Changing PIN via app?

Out of curiosity … is there a technical/regulatory reason why you can only change your PIN on an ATM (not just with Mondo but with all other banks I know)? Could this be done via the app in the future?


Ever used Revolut? They let you change the PIN from the app, but the experience is horrible.

You change the PIN in the app, then you got to a EMV machine. If it’s online then the new PIN fails the first time you use it. If it’s offline then the new PIN will always fail.

But the end result is you’re not sure what you PIN is, and getting it wrong too many times makes many things unhappy :frowning:. When I tried it with my Revolut card I ended up using an ATM (the only surefire way for the PIN to update) anyway because I didn’t want to risk my card getting blocked/disabled (and I couldn’t remember my old PIN).

I asked @tom on Thursday the same question and he said that Mondo won’t support it for all of the above reasons.


We currently don’t support changing the PIN from the app, but it’s technically pretty straightforward.

As @thomas said, it’s a pretty crappy experience. That’s because the PIN is stored on the card’s chip, so the card needs to go “online” to get the updated PIN. We’re trying to figure out smart ways around this, but we’ve not come up with anything yet. Have you seen anything you like?


I know we have to deal with the reality we have (physical card) but my thought was in the intermediate term (5 years?) we may start to see more virtual cards and that would allow for more of the in app functionality.

If I had green fields I would want to develop the ability to be cardless. For everyday, use my Phone wallet/Apple Watch. For ATMs I would generate a screen in app that would give me a long, one-time, pin code with x minutes of validity that I could enter into an ATM for a pre-specified amount. (Not unlike NastyWest has for their lost card rescue service). Since Mondo has no bricks- and no ATMs, I guess that would be difficult. Still- just an idea.

For online purchases I would love a virtual card that generated one time use CCVs - or even alias card numbers for pre specified amounts that I could manage in app.

I don’t know how to solve for your mom and pop shops w a card machine that is chip & pin only- but my guess is there is a tipping point where most people will upgrade.


Totally agree with you. I think ApplePay + multiple virtual cards for online spend get you a long way, and these are things that we’ll be implementing in the next 6 months or so.

Although I suspect we’ll probably need to keep offering a physical card for the next few years. Especially for international travel.


I have to say one of the big draws of Mondo for me is the physical card. Personally I don’t like Apple Pay etc because it means that I need to rely on my Phone being charged, and working. I’ve never had my debit card run out of battery at a bad moment :stuck_out_tongue:

Also I think there is huge scope for using debit cards as more than just dumb bits of plastic. They are a complete computer, complete with memory, RAM and very sophisticated crypto. Almost identical “smart cards”, so you could in theory have them signing digital documents, or 2 Factor Authentication, not just simple transactions.

I think a potent mix cheap physical tokens, and mobile smarts is best. The physical token allows fast, simple transactions with no need to mess around with apps or batteries. While the mobile portion opens provides push notifications and much better view of your money, plus virtual cards if you want them.


OK I get it now - totally forgot that the PIN must be stored in the card for it to work remotely! IMHO not worth the fuss of doing it in the app if its not going to work immediately. And in the future we’ll hopefully have more transactions move away from Chip + PIN into contactless/Apple Pay.

I’d be curious to know if people ever change their PIN anyway, apart from setting it to something more memorable when they receive their card … I think the capability to freeze your card from inside the app is much more useful if you’re concerned someone else may use your card.


Spot on analysis of physical tokens vs. mobile apps!

Is it not possible to change through NFC? The cards are contactless aren’t they ? so would it be possible to change the pin via an app and hold the card against a phone ? I’m not too sure about the mechanism of reading and writing to a chip, but if it’s the same chip as the NFC chip it may be possible ?


Can’t say this with 100% certainty, but there is no way is that going to happen any time soon. iPhones don’t support it, and neither iPhone or Android are secure/trusted enough to make changes to the card data on the device.

That being said, there is a company called Digiseq who might be able to make that possible eventually. They were in my Techstars batch. They do “in the wild” provisioning of EMV applications on any payment-approved NFC device.

Very theoretically, it’s possible to do what is effectively tunneling secure traffic between a card and a server through a completely untrusted NFC device. This is how JR East’s Suica stored value system has been expanding through retail in Japan recently with thin terminals verses their own rail gates and readers that need serious certification before they can be allowed to interact with production cards

EDIT: Also how you can use Suica with online merchants through either a built in or USB PaSoRi FeliCa (NFC) device from Sony, use the NFC capabilities on a Wii U or New 3DS to pay for eShop purchases or add value to your card on the go using a Bluetooth PaSoRi device and app on the iPhone.

