When performing the current account upgrade in-app, I am asked to upload ID and a video. The app does not make clear how you store this information or who you share it with. I was not able to find this in the Monzo terms or privacy statement either.
I’ve asked questions to in-app support and while they were helpful, phrases such as “it’s a mixture”, “it’s done through our systems” and “I can assure you we look after it” are vague and did not provide the level of confidence I was looking for.
Please can a Monzo rep/leader/staff member who is able to talk in specific facts (Not assumptions or generalisations) about ID verification and PII explain the account ID verification process, specifically covering but not limited to these points;
Once video and ID is captured
- Where is it stored and in what form (file/blob/hashed/together/separated/emailed in a zip file to the fraud team mailing list)
- What parts of this are shared outside of Monzo control (Or stored in a 3rd party ID verification SaaS product) and with whom?
- How do those third parties store/retain above data and for how long?
- Do you have agreements with said 3rd parties that restrict their use of and retention of [my|our] PII data?
Then, after verification, what from the above is stored and how long is it retained for:
- If a successful ID verification is completed
- If a verification is failed
I am aware of enhanced KYC regulation in the UK and Europe. I understand why you are asking for ID, I understand the convenience it provides digitally. What I would like to know is if/after I give you a package of my video/voice and ID (fraud-in-a-box ) in digital form - which is much more concerning to me than my high street banking provider taking a scan of my ID in-person - how you are handling my PII and how you are setting controls for the providers you select to share my PII with.