Cybersecurity, AI and no bullshit

Rob Braileanu

 · 10/02/2018  · 10/02/2018

In the space of a few days, 50m social media accounts have been compromised, a ride hailing app was fined over data breaches and a bank came clean on why it lost millions worth of client funds. Add to that the £500m stolen from UK accounts in the first half of 2018 alone, and you can see how cyber crime is a very real threat these days.

Many companies will tell you how they take cybersecurity very seriously but few will actually show you how they do it. At Revolut, we don't just want to throw gibberish at you, so let's agree to cut the bs and jump straight into the three ways in which we handle cybersecurity:

Build security into our business 🏛

Handling data for our nearly 3m users isn’t a task for the faint hearted, but managing access to that data in a regulated financial institution, with over 500 employees in offices across Europe, is the real challenge.

For us, building security into the business means ensuring that everyone who works here shares the same sense of responsibility when dealing with our users' data.

This starts with our internal data policy - you can think of it as the bible for everything data. From marketing to finance, everyone at Revolut undergoes a rigorous training programme every six months, covering data protection and compliance to begin with. Different teams then go through specialised training courses based on their role in the company and the impact their work can have on our customers and their data.

On top of this, we have a tightly controlled permission-based system to manage who gets access to what data within Revolut. This ensures that things run smoothly and adds another layer of security to our organisation.

Build security into our products 📲

From instant spending notifications through to location-based security, we believe security should be baked into every product and feature we release. We were the first fintech in the UK to introduce the ability to lock and unlock your card directly from the app, alongside a host of other features such as location-based security and on/off toggles for nearly every payment method your card supports - contactless, swipe etc.

But security isn't just about adding user-centric features - it's an integral part of how we build our products.

From as early as the product design phase, security risks are considered and assessed by the product owners. Once development is complete and we have a working prototype of the new feature, it receives serious scrutiny from our internal risk-committee who look at how the feature can impact our users, their data and security. Only if the new product or feature gets the green light from the risk committee can it be released into the world - otherwise it's back to the drawing board.

Build security into our processes ⚙️

Revolut manages billions of payments a month, so with this kind of transaction volume, it's easy to see how some criminals might try to trick the system.

One of the main ways to stop cybercriminals from using our service is to prevent them from joining in the first place. This is why every new Revolut account goes through a rigorous verification process that requires ID checking and facial recognition. Apart from this, there are other background checks our system performs to ensure all our accounts belong to legitimate users and not fraudsters.

On top of that, we monitor all transactions in real-time using an in-house system that Dmitri and his team have built. It uses machine learning (a form of artificial intelligence) to sift through every payment made on a Revolut card, analyse spending behaviour, build models, flag suspicious transactions, detect fraudulent patterns and more.

Although we can't give away too much for obvious reasons, one of the many features the system has is to alert users of suspicious activity on their card, and ask them to confirm whether the payment was made by them or not. Whenever this happens, the card in question is automatically locked to protect the user from potential cybercriminals.

Subscribe to our Blog!

With UK consumers having lost billions to cybercriminals last year alone, it's more important than ever to protect ourselves online. Enabling notifications so that you can instantly see what's being spent where will help you to stay on top of your money, making sure you're aware of what's leaving your account at all times. Keeping your data and your funds safe is an ever changing learning game - but one that we're ready to stand up to face on.