I’m fairly sure EMV cards aren’t set up for that though. It may loosely be the kind of thing Digiseq will end up doing.

1 Like

Yeah that’s exactly what Digiseq do. They issue/sign the digital “payment data”, encrypt it, then send it over untrusted networks/apps/devices to the end-user device, where the on-board chip is able to decrypt it. It is then provisioned as a contactless payment device (although other applications are possible). Obviously the data only works with the specific device it was created for.

1 Like

+1 for the option to choose a PIN in app, but I agree that the Revolut process seems tedious. However, there might be something to learn from the land down under here. I’m not sure if the underlying infrastructure/requirements are different, but the Commonwealth Bank in Australia allows both the ability to set and change the card’s PIN, in their mobile app and website, with the new PIN usable immediately. They do seem to be the only Australian bank that I’m aware of to offer this, but it might be worth Mondo looking into. Details available below:

1 Like

I don’t see how this would work without the card going online first to received the new PIN details. Even if all terminals in Aus where online, the first attempt would be declined with the 2nd attempt being accepted.

It would work if your next use of your card was with an ATM which allows you to change your PIN - hence my suggestion above that you’d be offered a 2FA style PIN reset.

When more shops and POS offer contactless payment we will all be using that instead of chip and pin. Not often do you use you card physically for large purchases.

If your next use is an ATM then change it there?
Is your method is use a NFC type device that each user has to update the PIN? If so, wouldn’t that be costly for the bank to issue everyone with a NFC type to update their PIN?

If you next use an ATM which is capable of changing your PIN, it will update the card’s PIN without requiring the current PIN.

No NFC or additional card technology is required at all - it would work with the existing cards.

I’m sorry, this post will be very technical and confusing but - Yes, Australia’s infrastructure is very different.

There are essentially two methods to verify card PINs.
Australia is an online PIN country. Australian POS terminals can verify PIN codes online (by contacting the issuer). This is something that UK terminals generally do not do, with the exception of ATMs. UK cards therefore support and prefer offline PIN, to avoid the dreaded signature prompt.

PIN management through apps is obviously much easier for “online PIN only” cards.

But online PIN is only supported in few countries. Germany, Denmark, the United States and Poland spring to mind. An Australian “chip and pin card” might only work as a chip and signature card in the UK, France, Sweden, Finland and other offline PIN countries. (Unless the card issuer has decided to support both online and offline PIN and many don’t. If you are really unlucky, a card without offline PIN will be rejected by a Finnish train guard’s ticketing device, or a French self-service petrol pump.)

British and Polish ATMs support PIN Services for both domestic and international cards but German and Austrian ATMs don’t (except for some proprietary domestic cards - German American Express cardholders have to travel to the UK to change the card’s PIN at an ATM).

Cardholder Verification Methods are a mess. It is probably wise to have UK users change the card PIN at an ATM. If the cardholder is abroad, however, they might not have access to an ATM with PIN services and alternative arrangements would be needed.

If the card’s preferences should be acceptable to both Brits/Finns/Poles and Germans/Austrians, the so called CVM list on the card would have to look like this:

1. Apply succeeding CV rule if this is unsuccessful: Enciphered PIN verified online - If terminal supports the CVM
(possibility to use the new PIN immediately in some countries; UK cards have not been issued with online PIN first because some legacy terminals used to believe they support online PIN but it always failed; should be a non issue by now)
2. Apply succeeding CV rule if this is unsuccessful: Enciphered PIN verification performed by ICC - If terminal supports the CVM
(this is what would happen in the UK; enciphered offline PIN was formerly avoided as it would require a more expensive chip supporting cryptographic operations, but with today’s DDA/CDA-capable chips, this shouldn’t be an issue anymore)
3. Apply succeeding CV rule if this is unsuccessful: Plaintext PIN verification performed by ICC - If terminal supports the CVM
(any device should support enciphered offline PIN in this day and age, but plaintext PIN can be left in for compatibility, unless security is an issue)
4. Apply succeeding CV rule if this is unsuccessful: Signature (paper) - If terminal supports the CVM
(signature prompt happens, especially if a card terminal is improperly configured, and signature payment support is required by the payment schemes)
5. Fail cardholder verification if this is unsuccessful: No CVM Required - Always
(schemes want this; again, this will be needed for low-value self service purchases)

1 Like

Allow the pin to be change via the app, once the pin change has been requested, the user must connect the card to the app via the contact less feature of the phone (same way as you must do the register the monzo card when you first receive it through the post), and once the card has connected to the app, the pin change is confirmed. Wouldnt this be a viable solution.