A trio of industry-first security tools to help stop fraudsters in their tracks 🔐

It’s all well and good suggesting I don’t use (which I won’t), but if it is just a Monzo spin on the traditional recovery key method (as I’m understanding it), that doesn’t change the fact it’s largely a flawed factor and creates a false sense of security for those who do use it. Especially if you store it somewhere digitally (probably why Monzo suggest printing it off) like on your husband’s phone.

It relies way too much on the human, and the human is usually a very weak link. Both for protecting it and remembering where it is.

I’d prob use the safe location feature and the printed QR. I just hope it doesn’t lock me out of my account when transferring larger amounts of money. All in all more security is a good thing. I just wonder if this works in the same way if a scammer has your card details and uses it as a card purchase rather than a transfer :thinking:

1 Like

The problem with recovery keys, is they’re prone to loss. And loss tends to lock you out.

The good thing about how Monzo are utilising them here, is that these features are just a front to bypass the more convoluted selfie video method. So if you do lose it, you’re not going to be locked out. Which is an upside to its use in this context here. You won’t get locked out.

This looks great, look forward to seeing it rolled out. The fact that if all else fails you can still have the backup of a selfie with Monzo is reassuring - as long as it can be done in a reasonable time frame.

1 Like

@ChrisMatthews

Quick question with the trusted contact method. Are there any safeguards here to protect against potential financial abuse arising from the feature?

Is that something you thought about in designing it?

3 Likes

I just hope it doesn’t lock me out of my account when transferring larger amounts of money.

You’ll only see extra security checks at the point of moving money - and failing them won’t lock you out of your account - they’re contextual to the payment or savings withdrawal you’re trying to make.

I just wonder if this works in the same way if a scammer has your card details and uses it as a card purchase rather than a transfer :thinking:

No, card-based transactions aren’t covered here, just outbound transfers and savings withdrawals to begin with.

3 Likes

Quick question with the trusted contact method. Are there any safeguards here to protect against potential financial abuse arising from the feature?
Is that something you thought about in designing it?

Yes, great question! We’ve worked closely with specialist teams who deal with these scenarios, and designed the feature carefully around it.

The critical component is that you can never only have a Trusted contact - you always need at least two controls set up and ready to use, and you always have the fallback option of the selfie video. Your trusted contact only knows about an action if you choose that option during an extra security check.

There’s no scenario where an abuser or third party gains blocking privileges over your ability to manage (or move) your money.

10 Likes

So is the printed QR code seen as a better approach than say an OTP stored in 1Password?

An OTP is for safeguarding against a different kind of threat.

For this to work, you really need something that isn’t stored on the same phone, or will be with you when your phone is stolen.

So in this threat model, a printed QR code you have hidden away at home is the better of the two approaches.

And I guess with coarse locations, someone outside your house in a vehicle would class as at your home so a printed QR code in the house would be safer than that because at least they’d have to break in and find it.

1 Like

@ChrisMatthews

Chris - thank you (and the other team members) so much for your detailed explanations of the new features.

It’s great to see the thought -processes that have gone into this and the challenge that you have set to everyone else in the industry to take note and catch-up.

Thank you also for beinbg on hand to answer the queries that have already come up.

The commitment shown to engaging with the forum is quite unique.

I very much welcome these developments and the peace of mind they will contribute to. Sure, there will be some teething problems, I guess, but this is terrific work.

11 Likes

Just thinking - this is great as well as a way to “lock a pot” while you’re out & about, to avoid spending money from it.

So much more usage of this than just security side of it!

Can’t wait to get hands on :eyes:

5 Likes

Yes allowing a fourth option of security keys would be excellent, for example Yubikeys

5 Likes

Is there any concern that this could be used to exploit those in abusive relationships? Controlling finances and such?

1 Like
1 Like

This looks great. I especially love that you can set trusted locations - it’s why I turned off stolen phone protection in the iPhone as it was a PITA for not recognising a trusted location.

This also looks well thought out and appears to be reasonably well implemented from day one, which is also nice to see.

I, personally, still vie for the days of multi-device (same OS) access but this goes a long way, and I wonder if other banks will follow suit.

1 Like

Awesome to see these features, just wanted to point out in case it was overlooked that there are apps on the Play Store that will change the GPS location reported on Android, and similar tools for iOS though they require a computer connected to the phone

2 Likes

Yes indeed, I wrote about this a little bit earlier, but it’s hard to find in the thread. Thanks also to @Djcnrurhf for linking to it - thought I’d repost too for visibility!

I absolutely love the option of getting another person to confirm payments - especially I think for more vulnerable people which is incredible! If this could be expanded to include stuff like 3D secure, and/or alerts on upcoming card payments to flag fraud before a presentment is made, that would also be great to see (although I can see there’s already a lot of work to get the features mentioned above up and running!)

1 Like

Thanks for highlighting this - we’ve built a number of checks into the feature to protect against tampering, but of course there will always be edge cases with any security control - that’s why we think a layered approach to security is best!

5 Likes