Has Monzo or someone they work with been compromised?

So last month, 2nd March, I had two payments randomly come out for Now TV, one for £0.10 (I assume activation check), and another for £5.49. I’ve never had Now TV, nor did I sign I for it. So contacted Customer Support, who were really good, they refunded me and sent me a new card.

Today, 2nd April, I’ve had a payment of £5.49 come for Now TV! :face_with_raised_eyebrow:

Strange you may say?

It certainly is! :thinking:

I’ve only used my card once to activate the contactless, my card hasn’t been outside since, as I always use Apple Pay.

My question is, anyone else had a similar experience, and do you think Monzo or someone they work with have been compromised?

Do you have Share Card Replacements turned on in Labs, which might have informed Now TV of your new card details?


It won’t share if the 1st card got blocked for fraud.

Did your old card stop working immediately or did it work until your new card arrived and was activated?

No. I don’t think Monzo has been compromised at all. There’s bound to be some other explaination. Is there anyone else in your household who may have access to your card, for example?

it stopped immediately. It’s just very strange…

Nope, no one has access to my card, that’s the strange thing. It just really baffling…

Have you contacted Nowtv? If a company was taking money from my card I’d want to know why.

1 Like

Unfortunately, you have 2 issues here

1 DPA, unless their is an actual account with ur full details on ur not going to pass security

2 Most companies will not search on card details as calls are recorded and in general no company will do this again for security

I seem to vaguely remember someone else having a similar issue, maybe monzo share card replacement details with merchants isn’t working properly.

I would ask them to get an engineer to check if the new card details were shared.

1 Like

That’s not strictly true. There are 2 angles here. Firstly potential fraud and the other is that under GDPR a right of access request should flag up if any records including payments have the cardholder’s name.

What I’d be keen to know is if they have a different name registered against the card. If the cardholder has never had an account with Nowtv then you would think fraud.

But would a SAR request only give you details if you actually have an account?

I would imagine that unless there is an issue within Monzo Security that a name doesn’t have to match a card number, the billing address and name would be the card holder, regardless of the service address?

It depends how good NowTV’s record keeping and indexing is. GDPR doesn’t just cover if you have an account with a company so if they even if they have just his name it should show. But also as you say the billing address should also flag up.

What did Sky/NowTV say when you contacted them?