Is Monzo requiring access to contacts for joint account opening / Monzo.me necessary & secure?

kieranmch · 15 July 2018 21:28

At Monzo we use Private Contact Discovery. We do not store your phone contacts on our backend, and our backend doesn’t even see their phone numbers or personal details. Here is a summary of the protocol.

Monzo with Friends: New Monzo iOS Update Out Now

What does Monzo do with my contacts?
We never send or store your full address book on our servers and we won’t spam or get in touch with your contacts without your permission, nor share their information outside of Monzo. If you’re interested in the details, you can read more below.

The details
We wanted to build Monzo payments in the most privacy friendly way we could, whilst still making it as simple and easy to use for our customers as possible. We never send or store your full address book on our servers, instead we use the following process to check if your contacts already use Monzo:

Your device generates a hash for each of the contacts in your address book

Your device then uploads a portion of that hash to the Monzo servers

The server checks if the hash matches any existing users and if it does, sends your device a slightly larger portion of the hashed contact

Your device then matches the larger hash with its existing hash to confirm the correct contact record has been matched

If there’s a match, we show you that contact as a Monzo contact. If there’s no match, the hash is deleted from the server and Monzo never sees any of the contact’s information.

The server never receives any of your contacts’ phone numbers, names or any other personal details during this process. The only time we transmit their full phone number is when you actually send money to that person and this is fully encrypted in transit, stored securely as part of our banking infrastructure, and only sent once you’ve confirmed the payment using your PIN or fingerprint.

Gaoler · 16 July 2018 10:09

Thanks for the reminder Kieran.
I understand this process.
Unfortunately, it relies on trusting the server.

What method does Monzo use for remote attestation?

Gaoler · 2 August 2018 23:08

At risk of flogging a dead horse, how does Monzo get consent from users for their data to be shared in this way?

Surely it requires explicit consent for Monzo to share one user’s data with another user.

alexs · 2 August 2018 23:11

The only data that’s being shared is the fact that one of your contacts is a Monzo user. The person who’s being shown as a Monzo user has to opt in before that information is shared. You’d see that if you took a look at the feature.

Gaoler · 2 August 2018 23:18

Screenshots would be a pleasure. I can’t see any request for consent when the app asks for contact access. Where is the consent obtained?

alexs · 2 August 2018 23:19

I’d suggest you try it & see for yourself.

Gaoler · 2 August 2018 23:22

Er, no. I’d prefer to understand the gdpr angle first

Rat_au_van · 2 August 2018 23:23

Monzo aren’t sharing it. By turning on the feature you are deciding to share it with anyone in your contact list who has also decided to share theirs.

Gaoler · 18 September 2018 06:57

There’s mention of this with a very short reference to Monzo here

system · 17 March 2019 06:57

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Joint accounts- allowing access to contacts Monzo Chat	19	6637	8 January 2020
Why are joint accounts so hard to open? Help	28	4824	8 April 2023
Enabling payment with friends requires access to my contacts Monzo Chat	6	4722	17 February 2017
Will disabling Monzos access to contacts break the app? Help	14	4203	6 May 2018
Why could I not open a joint account Help	35	18593	15 October 2023

Is Monzo requiring access to contacts for joint account opening / Monzo.me necessary & secure?

Related topics