So is the printed QR code seen as a better approach than say an OTP stored in 1Password?
And I guess with coarse locations, someone outside your house in a vehicle would class as at your home so a printed QR code in the house would be safer than that because at least they’d have to break in and find it.
1 Like
Chris - thank you (and the other team members) so much for your detailed explanations of the new features.
It’s great to see the thought -processes that have gone into this and the challenge that you have set to everyone else in the industry to take note and catch-up.
Thank you also for beinbg on hand to answer the queries that have already come up.
The commitment shown to engaging with the forum is quite unique.
I very much welcome these developments and the peace of mind they will contribute to. Sure, there will be some teething problems, I guess, but this is terrific work.
11 Likes
Yes allowing a fourth option of security keys would be excellent, for example Yubikeys
5 Likes
Is there any concern that this could be used to exploit those in abusive relationships? Controlling finances and such?
1 Like
1 Like
This looks great. I especially love that you can set trusted locations - it’s why I turned off stolen phone protection in the iPhone as it was a PITA for not recognising a trusted location.
This also looks well thought out and appears to be reasonably well implemented from day one, which is also nice to see.
I, personally, still vie for the days of multi-device (same OS) access but this goes a long way, and I wonder if other banks will follow suit.
1 Like
Awesome to see these features, just wanted to point out in case it was overlooked that there are apps on the Play Store that will change the GPS location reported on Android, and similar tools for iOS though they require a computer connected to the phone
2 Likes
Yes indeed, I wrote about this a little bit earlier, but it’s hard to find in the thread. Thanks also to @Djcnrurhf for linking to it - thought I’d repost too for visibility!
I absolutely love the option of getting another person to confirm payments - especially I think for more vulnerable people which is incredible! If this could be expanded to include stuff like 3D secure, and/or alerts on upcoming card payments to flag fraud before a presentment is made, that would also be great to see (although I can see there’s already a lot of work to get the features mentioned above up and running!)
1 Like
Thanks for highlighting this - we’ve built a number of checks into the feature to protect against tampering, but of course there will always be edge cases with any security control - that’s why we think a layered approach to security is best!
5 Likes
Such an amazing set of security features, very well thought-out and designed. Fantastic work!
My question is, if I want to make a large payment that is outside my usual patterns (e.g. buying a new car), and I use one of the new methods to authorise it, would it still be subject to be blocked by your “traditional” measures (e.g. as out-of-pattern large payments are likely to get flagged and blocked now)?
4 Likes
This looks like a positive change, very happy to see this coming and I very much hope YubiKey support gets added in the future.
4 Likes
These features are great to see. It’s such an important problem to tackle. I have some thoughts/questions about the bigger issue. I hate the card reader with my main bank account (though I use Monzo more for day to day) but it’s a pretty solid blocker to this problem, albeit also very inconvenient.
With the trusted contact option, how are they seeing it? Is it via a push notification? Has there been any thoughts of what happens if several attempts occur in a relatively short period of time and they accidentally approve one, or is it designed in such a way where you can’t just click yes immediately?
Also, I can’t quite remember if its by default, but I have to authenticate to Monzo every time I open the app (same for all of my important apps like email, whatsapp, etc) - doesn’t this significantly reduce the probabilitiy that someone can access your account even if they swipe your phone?
Also, definitely +1 for hardware token support, that would be awsome
Another idea, a distress pin/code. Eg, Scumbag mugs you, insists you open your Monzo and/or tries to start a transaction. You enter the duress code…account gets locked and flagged.
2 Likes
What a great update! Thank you so much to everyone who’s worked on this, it really adds some extra assurance!
5 Likes
Makes sense absolutely.And needing 2 out of the 3 makes it a lot harder for an opportunist. Having said that if you can do a video verification thing then I guess it leaves that possibility open.
I also see that Google have added snatch protection into the Android 15 Beta, also in response to the growing problem of snatch crime.
Really great to see Monzo tackling big industry wide problems. I can’t ever imagine having such an open dialogue with a PM from a legacy bank.
5 Likes
Which would be pretty pointless anyhow as you could not scan it with your phones camera from there without jumping through hoops (eg Air dropping to another phone in order to scan it)
1 Like
It is another layer of friction, nothing more - just like all of the security options provided. That is all it is meant to be. And we must also remember it is just one option which is part of an optional feature.
A few months ago in the survey about this (then potential) feature I ranked the use a trusted contact as least favourable. If a thief has your phone, all they need to do is look at who you text the most and send a text to all of them pretending to be you and asking them to approve it. Like I said - every option is just a layer of friction.
I get it - you don’t like recovery keys. That is fine. But for some people, they are just fine. And those people can choose to use them. That said, this is NOT a recovery key, because there is always the fall back to a video selfie - which, again, is just friction. Someone could have a gun to your head off camera.
It is just a set of tools to help. It isn’t that deep, but it will help thousands of people not lose money.
1 Like
I like the ideas, however I see the QR code and locations as pretty similar, in that the QR code is likely to be at home. If I am away from home and setup locations and the QR code is at home, I am not sure how I would proceed.
2 Likes
Wow incredible features. Fantastic work from the team at Monzo 
It’s great to see a bank being so proactive with security and for it to be so front and centre. How will the average user of Monzo be notified of this, when launched, in the app and not just dismiss it?