Had a bit of an interesting experience verifying my identity to a customer support team member over the app chat yesterday. It’s a great idea to do a verification process - after all someone could have stolen my phone and might be pretending to be me to steal some valuable information or whatever.
To verify my identity I was asked my 9 digit card token (the person would also need to have stolen my wallet) and my date of birth (again, my wallet has that). May be a little easy there, but I think this is fine - someone who has my wallet and unlocked phone basically owns me.
The problem comes later. Once I supply those details, they stay in that chat forever. The android app offers no way of deleting that information and customer support confirmed as much to me.
Now if someone has my unlocked phone, they no longer need to have my card and date of birth - they can just look into this previous chat. Obviously this completely defeats the point of this security meaure in the future.
I was advised that Monzo has to keep all correspondence on file “due to legal obligations”. Fine, but this shouldn’t be done without respect for security. There must be ways around this that would not break Monzo’s legal obligations. For example, that part of the correspondence may still be kept on Monzo servers, but can be made invisible to the user.
@Mawe iOS has touch id, Android will have some sort of pin/fingerprint layer added too. Wouldn’t this create a barrier for a thief to not be able to access chat data (as well as Monzo app in the first place)?
The point is, the verification details used to confirm your identity are stored in the chat log forever.
So, you can’t assume that when the identity is verified via the chat again, that the person entering those details is who the say they are, given, that they could have just scrolled up the chat!
Problem is, if you don’t rely on users being at least vaguely sensible we end up with a 3 stage verification process that takes 5 minutes just to enter the app…
Limit yes, but there has to be a trade off between UX and security. Otherwise, we’d be carrying around air gapped devices to do our finances on!
In this case your idea of an in app dialog to verify user details if a COPs requests it, or if they add a new FPS recipient or whatever is probably a good trade-off against verifying identity every time someone opens the app just to check their balance.
We’re starting to move into the realms of this thread on security in general.
Regarding security specifically for identity checks, I’d support @awn in some kind of in app verification engine that can be triggered by COPs, removing the need for a use to enter details directly into the chat. Could also be used to randomly verify if “suspicious” behavior was detected.
I recently had reason to use the in app chat to request help, and was asked for my date of birth as a security check.
I have realised that if anyone did gain access to my phone/ Monzo app then they could cause even more harm by simply going through my past support conversations and noting down any answers to security checks.
It seems that I can’t delete these comments.
Even better than that, if the representative I was talking to was able to delete the comment as soon as they had read and verified it.
Why is your phone not secure? I wouldn’t dream of using a banking app on a phone that wasn’t encrypted and protected by a secure lock screen. It seems this is a case of needing to secure your phone better.