✅ Ability to copy full card number from the app

Well anyone using password manager in that way is also at risk! Irrelevant of complexity or length a password is simply a piece of text being copied. There is argument on both sides of this topic and I don’t want to ruin this thread but see the text below I’ve quoted from another site.

“When you copy any data on your PC including all the big files such as movies,etc, it gets stored in the clipboard (your system) and this clipboard data is accessible from the internet with simple JavaScript and can be further stored on a database using any server side language. It is a very simple yet effective trick to steal unauthorized data. that means your friend sitting far away from you on the PC can access any data that you have copied using simple JavaScript. Yes It is a very simple yet effective trick to steal unauthorized data (personal information).”

No. I know for sure big files aren’t copied on the clipboard. Only their location. And I did a quick google search the clipboard does not seem to be available to website without users permission. This would a big sercutity risk which no one want. Why would browsers allow this?

https://hackernoon.com/you-need-to-discover-the-awesome-clipboard-web-api-12b248d05dd3

1 Like

The Lastpass desktop app is a disaster compared to 1Password though. :wink:

3 Likes

Ah yes, I live near the City Centre. But also I can pay with my smartwatch (Apple Watch) without needing data or a connection to my iPhone, and the battery on that lasts 18 hours. Hopefully things will improve for you on the battery consumption point somehow!

1 Like

Had an absolute catastrophe today. Needed to pay by card but forgot few of the digits. Had to leave my cosy bed and look for it in the hot living room.

The day was spoiled because the app only shows last 4.

Is that a genuinely necessary security measure to hide the first 12 or one of the things that is taking after the conventional banks?

After all, you cannot do anything malicious if you know other person’s card number without CVV code, am I correct? If that is incorrect, maybe request a PIN whenever a full number is needed to be revealed?

11 Likes

After all, you cannot do anything malicious if you know other person’s card number without CVV code, am I correct?

This is up to the merchant. Technically only the PAN (card number) is needed, but most merchants validate the full details including CVV2. Amazon is a notable exception, but they do more checks on the background like address, contact details, etc.

But yeah, in your case it would be fine. If we assume someone malicious gets access to your app and your card number, they would be able to take money out with it but only by funnelling it through a merchant, so it’s the merchant who’s getting defrauded and not you (you can get your money back by initiating a dispute/chargeback).

1 Like

Thanks for the comment. Sounds like should not be an issue. After all, it can be simply hidden with a PIN just like when you make bank transfers. The interface is quite nice for it.

I’ve been considering adding a photo of the front of my card as a receipt to a transaction with the expiry date hidden as I remember that. Then tag it something totally random so I can find it again

3 Likes

Please don’t do this! :upside_down_face:

I would recommend using 1Password or another password manager to store your full PAN, expiry date, CVV or PIN.

14 Likes

Starling give you your full card number in app along with the cvv so it is possible.

8 Likes

If your phone is password/pin/finger print secured, and the app is also secured in the same way, then any malicious person would need to crack all of these anyway… So it’s not really a matter of security is it? Starling give all of the cards details as mentioned above and it’s so useful. A mobile only bank can find a way to have all of the details on the mobile securely.

2 Likes

Doesn’t it show that despite everything the Monzo team don’t trust the security (as in privacy) of the app, despite constantly saying that it’s private enough? Apparantly not, because otherwise putting your card details in the app would be a no brainer…

Instead, it’s apparantly secure enough to hold all our private data, but not private enough to hold a picture of our card, where Monzo would be responsible for any fraud.

6 Likes

Both Starling and Revolut give you your full card number and the CVV. I wish Monzo to do the same.

9 Likes

Yep got to say I find this useful with starling having the card details in the app. It means if I need to buy something I don’t have to rummage for my wallet.

I’d also like this. There were a few times when I first started using Monzo where I kept opening the app to look at the virtual card for all those details when entering info online.

1 Like

On a slightly related topic it would be interesting to see if sensitive information could be automatically blurred when screenshotting the app.

Yes, but if I lend my Samsung to friends or family for a while they can’t view my Starling card number and card PIN as it is secured behind a PIN on the app…if I lend my phone to them and they click on the Monzo app they are straight in without a PIN so would be able to view card details if they were shown there. So perhaps it is best to introduce this when Monzo add a PIN to the Android app later this year.

(and before anyone mentions fingertip locks, my phones are all manufactured December 2017 without a fingertip reader, so there is a different user security experience to those with the iPhone)

or don’t leave your Monzo card on the dining table where all and sundry can see it :slight_smile: :slight_smile: …or … lend your wallet to friends and family :slight_smile: …or anybody that asks if they could just use your wallet :slight_smile:

1 Like

we are not talking about leaving the card visible, but why it would be useful having a virtual one (or at least the details of your card) in the app and potential issues at the moment.

3 Likes

I often leave my wallet in my work bag which can sometimes be left in the office :see_no_evil:. Having the card details visible under biometrics/card pin on the accounts screen would be handy in some instances.
I don’t see how this is any less secure than using biometrics/card pin to stop a FPS occurring from the app. It’s still the transfer of funds :man_shrugging:t3: . Maybe there’s a reason or it’s in the pipeline as something to add as a surprise.

1 Like