In App switches and location based security

(Francesco) #1

It would e be nice to have in-app switches to enable/disable on the go features like magnetic stripe (already there) contactless, cash withdrawals, online payments, etc… This would give the user more flexibility and security.

It could also make sense to block payments made from a location different than the one my phone is publishing (with a switch to turn this on and off as well).

I saw these features on another card and I like them a lot. :blush:

(Alex Sherwood) #2

So I’m guessing you’re a Revolut user then :wink:

I’m a little bit biased here because in principle, I think settings are a bad thing - they create complexity, hide functionality & make support more difficult.

I can see the appeal of those settings, it makes you feel like you have more control but…

Contactless - as far as I know, the contactless card fraud that people worry about is low. And assuming that you meet the rest of Monzo’s terms, they will be liable for fraudulent use of the card.

Cash withdrawals - this seems like a strange one to me. Unless someone sees your PIN and steals your card (again, unlikely) I’m not sure how you’d be at risk. But maybe I’m missing something?

Online payments - in my opinion, this is a bad idea because merchants like Amazon will only take your payment when they ship your order. Obviously this setting would block that.

So ultimately, I think these settings are more placebo than useful & I can’t see myself using them. But maybe others will disagree!

Display running balance with each entry
Burndown chart issue
(Mike) #3

At the same time it’s pretty handy if you don’t plan on making online purchases using that card - could stop yourself from purchasing unnecessary items online or reduce the risk of fraudulent online transactions.

(Alex Sherwood) #4

Ok but a) who doesn’t make online transactions? & b) if your card was being used fraudulently, you’ll get the notification & be able to freeze it. So since Monzo will refund that money, I just don’t see the need?

I’m definitely not the most security conscious user but it seems like this functionality isn’t serving any real benefit, as the risk is so small…

As this article explains, people tend to overestimate low probability, high impact (even if it’s only short term) risk & to me, it feels like that’s what’s being exploited here.

(Michael Jenkins) #5

If you had a secondary card for travelling, this could make sense.

(Alex Sherwood) #6

In that case you could just freeze the card until you needed to use it.

(Francesco) #7

I am indeed. They have been around for a while and I like to try different products. Ultimately both Monzo and Revolut are wanting to become a new form of bank, so it makes sense to compare the products :slight_smile:

I believe contactless fraud might increase as contactless payments become more and more popular. I personally don’t like contactless payments and prefer to use something like Android Pay or Apple pay as you need to authorise the transaction by unlocking your phone or with your fingerprint. Disabling contactless might also help with card clash avoiding to pay with a card you did not intend to use if you have more cards and more accounts. I use contactless payments only when my phone is dead.

Disabling online payments is quite interesting as it prevents someone to pay for something with stolen credit card details. Additionally if the payment fails because you forgot to enable it you might just log into the app and enable it. On websites like Amazon it should not a problem as they store your card details and get a continuous payment authority. I might have to check that. I’ve never paid attention to that.
Additionally, even if every bank refunds the money, it is an extra step the customer needs to take and, while I haven’t had occasion to leverage the Monzo refund policy, it is normally a chore simply as it involves calling a contact centre or visiting the bank (Monzo might differ on this).

Cash withdrawals are an interesting feature to block as there are many situations in big cities where cash machine skimmers are installed with many mechanisms to capture the pin number. So at least while I’m on holiday I don’t need to worry about my card and can just lock the bits I’m not using. Plus I’m rarely withdrawing cash, so as it is a feature I don’t often use it might make sense to block it.

In addition… placebo effect is a great thing. If customers feel more secure, they will use the card more :slight_smile:

But good points, and interesting conversation.

(Gareth) #8

It would only disable the authorisation, the reader would still read multiple cards and clash.

Your details are charged at the time: for example if you preorder something then cancel your card (say you lost it), the payment will fail when they go to charge it. Same concept applies if online payment was disabled. Direct debits are continuously authorized, but only PayPal uses that.

