Improve Account security via in-app chat


(Not Theresa May) #1

I think monzo needs more rigorous security - I forgot my pin code and put it in wrong - my pin was blocked and all I needed to unblock it was to open chat and say my date of birth

Perhaps asking the customer to take a photo of themselves whilst writing their name on a piece of paper or something might be more secure?


Security and Monzo
(Hugh) #2

How?! If I have your app, I know your name and I can very easily write on some paper and take a picture.


(Ben) #3

I think that is what they are implying :wink:


(Alex Sherwood) #4

Ok so how many breaches have their been because of the current design, who is liable for those breaches & how has this impacted you?

If you can’t answer the above questions, I’d suggest you’re not in a position to judge whether the security is sufficient enough or not. And given that Monzo’s team are experts, I find this post odd.


(Danny) #5

Does your phone not have pin code or touch ID on it?


(Not Theresa May) #6

I meant taking a selfie holding up a piece of paper


(Not Theresa May) #7

I don’t know about any of this, but I’m just saying an idea based on my experience in a community designed for constructive feedback :slight_smile:

Perhaps a member of the monzo team may see this post and it key factor into future app development - that’s what I like about monzo and it’s community - the company is driven by its users


(Allie) #8

As I’ve said before, once someone has got into your phone, all bets are off and you’ve lost the game anyway. Perhaps (if it doesn’t already) Monzo should enforce that your phone is locked?


(Not Theresa May) #9

Yes it does have a pin code, but imagine if the phone was unlocked - dob/address is not too difficult to find


(Allie) #10

If the phone was unlocked, you’ve just lost everything. Emails, 2FA codes (hoping you’re even using 2FA), social media accounts, EVERYTHING. Your life is in a very bad place at that point. Make sure that never happens.


(Alex Sherwood) #11

You’re right it was constructive :+1: but you’re suggestion a solution to a problem that doesn’t exist. How do I know that?

Monzo are liable if this enables security to be compromised so they have an incentive to fix it, if it’s broken, which tells us it isn’t.

So these posts frustrate me because a) no one in this community is an expert on security b) all they do is worry other users some of whom won’t have the context to judge how seriously to take these concerns c) it’s impossible for any of us to judge how much of an issue any of this stuff is.

But as I’ve said, Monzo have a financial incentive to make sure that their security is robust & as a bank, they have some of the very best people working on this.

Aside from that, it was a perfectly reasonable post!


(Sy) #12

How many breaches there have been, who is liable, and weather they were affected is not the point. If users feel concerned about the security of either their funds or their data they will feel that way so no need to belittle them in your reply.

The fact they can not answer your questions does not distract from the fact they feel that way and have valid concerns (even if they can be answered or addressed) and rightly can make their own judgement.

It is not only the techies at Monzo who can make such a judgement, even though their judgement is based on more information or details than are publicly accessible to normal users.


#13

Yep

So you’re into my phone. How are you going to get that 2FA Code?


(Alex Sherwood) #14

It wasn’t my intention to belittle anyone.

The concerns can’t be addressed by the community so if a user has concerns about security, it’s best if they contact support.


(Hugh) #15

Isn’t this the whole point of the forum? To discuss ways people think Monzo could be made better?
I do find it annoying when unnecessary new threads are created though as there is already a dedicated app and customer chat security thread.


(Allie) #16

Okay, Authy can. But if you’re using the Google Authenticator app or other apps. Yes, you CAN lock individual apps. The point stands that most people have far bigger worries than the Monzo app and they don’t even know it.


(Alex Sherwood) #17

If you want to spend your time discussing a solution to a problem that doesn’t exist then yes.

I was just pointing out that a) it doesn’t exist & b) the concern can’t be resolved by other users.

For the record, AFAIK this isn’t a duplicate post.


(Danny) #18

Monzo: Just to prove who you are can you please send us a selfie?
Thief: yeah sure no problem… Scrolls through phone finds selfie and sends
Monzo: Thanks for that, now how can we help


(Andy Little) #19

They’ve been contacted by email. I know they’ve ignored my email for certain. Given how often this has come up there must have been other people emailing.


(Alex Sherwood) #20

That’s a different issue which has it’s own topic :slight_smile: