We have a lot of folk come to the forum because they’re trying to log back into the Monzo app but are accidentally going through the sign up flow.
I logged into Curve the other day and they have a neat flow: you just enter your email address then Curve identifies whether it’s a new account or an existing one automatically and manages the flow appropriately from there.
Given how many people I speak to daily that have started signing up with the wrong email, I think something like this would be FAB!
People will call or message in on social getting stuck as the app is asking for their phone number, at which point I already know they’ve used the wrong email. A little pop up on the app that says like “looks like you’re opening a new account is that right?” or something would be amazing (and has been suggested a few times)
I totally understand the appeal, but companies tend to avoid this sort of flow because it reveals information to potential hackers (or usually in this case, so called social engineers).
By not having an API endpoint that takes an email address and returns a status indicating an email address exists with Monzo or not, it helps blanket protect Monzo customers from simple phishing emails.
The API (and app) should just always say “great, we’ve sent an email”. You can test this by entering a completely made up email address - the app will not say “it doesn’t exist” - even though Monzo knows and won’t even attempt to send an email.
This behaviour is common security practice and when it is not followed, usually indicates to me the company may not be as security conscious as I would like, and potentially not follow standards elsewhere. But that’s just my own observation and is mostly anecdotal.
I wonder whether there’s a privacy issue with this idea. In theory, it would mean you could download the app and simply enter anyone’s email address to determine whether or not they’re a customer - which would be an invasion of privacy.
Conversely, if you knew that someone was a Monzo customer, you could use the functionality to try to work out their email. Given that Monzo has at least one celebrity among its fan base, this doesn’t feel to me like a good idea.