Found this article online this morning. Although only having a glimpse, it’s not great for the Monzo brand.
The only worrying part of that is the “getting passed around” bit, which we know from previous posts on here can happen dependant on the reason for contact. It seems this area of Monzo support does need some additional resources.
As for the 8 days to get a refund [rather than HSBC’s “quickly”] that in my view is due diligence from Monzo ensuring that THEY are not being scammed by spurious claims.
Not clear why Monzo and HSBC had to refund.
He also “can’t remember” if he gave his PIN over the phone. This would have been required to send the money, so he definitely did. That’s like rule 1 with any bank, don’t share your PIN!
Customer service/fraud investigation seems to have taken longer than expected but other than that this is 100% on the customer; they gave away both their email password and PIN (otherwise how would the payment have been auth’d in app?).
I’m not entirely sure he should have been refunded; can you claim on your house insurance if you give the burglar the keys or leave your front door open?
True - not your bank -or- HMRC -or- Police. How many times have we all been told that?
This is why educating people on the fact that your bank, any Bank, won’t ever cold call you!
Stories like this just highlight how important this is.
Mine did. Last year, I think it was.
Actually, now I think about it, there was another call in the summer.
Did they say your money was insecure and needed to be transferred to a “safe” account?
You’re probably right and if he was tricked into revealing his email password (did he never stop to think why his bank would want this?!) then he probably revealed his PIN. But it’s also possible he used an insecure PIN that had already been compromised or found when the scammer did their research - perhaps there was an email in his email where he gave the PIN away. “Dear mum/partner/friend, please take my bank card and use it to pay for dinner, the PIN is i’manidiot, bye bye”
The only part of the story that’s bad for Monzo is the pillar to post passing around of customer service. As far as the actual scam goes, I’ve seen many other stories for many other banks, and I don’t recall many of them being resolved as easily. Enough so I was suprised to read HSBC did their part quickly this time!
Edit to add a recent link to last paragraph:
Gives examples of other banks being much worse:
‘I told Barclays about a £4,000 scam within minutes of it happening – but they said they could do nothing’
Four months after she was spoofed, she received a curt letter from NatWest saying: “As previously advised, as you authorised the transaction for the sum of £19,949, the bank accepts no liability.
Later in July, NatWest wrote to Edmonds stating: “Whilst I fully sympathise you have been a victim of a scam, the bank has made no error and the correct processes have been followed.” The bank did apologise for the poor service Edmonds received but told him it would not refund his money.
My bank called me [FD] to advise me that I had just paid my credit card bill twice and did I mean to do that? This was in the [certainly my] pre security awareness days.
IIRC they only asked me to confirm the amount I had just paid - and the transaction was immediately cancelled.
No. One was to discuss s fraudulent transaction, and I hung up on the other one.
The point is, they did cold call me.
So the guy is not happy that Monzo took too long to fix his mistake? Talk about ungrateful. I don’t see why banks should be paying for other people’s mistakes anyway
Well, at least he made some money selling his story to the Sun . Hopefully he’ll learn from his mistake.
There’s a few interesting ways you could make people aware of common scams like this such as quizzes with small incentives that highlight security best practices.
how can someone be tricked into handing over their email password over the phone with your bank, why would a bank need your email password, that would be a red flag right there some people are quick to hand over large amounts of money without a second thought then expect someone to pay for their mistake, the phone scam is old even now they showing your bank’s phone number when the scammers call you🙄
9/10 times we hear these stories it’s always down to user stupidity
A month before this (reportedly) happened, Monzo also published;
I’d say don’t be so gullible and don’t believe everything someone tells you, usually that’s the greatest protection against fraud.
The thing is the gullibility of this person isn’t really issue.
The problem is the fact that call spoofing is still a problem.(this isn’t a classical case of a phone scam((they were phoning from the correct number, add a little social engineering as well)
It really could just be solved by generating a key( the operator side)
You input the key the app and that checks the identity of the operator. It would be very easy to implement. Or before you even setup the call a key transfer is implemented.
The genuine default action from anyone receiving a call from their Bank, (fake or real), HMRC, etc. Is to say.
“I’m going to hang up and call you back, who should I ask to speak to?”
True in this day and age there may be a need for better authentication from the Bank to the Consumer, but even then unless there is a global system, I’d rather call the bank.
Always call the bank back. Always.
or alternatively use the in-app chat