in 2021, those people added. .
Revolut declined to comment on the case.
The loss related to the theft was not specifically disclosed in the 2021 deferred results.
Fintech is at a standstill awaiting his UK banking licencemore than two years after the first announcement of its application, much longer than the typical delivery time of less than a year.
The Financial Conduct Authority has ordered an independent review of Revolut’s policies to prevent and detect financial crime in 2020.
Auditor BDO separately warned that Revolut’s revenues could have been “materially incorrect” as it was unable to ascertain the “completeness and occurrence” of approximately two-thirds of its reported revenues for 2021.
Revolut has gone through several as well high-profile departures in recent months, including both his UK bank chief executive James Radford and chief financial officer Mikko Salovaara.
Joel Kass, chief of staff and head of banking products for the British entity, is also expected to leave. Prior to joining Revolut, Kass spent three years at the Bank of England, including a year as a supervisor for new banks.
“Joel Kass is leaving Revolut after three successful years,” Revolut said. “He is transitioning into a senior opportunity outside of the business and we wish him all the best in his next steps.”
Two investors, venture capital firm Molten Ventures and asset manager Schroders, also cut the valuation of their Revolut stakes by 40% and 46%, respectively.
Revolut was last externally valued at $33 billion in July 2021, when it became the UK’s most valuable private technology group ahead of Checkout.com’s $40 billion valuation in January 2022.
Additional reporting by Stefania Palma in Washington DC
—————————————————-