I’ve used a few other banking apps and noticed some improvements they have in security of payees versus Monzo that would increase the safety of the app I feel.
I’ve got my saving accounts added under my name as a payee in Monzo, and when I sent money to the account the first time (lets say I opened a new savings account in my name), and I’ve made small payments to make sure the money has arrived in the new account, if I go to my transactions and tap the payment, I can choose to send money to this account again.
Now the difference in Monzo vs some other apps are that in other banks apps, this takes me to the bank transfer screen but the payee, sort code, and account number fields are read only, whereas with Monzo you can edit the details. I find this a less secure way of paying your known and safe accounts if those fields can be edited via that workflow.
It’s all fine if you’re creating a new payee, but this is trying to pay an existing payee which shouldn’t allow modification of the payee, sort code and account number fields (IMO), if you want it to be a little more secure.
I’ve also found when editing payees with Monzo it’s quite lax compared to Starling which is the other bank app in question. I can edit payees with ease once I’m in the app, but with Starling you need to put your password in to edit existing payees (i.e. trusted ones).
I’m sure this workflow wouldn’t suit everyone but it’d be nice if Monzo had an option to treat your account with a higher level of security then that’d bring it up to the level of Starling and other banks that protect payees in this way.
If this was put in place, it’d also be a good way for Monzo to know if those payees or accounts are safe without triggering any security alerts if high payment amounts are tranferred to them, (based on the payee being yourself, Confirmation of Payee (CoP) matching and a payment has been made to said account and it’s been there for a length of time).
So if I somehow got your phone, knew your phone pin, got access, got to Monzo, found a recent payee, edited that to my details, I’d need your Monzo pin to confirm the payment?
You’ve missed the point, it’s not about authentication.
When you want to pay an existing payee, you can authenticate all you like at the end, but it defeats the purpose if you can easily edit the other fields.
Even when you go to a saved payee it’s the same workflow, so you have to be extra sure of the details when making a transaction. It’s less trustworthy and secure, and prone to an error occurring.
If I’m on the go, outside and in a rush, I can be more sure I’m transferring to my own account and not making a mistake with other bank apps who have this. Take for example being outside with the sun shining down on the phone, it’s harder to verify all the details or I haven’t accidentally changed them during this workflow.
It’s about guaranteeing you’re paying your saved account/s which other apps have that make them more secure for larger money transferring or keeping large amounts of money, which is what other banks (even app only banks) have as an advantage on Monzo,
Yes! I see what you mean now. No, I wasn’t proposing to disable editing a payee etc, just that when you go through the workflow to pay an existing payee from a transaction list, or pay them in your saved contacts, it shouldn’t allow you to change those fields. Changing the payment amount or reference is fine (and what other banks do).
There is also an explicit edit payee button in the app which wouldn’t be affected, and yes the confirmation of payee should still stay there.
I believe it’d make your account more secure and Monzo shouldn’t trigger security alarms if you pay an account which you’ve had there for ages, and have already paid it before (and it’s in your name), some money. Although I think they’re pretty lax on that scenario which is fine.
I don’t want to introduce it to make the payments harder for anyone, I just noticed a benefit and less stress of having it locked when I’ve used other banks.
I see your point, it’s either here nor there for me. It’s only me that ever uses the app and phone so I’d have no concerns about how when or where I can edit payees.
Totally get it, yeah it’s why I suggested it as I think it wouldn’t harm the majority’s usage. I think of it like the setting in the Monzo app to toggle whether you want to lock the Monzo app for extra security. It could be a toggle to make access to your account in app be a little more protected.
I also think it’d make it safer for people like my Mum and Dad to use it, as they get confused at times trying to do these things.
I wish I was a secure as you in myself to not make mistakes
I have 9 accounts under my own name, and each of those labelled as their account name ie Bills, Savings, Revolut etc and can see the details before tapping.
That’s screen itself could probably be removed with the edits on, and just have the details on the amount screen.
This feature is needed , monzo should just add extra step if you need to modify the payment details.
Rather than just letting you modify on the fly it’s more about.
It’s a badly design workflow , and unnecessary for it intended purpose. You are not going to be changing these details on the fly or every time you make a payment.
Yep, I think it does show the account details, reference etc at the end so yeah that first screen could be skipped. Although some people like to see the details when you are entering the amount, and from the Android app there’s a lot of screen space on the amount and reference page so it could be displayed there if some would want that security.
One thing I tested just after my last post, is that when I go and edit a payee I’m not asked to authorise the changes which is what other apps do, and it doesn’t check CoP at the point of saving, only when you go to make payment.
Some might hate this, so perhaps a setting would allow users to have payee edit protections, or maybe a setting added to payees you want to protect (i.e. your own accounts) from being edited without extra security.
Yep, I thought I’d mention it because it hasn’t changed since I first started using Monzo, and I thought it’s a benefit in other apps where you can transfer larger amounts due to the difference in workflow security.
I’m glad my suggestion is making a bit more sense to people
Maybe you’re not sending large amounts to warrant such security
I’ve just had to transfer savings from one bank to another via my linked Monzo account and it always makes me worry using it with this lax workflow in place.
