Hey all just want to shed some light on a personal situation and through some dirt around about wether Monzo’s account security is enough.
Unfortunately my house was broken into over the weekend and quite a few handheld tech devices were taken. As a tech savvy person anything related to me is passworded, however my house mate isn’t so savvy, she has an iPad it doesn’t leave her bedroom nobody goes in her bedroom essentially nobody ever sees she has an iPad so why on earth does she need a password in her mind? Imagine her panic a day later whilst still figuring out what’s missing etc getting a magic link email from Monzo. She hadn’t requested this and the emails already been read by someone else, (the their stole her iPad).
Immediately I told her to phone monzo firstly I when she rang she was presented with a little automated message followed by a (if this is urgent please use the in app chat) message.
Normally I think the chat is fine but in situations like this I think it’s perfectly fine to want a human to reassure you they’re doing everything for her and now three little dots to denote the fact somebody is typing a message.
So I’ll give monzo their praise here they immediately froze her account which she was told would stop any payments coming in or leaving the account - and then this is where it all goes funky.
Someone has access to her email which she can’t change the password too because of Microsoft requiring time for validate a change in security credentials she’s not a tech savvy person so doesn’t have MFA and backup codes safely stored.
But from the point they froze the account she could still login but was unable to perform anything. I assumed the time they froze the account was to allow them to make it safe, e.g change the email, change the pin but no. Anytime she spoke to them she got a cut and pasted message that someone would get back to her soon bla bla bla as if she was a customer who’s account had been frozen and they couldn’t talk to her under the rules of not tipping off which was not the case here.
So several hours later she got a message in chat saying they had completed their review and her account was now good to use.
Well I ask what on earth did they do in this time? Nothing it seems to me and she had told them several times while her account was frozen for a few hours that she would like to update her email as the their has access to her email account. This was updated but only after her account was unlocked.
Also is it now time for some sort of secondary password or pin or even a SMS to login to a monzo account? I don’t know any other bank in the entire world that allows a customer to login with just a magic link and not even any device enrollment.
If this was her lloyds account they would’ve never gained access due to it having a password and not just a link in an email.