Just paid my £800 credit card bill, the payment reference is my card number.
This card number now appears in the app and as a push notification. I’m not really bothered by the number showing, but I do note that my NatWest app for example blocks out (1234 **** **** ****) payment references that look like credit card numbers.
It’s a nice touch to blur this out, do you think it’s needed at all?
No it’s not needed - if your credit card provider is stupid enough to leak the card number to anyone in the payment chain without good reason then it’s their problem - and they’re liable for fraud in any case so you shouldn’t worry about it.
This kind of censoring/meddling with the transaction data can backfire in unexpected ways later on even if it comes from a good intention at first. What if it happens that some provider wants to “verify” your card by charging it and asking you for the payment reference, and it happens that the reference looks like a CC number and Monzo blurs it out - now you’re stuck.
I’ve got a similar issue in the telecoms world where any MMS sent goes through each carrier which tries to “optimise” it in good faith (to make it compatible with older phones, etc) - at the end of the chain the MMS looks like crap or sometimes doesn’t come through at all and it’s a mess to try and “undo” this damage. I don’t want the same happening with Monzo.
Yeh I get you! Perhaps not permanently block out the number but make it less visible.
As someone who was a victim of fraud years ago by someone who had just used the plain credit card number and my address (easy to find out), it’s a non-trivial activity to get the money back even if the bank is liable.
I would however be 100% behind something in the UI that when entering the payment reference, if it was a card number, switched to a monospaced font and number keyboard to make this easier. One wrong number and it’s gonna be a long day getting that money back.
As long as the app has a password or pin, nobody is going to get in and see it anyway 
Unless you also disable notifications you’d still get the offending CC number in a push notifications.
This is a good point, I’d raise it in the in-app chat of the Bank app!
Though technically, it’s your card provider’s fault for wanting the full PAN in the transaction, it would be bad of us to just say “tough”.
Long term, I think we wouldn’t want to entirely remove it for reasons discussed above but we could do something like remove it from the notification, the general feed (hopefully this would just show your credit card provider’s name and logo though), and blur it down in the bottom of the transaction detail screen until tapped. I think that would be an okay compromise for app display purposes at least. 
While a few of my credit cards had unique sort code and individual account number for card payment, most of my UK ones used a common account and had the full PAN as the payment reference
This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.