Inhave seen on a couple of other posts on Reddit that this has happened to them too. Payments made out of my Monzo account to London Borough of Croydon. It happened overnight, so I reported it to Monzo as soon as I realised. They refunded me fully within a day, which was a great response. But having seen it happen to others, it makes me concerned that there is a specific weakness in Monzo’s security that someone who owes money to the council can exploit.
1 Like
It’s the same system as any bank card, if someone has your card details they can use it on a system which doesn’t have 3DS enabled.
if this is like Brighton council you can pay for parking tickets over the automated phone line, and probably other stuff too. Impossible to have 3DS there
I actually had 3DS over the phone with Monzo Flex once… kind of.
It went like this: I rented a car abroad, and I had given my card details to the employee so they would charge me later in the day as their card machine was (genuinely) not working at that time.
Later that afternoon they tried to charge the card, it gave a 3DS authentication which I missed as I wasn’t on my phone at the time, and the payment failed. They rang me saying the payment failed and I noticed the notification on my phone.
They tried again while I was on the phone, 3DS came through, I approved it and the payment went through fine.
Is this a merchant choice (to have 3DS on phone payments)?
I don’t see why they wouldn’t choose to have that, as it works fine technically (no reason why the customer can’t tap on an approve button while on the phone, barring UI challenges), and it would save a lot on fraudulent charges.
I’d be requesting a new card, if you haven’t already.
They’ll have done this when they refunded for fraud, there’s no way you can get a fraud refund and still keep the card you were defrauded on.
3 Likes
One way to pay your council tax I guess.
There’s no weakness in Monzos security. Someone has just got hold of a bunch of stolen card details (most likely from mixed banks), have decided on a place to use them, and are churning through trying them out - that’s why you’re hearing reports from others.
It should settle down soon. London Borough of Croydon will likely be aware, will strengthen their security by blocking the source of these attempts, and the thieves will move on to another target.
4 Likes