(Gareth) #9

I will add Barclays added some of the switches you talk about (ATM and online), but personally I only find the ATM daily limit useful (you can raise or lower it in £10s right down to £10 or 0).

(Rika Raybould) #10

Very true, there has been some discussion around it being technically possible to disable contactless on a Monzo debit (not the current prepaid) card by sending an issuer script over the payment network to the card inside an ATM, though it would have to be at least semi-permanent and would likely require asking support if it were to become available.

(Francesco) #11

It would, but it would prevent you from paying with the card you didn’t not
intend to use should at least one card payment go through.

(Matt) #12

This can also easily be achieved by freezing your card?

Also if people are that scared of contactless which I don’t believe the vast majority of monzo users are scared since they are making the switch to a tech first bank then perhaps monzo would consider a non-contactless enabled card?

(knows someone who knows Tom quite well) #13

Why be scared of contactless? The liability has to be on the card provider.

I’m actually much more scared of chip and pin fraud where the issuers insist that it is perfect, yet there have been several hacks on it.

(Naji Esiri) #14

We do plan to make the settings more granular at some point in future, so I expect at that point the option to toggle certain security features and notifications may be possible.

I also think there is a lot to be said for this point

Our priority is to pro-actively identify security risks and safeguard against them in the best way we know how. This may not always match what people perceive as secure based on cues that are familiar to them and it’s important we don’t ignore this. Customers should feel comfortable and safe managing their money using the app (trust counts for a lot) so as long as it doesn’t compromise our approach to keeping your money safe, there’s no reason, apart from time constraints, why we shouldn’t make efforts to provide these options for people too.

(Marta) #15

I agree about placebo effect, it’s a good thing. @Naji, but why the same wasn’t said about app pin/password that were requested A LOT on forums?

Monzo keeps saying that ‘magical link is safe enough’, but plenty users would prefer to enable inconvenience/security of having a pin/password. So what makes extra card security features different from password/pin on Monzo app? Both fall under ‘placebo effect’ in my eyes.

(Alex Sherwood) #16

When Hugo commented on this, he said that Monzo would make an effort to educate users, rather than build features just for the placebo affect. After all, if the non-placebo approach is more secure &/or convenient & you can build trust in other ways, isn’t that the better option?

I can’t help feeling that there must be a more simple & less time consuming way to address these concerns than building useless features, for the sake of addressing a perceived risk, that isn’t really there.

(Andy Little) #17

I can see Monzo’s point about educating users, but I think there is a balance to be struck and some improvements to be made. A (slightly off topic) example being the magic link for log in, I can barely go a month without hearing someone I know complain that their email account has been hacked, as it stands that will get someone into your Monzo.

Limited damage as it stands since they can’t actually spend any of your money, but down the line it could be problematic.

(Alex Sherwood) #18

And that’s why more safeguards, for the new functionality, will be put in place at that point :slight_smile:

But we’re talking about actual security now, not placebo security so lets move the conversation to the below topic if you have concerns about the magic links.

For anyone who’s wondering, here’s why the Monzo team adopted magic links -

& since Monzo are liable for unauthorised access of users accounts (as long as the user follows the T’s & C’s) , it’s in their interest to get this right.

(Francesco) #19

I’m not sure that’s good enough :slight_smile: After all Monzo are still building their trust and image.

In addition, the only reason contactless was introduced on cards is because the convenience of small transactions encouraged greater spending than with regular chip and pin. Security was not the main driver :slight_smile:

(Hunter) #20

I agree contactless fraud may increase but it is already pretty widespread. Not being able to turn of the contactless payment with a flick of a button like with the Revolut card is pretty alarming but i really hope they add this feature ASAP. It is not always handy to keep your card in an RFID wallet after all. As easy as contactless payments are and as much as i love it i have as much hatred for it due to the never ending security issues and the fact that someone doesn’t even need to mug you anymore to get your details they can just sit beside you on the train and smile at you.

Ideally i like to keep my card locked down as much as possible by disabling contactless, cash withdrawals, online spending etc and only enabling them when needed. Is anyone else like that? When traveling it really is the smartest thing to do!