How will Mondo know if my account details have been stolen?


#1

As Mondo has no restrictions on where in the world you can take your card without telling them, I was wondering, how will Mondo know if my details have been stolen and are being used in India when I’m in the UK? (As has happened before). Also what level of security does Mondo use?


(Stuart Cameron) #2

You would receive a push notification as soon as the transaction goes through, If it looks dodgy you can freeze the card immediately and contact support.


#3

Ok, but my current bank stops dodgy transactions from going through in the first place which has saved me several hundred pounds, perhaps this is a feature Mondo could work on.


(Rika Raybould) #4

It’s a valid question but I think you may be jumping to conclusions. I can use my Barclays card in many places in the world (as long as I enjoy fees) but that doesn’t mean that they wouldn’t decline a magstripe transaction in a US jewellers hours after a chip and pin transaction in the UK.

The world of card fraud is fairly complex and with more legitimate customers traveling abroad and using their cards, banks can no longer just simply decline any transaction not from the UK in GBP unless you specifically tell them (Hi Lloyds Bank, I hate you for this).

Right now, your level of protection is the instant notifications plus whatever support can do for you (not needed it yet personally).

It is almost certain that Mondo will add extra protections at auth time in to a kind of fraud detection engine as it grows in to a regulated bank.

Stopping a card at auth time is a very delicate balance, decline too little and you let fraudulent transactions happen causing customers to have to spend time reporting it but decline too much and customers can be left at a till without a way to pay and cause stress having to call around in an attempt to get the card unblocked.

Remember that fraudulent transactions can still be questioned later and the app with notifications can reduce the time to report from almost a month by the time you receive a paper statement to potentially just minutes after it happened. On the other side, if declines for fraud are made at auth time when it was a legitimate transaction, I’m hoping the app will provide a quick way of unblocking and marking it as okay for another attempt.


(ohemsted) #5

I believe that @tom mentioned in one of the Alpha launch talks that they were planning on combining location data (from your phone) and the transaction location and if these were worlds apart notify you to make a decision in real-time (accept/reject). I don’t know if this was his theoretical plan or if that was what has been implemented.


(Richard Bairwell) #6

An idea would be to allow you to set in the app “
Auto-decline transactions which:
[ ] Not chip and pin
[ ] Card holder not present (internet)
[ ] Not in GBP
[ ] Not in the UK (etc etc)
[ ] Not with a previous merchant”

When a transaction is made which matches these requirements, it is declined but a notification is produced in the app allowing the choice of “
This transaction to Xyz Inc for $12.34 was declined.
[ ] Approve this transaction only (merchant needs to reattempt)
[ ] Approve this and all future transactions from this merchant (optional maximum number of days)
[ ] Approve this and all future transactions in this currency (optional maximum number of days)
[ ] Approve this and all future transactions in this country (optional maximum number of days)”

etc. This will allow people to go “Ah, I trust XYZ Inc in the US to bill my card in USD, but I don’t expect any charges from anyone else”


(Caleb Wong) #7

Would be really great to fully use the Mondo app which can then utilise the GPS data live from our phone. (I guess we will mostly have our phone with us at the same time when we use Mondo) Thus giving the extra protection with validation of location.


#8

But so much spending is online and so many terminals are not correctly point of sale marked at the GPS.


#9

I spend lots of time in SE Asia… Out here card fraud is rife my (and my mates) cards have been hit multiple times over the years and this is a big reason why credit cards are more protection than debit cards.

If my Monzo card gets hit… And I report it as soon as the notification is seen, say within hours or max one day. Who is liable ?? Do I automatically get refunded the fraudulent transaction ?? How long does the balance update take ??

For my barclays plat visas, it didnt even appear on the statement… I got a call from the visa card people saysing "we assume you didnt just buy a rolex in Hong Kong and in singapore in the last hour… No ?? OK new cards are being dispatched to you, sorry for the freeze.

If the same had happened with my Thai debit cards I would have very little hope of getting a penny… 2 friends have lost >10k GBP from cloned cards and the Thai bank wont even talk to them, the police refuse to write police reports, they just stonewall you. For this I keep multiple Thai accounts, and move money into my card account a couple of grand at a time.


(Alex Sherwood) #10

Yes. Instead Monzo uses geo-fences + machine learning to spot when you’re at an airport. Then if you transact in another country soon afterwards, Monzo assumes that you’ve just flown there so the transaction isn’t fraudulent or that’s my interpretation of James’ technical explanation anyway :wink:


(Tony Hoyle) #11

Monzo have the opportunity to be a lot smarter with this than older banks.

Currently I have my bank blocking my card every single month on the same day because the same regular transaction is showing as ‘fraudulent’. Been going on for 3 months now. A straw poll at work showed everyone had been blocked incorrectly at some point (also the office account a year or two ago had a large (and obvious) fraudulent transaction that the bank completely missed.

This shows me (a) fraud matching has high false positive rate, whilst missing actual fraud, and (b) the feedback mechanisms are simply not there - if I’ve said something isn’t fraudulent last month it should be remembered this month.

Given the technical competency that monzo have displayed I trust them to be working on detection that’s somewhat better… and they have things like GPS data and other things like single use card numbers have been mooted.

On the second. It can change from ‘random with foreign accent calls at 9pm asking for your bank details’ to something as simple as your phone making a noise and asking you to check a transaction. That’s much less hassle, quicker to resolve and you can see what they’re worried about instantly… and can unblock instantly rather than being stuck in tescos with £100 of shopping and no way to pay.