Flex Account

A person or persons unknown have created a Flex account on my wife’s personal Monzo account.
My wife has never given out personal financial information on any platform.
Never ever asked for one time pass code.
No one knows her Passcode on her phone or any of her bank cards and her phone is also facial recognition.
Monzo believe she has set up the account and spent £2k at an Apple Store in London while she was at her job in Middlesbrough.
My wife is trained in Data Protection and is well aware of the consequences of divulging information personal or financial.
Monzo has said either she opened the Flex account or she has allowed persons authorised access to her account.
Had anybody else had a Flex account set up
on their personal account without their authorisation ??
Needless to say The Monzo app is clearly not fit for purpose if criminals can hack it without the users knowledge and the user only finds out when a Flex account appears with a purchase not made by the user.
Monzo are a complete and utter disgrace!!!

I have read all of the replies, some are helpful and some need to filed under fantasy ie having an affair.
I have checked my wife’s email on the so called dark web and it is not suffered a data breach.
I have checked if it is possible for a iPhone to be hacked by a phone call it’s not possible.
I have checked if my wife during the phone call gave out any information that would allow access to her Monzo app ie password to email, PIN code to iPhone, switch her facial recognition off etc and she did not.
I asked if she repeated the OTP code that was sent to her during the phone call to the person on the phone-she did not.
I asked if she had downloaded any apps recently and she has not.
I asked her again if had applied for a flex account and she told me the first she knew about it when she checked her Monzo account after the phone call.
I asked if she had checked her Monzo account for any suspicious transactions and they were two card checks no money was taken and it is not possible to report these suspicious transactions in the usual way on Monzo because no money was taken therefore you have to report this in chat!!!
Also trying to report fraud ie a Flex account taken out in your name again this has to be done in chat!!!
Well if you didn’t apply for the account how can you say I don’t recognise the transaction at Apple?
By answering the questions in the app you are agreeing that you took out the flex account which she did not.
So gross negligence is defined as this,
**Gross negligence is when an individual makes a conscious and voluntary decision to do (or not do) something, with a clear understanding of a foreseeable risk of loss that is directly attributable to that action (or inaction).
Clearly my wife gave out no information that would allow persons unknown to access her Monzo App
To all the know it all on here suck on this

It’s impossible to set up a new account without logging into the app, which requires access to the email account and possibly an ID verification video.

This is beyond the forum’s pay grade.

Sounds like your wife either entered details into a fake website (social media or similar) or received a fake call pretending to be monzo.

Flex can only be opened by those who have access to the account.

Could have also gained access to email, so I’d ask your wife to change all their email passwords and set up 2FA (two factor authentication).

Also worth check for any suspicious apps installed, such as AnyDesk or TeamViewer.

For this to have not happened from the device she uses, the hacker would have needed to compromise her email and also record a video as herself to verify the new login - essentially very unlikely

You should look closer at other people who have access to your device physically, it’s the most common and likely outcome to be someone closer than you never have imagined who set it up

Other than that, to setup a Flex account and share the details someone would’ve had to social engineer you to do so, probably claiming they are from Monzo when they weren’t. But from the post it seems like you’re saying the flex account just appeared with a £2k transaction out of nowhere?

Thank you for your reply but I can assure you my wife has not given any financial details to anyone or allowed anybody else to have access to her account.
The reason I say this is quite simple because I tell anyone who asks for financial information from me on any platform to … off and my wife is no different other than she refuses to talk to them.

Thank you for your reply but my wife has never given out any financial details on any platform
other than face to face ie in a bank and puts the phone down on anyone who asks about her financial details.

Is the monzo app still logged in on her phone? As far as I know it can only be logged in on one device at once

Is your wife on Android? Has anyone, at any point, conceivably had potential access to her phone?

These are really the only two threat vectors with Monzo where it would be possible for someone to pull off this kind of fraud.

Unless the attack originates from within Monzo itself, which, whilst not impossible, is highly unlikely, and nigh impossible to get away with.

My wife received a OTP text and immediately suspected fraud.
She contacted Monzo, who by the way were useless.
Monzo had already suspected suspicious use of a Flex account my wife had not set up and froze the card and asked if she wanted another card she replied why on earth would I want another card on a account I did not set up?
Monzo has now blamed my wife.
I can confirm my wife refuses to give financial information on any platform other than 1 to 1 at a bank.
She will not act upon texts and I have checked her email has not been compromised.

I can confirm no one has access to her phone and because of her job she is trained in Data
Protection and is well aware of the dangers of divulging information personal or financial.
Monzo believes she has allowed access to the said Flex account she did not set up or she set it up herself.
That is just not possible her phone is never out of her possession and no one has access to it including me.
It is clear The Monzo App is not fit for purpose.

Monzo will see what device the flex application was made on, and likely used that in their reply.

Did you change the passwords of the emails to be sure?

I can confirm her phone is facial recognition and no one knows her PIN code other than herself.
Also we don’t need a £2k flex loan we have plenty of money.
It is inconceivable that my wife would set up a Flex account when she has access to five figure sums within a joint bank account.
Monzo app is not fit for purpose.
I am closing down my personal Monzo and
Buisness account- I need a bank with a physical presence and i suggest to all on the community to do the same

I can confirm her email has not been compromised.
I can confirm we do not need to set up a Flex account for credit needs.
I can confirm access to her phone is facial recognition.
I can confirm my wife not give out any financial information on any platform other than 1 to 1 in a
bank.
Monzo App is not fit for purpose.

I guess the answer to changing the email password was no.

How did you check it wasn’t compromised?

Is it an Android device?

There are really only three (four, but highlighy unlikely) possibilities here:

1. She applied for Flex
2. Someone else access her phone, applied for Flex, and used the card details to buy something
3. Someone hacked her phone, remotely accessed the Monzo app, and carried out the process in possibility 2.
4. A rogue Monzo employee defrauded your wife (very unlikely).

There’s no other possible scenario here (though there’s many potential explanations for the following fraudulent transaction). Monzo is fit for purpose. The threat vectors for this kind of fraud with app only bank are far narrower than with the traditional banks.

The only pitfall really is that if someone gains access to the device, they’re pretty free to cause this kind of damage. Monzo conduct no additional security check prior or during applying for Flex.

Something’s not adding up for me here, and anyone will tell you, I tend to take these things at face value. But there are other potential possibilities for this predicament, but someone, either you, or wife, or both, must be lying for them to be possible.

There’s really not much additional guidance I can offer I’m afraid. It’d be very hard to prove any of those possibilities are what happened to Monzo. Beat you can hope is to report the transaction as fraudulent, cancel the card, close flex, and hope she gets the money back. It’s a credit card, so if it’s genuinely fraudulent, I don’t see why she wouldn’t get the money reimbursed.

Her email has lot been compromised

I honestly don’t think it’s healthy even insinuating this.

I also must add that on my wife’s device she also had access to my Buisness account with substantial funds in there however the criminal took no notice therefore it is very unlikely a flex account wa set up on her device which means Monzo is not telling the truth.

Just putting all cards on the table here. There’s so few ways a fraudster could pull this off, and that’s one of them. It’s happened before at other banks so it’s not out of the question. It would though, I’d imagine, be glaringly obvious to Monzo if that’s happened.

Report police and/or action fraud?

You keep saying the email is not compromised but I would query how you are so sure.

I really think the only feasible way for such a fraud to take place would involve some form of social engineering, which in turn would mean your wife has given a level of access possibly unknowingly.

IP on login.
Device make/model/unique identifiers all would be held by Monzo.
I find it bizarre that Monzo would be taking such a hard stance if this did not show that it was her device used.