Location-based security - Lending my card to backpacking nephew!


(Bob) #1

Newbie here, found out about Monzo last weekend, signed up yesterday afternoon, received card this morning :grinning:

I got this card to help fund my nephew’s 6-month backpacking trip around Asia. The idea being that family can top-up occasionally. I’m impressed with the security features, particularly being able to freeze and defrost at will. We will each have the app installed on our iPhones, so I’m trying to understand how the location-based security works.

As I understand it, the phone needs to be within 500 metres of the card’s use. Is that correct? Does that mean if I open the app here in UK, my nephew thousands of miles away cannot use the card (since he’ll be logged out when my device logs in)? I’m guessing that all he needs to do is log in, so that my device is automatically logged out, and his phone is now geolocated near the card? Or have I completely misunderstood how it works? :confused:

I’ll have my card back when he returns in July… the more I read about Monzo the more I’m liking it :heart_eyes:


Do you use local location security
(Alex Sherwood) #2

I haven’t heard of that but you might run into problems with Monzo’s fraud engine if you’re logged in, in the UK & your nephew transacts in Asia.

And since you logging into the app will log him out, that might make life difficult if he doesn’t have reliable access to a data connection.

To keep things simple, how about getting him a Monzo to sign up for a Monzo card too (assuming that he’s over 18 years old)? Then whenever he needs a top up, you can send the money from your account - it’s an instant transfer.

Especially as it sounds like you’ll want to keep using your Monzo account while he’s away too :wink:


(Bob) #3

Yeah, he’s over 18 but the idea of getting this card was to appease his mum, who’s fearing the worst and at least this way we can keep tabs on him and will be in a better position to help out with things like a lost card. He’s certainly considering getting his own account when he returns… he’s leaving this weekend.

We’ve considered the loss of data connection issue, so I’ll only log in UK evening times if I need to, while he’s passed out! That way he can log back in from the hostel when he wakes up.

The fraud issue is the one I’m trying to avoid by understanding how location-based security works.


(Marta) #4

I think it would work a lot better if nephew got his own card. You can send monies to Monzo via direct bank transfer, quoting correct references - straight to his account, check this out.
OR you can Monzo him money from your Monzo, which is instant as well. Seems like a lot less hassle than this log in, log out business you proposed! :smiley:

In case of total mess, if you’d have emergency access to his email account - only then you could log in to his Monzo on your own phone. I don’t recommend handing over password to email in general, but it could be done with lastpass and ‘emergency access’ functionality (you request password, wait set amount of time, if owner of password doesn’t deny access, you get password).


(Bob) #5

Yes, we understand that it’ll be easier if he had his own account, but there are genuine reasons why we would find it useful for him to use mine, and he’s absolutely cool with that. I’m just looking for confirmation that the geolocation of his phone is enough for location-based security to approve the transaction.
I guess he could always turn off location-based security in settings, but I’m not sure if that will affect the likelihood of the transaction not taking place.
I don’t think either of us would be comfortable with sharing access to his email account :scream:
Whilst looking up info on Monzo I came across an article which mentioned the geolocation of phone to transaction being within 500 metres of each other and assumed this to describe the location-based security feature, but I can no longer find the article :sob:


( surohpotsirhC) #6

If one of you is using Android and the other iOS then it’s possible to both stay logged in.


(Bob) #7

Thanks Chris, we both use iPhone, and if what you say is true wouldn’t that cause issues with location-based security?


#8

Yes it is possible to log in thru 1 Android + 1 iPhone at the same time. It is not possible to sign in thru 2 Android or 2 iPhone.

Like @alexs I have not heard of any 500 metre rule and indeed I have used my card when I have not had my phone on me…but not sure if I was just inside that 500m boundary or outside it


(Bob) #9

Thanks Richard, that gives me an idea. I’ll switch my phone off before my drive to work, then stop off at the ATM machine on the way to see if my card works. Presumably location-based security will use my last known location, at least 4 miles away. This should at least confirm if the 500 metre question applies.
I’m beginning to think I imagined this, since if a phone battery dies, no transactions could take place outside 500 metres of the last known location.


( surohpotsirhC) #10

Not sure about the 500m thing but logging in from two different countries would definitely cause some issues.
Plus, you’d potentially lose the benefit of the trip report.

I wonder if it’s possible to login via the API and view this without causing a logout. I think so.


#11

If you ask through the in-app chat the security team can give the correct response. Seems no one has a clue here!

I know you’re not looking for feedback on your plan but it’s the internet so here you go. It’s a very weird workaround to keep tabs on a loved one via a financial institution, seeing where he is all the time and exactly what he spends… how old is he like 15? Why not just give him the card and let him spread his wings as he is trying to do, tell him his mum worries a lot so make sure to whatsapp her every day? Like all the other people in the world.


(Bob) #12

I found the site where I read about the 500 metre rule: http://thebackpackertravels.com/2016/06/monzo-cheapest-way-to-spend-abroad/

Quote: Your card won’t be blocked for fraud. When you make any card transaction, the authorisation message contains the location of the merchant, often down to the street address. Your smartphone has access to GPS, so it knows where it’s located at the time of the transaction. It’s then trivial to compare the geolocation of a purchase with the geolocation of your phone. If the two locations are within 500 metres of each other, it’s probably a legitimate transaction.

On other threads here I’m reading that location-based security operates on the location of the machine where the transaction is taking place, which leads me to believe that the above quote is incorrect. This would indeed cause issues if I log in from UK and moments later my card is attempting to make a transaction abroad.

Thanks for all the input here. I’m now trying to convince my nephew to open his own account!


#13

thanks for that. I had found absolutely no mention of the 500m rule on this community so it is interesting to see the source


(Rika Raybould) #14

Interesting, I’m not even sure the API that Monzo calls on iOS is even reliably accurate to 500m. :thinking:


(Jolin) #15

As a data point:

  • I have location-based security switched OFF (and always have)
  • I recently lent my wife my :monzo: card for a week whilst she was waiting for a replacement for her stolen :monzo: card
  • I remained logged into the :monzo: app the whole time, she was still logged into her account on her phone
  • She used the card at various locations across the city, definitely more 500m from where I was – but not thousands of miles
  • No problems at all, no card declines

(Tommy Long) #16

The 500m is clearly just illustrative of the concept, not an actual hard number.


(Bob) #17

I wasn’t really questioning the 500m distance, more the fact that the website claims that the geolocation of the phone was taken into account. I’m not convinced that the location of the phone is relevant to location-based security.

This claim led me to believe that so long as my nephew was logged into my account on his phone while using my card abroad, the transaction would be processed. I no longer believe that this is the case.


(Tommy Long) #18

I think you’d still want to check with a member of the team… I think the phone’s location is taken into account but in a smarter way than a simple distance check. Also, there’s a good chance that the algorithm will change over the next 6 months.


(Bob) #19

I understand that you get a welcome message via the app on arrival to a new country? So if I were to log in from UK while my nephew was already abroad, this could trigger possible fraudulent use.

In any case, I convinced my nephew to apply so he should get his card in the post tomorrow, and I get to keep mine :smiley:


(Tommy Long) #20

It’s good to hear he’s getting his own card, that does seem like the best solution.

If you wanted to keep an eye on his usage whilst abroad then you could look into using the API (or one of the existing integrations) as this would allow you to view usage without properly logging in.

I think you’d need access to the email account that the card was registered against though (although I’m sure the email address could be easily changed via in-app support)