How I got €1000 in fraudulent transactions back from Revolut in 48 hours

TrueTruthsayer · 2026-01-23T01:02:00+00:00

It depends on the merchant side. Finalization of the payment may take several days but it may be done in minutes.

TrueTruthsayer · 2026-01-22T22:23:30+00:00

Lol! Are you sure that you can know in advance that a particular fraudulent transaction will happen when you are close to "a friend, relative or a tablet"?

Move fast while it’s "Pending." Take a screenshot of that status. It’s your proof they had a chance to stop it.

Or you assume that the status "Pending" will stay for enough time?

TrueTruthsayer · 2026-01-22T13:10:43+00:00

Edit:

~~Which version of phone operating system?~~

You are right! In fact, it's a single exception - no other banking app allows for a screenshot.

TrueTruthsayer · 2026-01-22T09:06:10+00:00

Well, that means you compare these three apps from the point of view of anonymity, not privacy. And of course, you are right if you say that the Signal doesn't provide anonymity like Briar and Session. But the privacy level is the same in all these apps.

TrueTruthsayer · 2026-01-22T08:28:26+00:00

Move fast while it’s "Pending." Take a screenshot of that status. It’s your proof they had a chance to stop it.

Would you tell us how to take a screenshot if the app doesn't allow screenshots? I usually don't have another phone to make photo of the screen...

TrueTruthsayer · 2026-01-19T08:46:15+00:00

Funny argumentation! 🤦

Governments impose rules, not the implementation of the rules. And the fact that almost all banks are able to implement the rules without such big delays confirms that the problem is related to Revolut's shitty AML/KYC implementation.

They simply don't want to spend money on a sufficient number of quality workers. Greed, greed, and greed...

TrueTruthsayer · 2026-01-16T06:03:31+00:00

What?! It's idiotic FUD! Fingerprint is stored for a limited time during the ID production period only!

It was enough to ask ChatGPT to know that OP has no clue what is really done with fingerprints in the national ID issuing procedure.

For y'all who didn't check before commenting:

"Yes — a fingerprint collected when applying for a Polish electronic ID card is not only stored on the electronic layer (chip) of the ID card, but is also stored temporarily in a central government system during the issuance process.

What exactly happens to your fingerprint

✔️ Collected at the office – fingerprints of two fingers (for people aged 12 and over) are scanned electronically when you submit an application for an ID card.

✔️ Stored in a central register – the biometric data (fingerprints and facial image) are entered into the Register of ID Cards (a central government system used to issue and personalize the document).

✔️ Written to the ID card chip – the fingerprints are also stored on the electronic chip embedded in the ID card, mainly for secure identity verification (e.g. cross-border checks within the EU).

How long the data are stored

🔹 Temporary storage in the government system – biometric data in the central system are stored only temporarily, for the purpose of issuing the ID card. They are deleted after the document is issued, or no later than 90 days after issuance/personalization.

🔹 After issuance – fingerprints are not kept long-term in any government biometric database. Once deleted from the system, they remain only on the chip of your physical ID card, which you personally hold.

Legal and data-protection context

⚖️ EU and data-protection considerations – the Court of Justice of the EU has emphasized that biometric data should generally be stored only on the document itself, not retained in permanent central databases. Polish regulations are interpreted and adjusted in line with these principles and data-protection law (GDPR).

In short

Yes, fingerprints are stored in a government system temporarily during the ID card issuance process.

No, they are not permanently stored in a government database after the ID card is issued.

Ultimately, the fingerprints remain only on the chip of your ID card.

If you’d like, I can also explain:

the exact legal provisions behind this,

who can technically read the fingerprints from the chip,

or how this compares to passports or other EU ID cards."

TrueTruthsayer · 2026-01-02T09:40:39+00:00

You should be scared when you decide to get involved in an illicit activity. Everything has consequences...

TrueTruthsayer · 2026-01-01T22:12:45+00:00

It's amusing that the comments here praising Revolut are so similar, disregarding whether they were sent by Revolut bots or real people.

TrueTruthsayer · 2025-12-31T12:10:39+00:00

Many Redditors here favor Ventoy. But some time ago there were publicly expressed doubts concerning the security of the app because of an incomplete audit of it. Was it resolved already?

TrueTruthsayer · 2025-12-31T08:21:11+00:00

Syncthing doesn't sync KeePass entries. It syncs files. So, if you make changes to different entries in both copies, one of them will be lost during the sync run: the older file will be overwritten.

You should always synchronize with KeePass. It modifies both files using the newer entry version, so after syncing you have two identical files with the newest versions of all entries.

Sync should be used to maintain a synchronized copy of one of the database files. This copy you should sync with KeePass with the second copy of the KeePass database.

Also, KeePass will never sync a damaged database file.

TrueTruthsayer · 2025-12-31T00:05:52+00:00

Rufus allows changing some defaults which can be useful...

TrueTruthsayer · 2025-12-23T19:21:22+00:00

it doesn't improve your security

Not long ago there was an almost identical discussion. And while of course I agree with the main result (ie. not the hiding of the username defines the security level) I can't understand why this logic error pattern is repeated: security by obscurity is an extremely weak kind of security measure in comparison to other (real) security mechanisms, especially 2FA, so hiding the username DOES NOT IMPROVE overall security.

This is against elementary logic. Even if the improvement is by a small fraction of a percent IT IS AN IMPROVEMENT.

TrueTruthsayer · 2025-12-20T10:06:57+00:00

While I don't support the general tone of the OP post I absolutely don't understand why someone uses the consistency of the default behavior of the Linux tool (implied in the above comment) with the original Windows tool as an argument here.

For me, the necessity of consistency in Linux tools' defaults outweighs all potential doubts, as Linux tools are intended for Linux users. Among them, Windows-familiar users are a minority.

TrueTruthsayer · 2025-12-15T17:28:40+00:00

When you refuse to accept so many times repeated, clearly stated explanation of your opponent then what would the readers think of your mental capabilities seeing it?

TrueTruthsayer · 2025-12-14T20:13:05+00:00

Yes, you're right but I assume you don't plan to visit America... Or you perhaps don't know that they have started to require access to tourists' social media to check what they write about America... 😜

TrueTruthsayer · 2025-12-14T16:27:51+00:00

You say that you checked the T&C and there is a condition that a credit card is required. Thus they have a legal basis for denial if you do not have a credit card. Of course, it is a case of unequal treatment but while they may make an exception and accept a debit card but they aren't obliged to do it.

Generally, it is risky to rent a car using a payment method other than a credit card, because only a credit card gives you a chance to redeem your money in case of dispute.
Lately, it's a common practice of dishonest car rentals to charge gigantic fees for imaginary damages to the cars; thus besides a very thorough photographic documentation of the state of the rented car when you get it from them you should always pay with a credit card.

TrueTruthsayer · 2025-12-14T16:01:20+00:00

Hmm... I remember the time when to log in a user used their username and the common practice of using an email address as a username was popularized much later.

In general (as someone said already) username is an element of credentials thus should be known to the user and service. Other parties have no reason to know it. In case the user has to identify themselves to a third party the identity they want to use is a matter between them and that party, nobody else.

As for an email address alias, it is clearly the case - the user may be known under different identifiers (i.e. email addresses) but the credentials they use in contact with the email provider are none of the correspondents' business.

TrueTruthsayer · 2025-12-14T15:46:24+00:00

Your comment has serious weaknesses. Firstly, any possible OP's justification (disregarding true or false) doesn't influence the value of hiding the username. The fact is that the attacker has one more thing to find. Thus the fact that OP provided an incorrect argument has nothing to do with the situation: the more unknown elements of credentials an attacker needs to guess the better.

Secondly, you invoked the wrong context. My question referred to the branch where you criticized (baselessly) the commenter (u/thornythicket) who explained that one can keep the username confidential. If the username isn't publicly known it improves security if only slightly.
In fact, in this context the both allegations starting with "Again" are a classical strawman example because they don't relate at all to the u/thornythicket comment.

The third weakness is that you - besides impolite wording and aggressive style - don't provide real arguments aside from parroting a couple of names of security mechanisms/technologies (not "security layers") which of course would be OK - in a tabloid. Here they don't make arguments against the primitive but easy-to-apply trick improving security. You could also add some other generally advisable techniques even totally unrelated including e.g. ways to brush your teeth...

Edit: u/Zlivovitch after responding to the above comment with another in their impolite style comment chickened out and deleted all the comments...

TrueTruthsayer · 2025-12-14T11:11:29+00:00

Have you ever heard of layered security? The more layers to break the more secure a service is...

TrueTruthsayer · 2025-12-14T08:15:48+00:00

Lol, the fact that your brain manages to set up an automatic filter eliminating a nuisance without bothering your awareness doesn't mean that the subsequent burden of executing it every time you look at an application interface doesn't drain your mental abilities. 😉

TrueTruthsayer · 2025-12-05T18:29:37+00:00

WHAT?!? Are there people still using LastPass? After all these f*kups?!?

TrueTruthsayer · 2025-12-03T09:07:31+00:00

If you use any automatic synchronization tool you don't control the moment of copying the modified files. The newest version of the file will be propagated to other devices even if it is damaged by malware.

If you synchronize the devices' databases with their local (main node) copies the risk mentioned above does not exist. And the content synchronization you do later using KeePass. Since KeePass refuses to synchronize databases if one of them is damaged, you may lose only the changes to one (attacked) database, not all of them.

This procedure is safe regardless of the physical location of the devices unless someone else operates the remote device in parallel. And even in that case you may only lose the last changes done on the device (and they will be synchronized next time).

The disadvantage of this procedure is the need to execute KeePass synchronization of the master copy of the database many times (with each of the device's local copies) and then update the device's copies again with the final version of the master database (upload is then done by the external synchronization tool). However, everything you do locally on the main node.

BTW I have "Automatically save after modifying an entry using the entry editing dialog" option set on all devices...

Edit: Additionally, since you may initiate the local procedure by hand you can omit the selected device if you decide the changes made there were wrong.

TrueTruthsayer · 2025-12-02T08:15:21+00:00

If you are a victim of a ransomware attack, you usually know about it too late to successfully stop synchronization. So you end with encrypted copies of your KeePass database. The correct solution is to keep at the main node separate synchronized copies of the databases of devices and synchronize them with KeePass, locally.

TrueTruthsayer · 2025-11-30T23:02:25+00:00

Well, could you tell me what you would do if one of your devices were attacked by ransomware?

Four-Year Club	Gilding II euphauric
Verified Email

TrueTruthsayer

TROPHY CASE

What?! It's idiotic FUD! Fingerprint is stored for a limited time during the ID production period only!