So firstly some background of where this comes from I’m a software developer and I’ve been looking into the security of Magic links (auth via email) and from the research i’ve done so far the level of security most companies put into magic links in their auth (Including Monzo but i won’t name drop anyone else ).
So onto my point lets not kid anyone that email is secure, there are plenty of people that will argue it’s the person’s email is for them to secure but there are times that people leave their phone unlocked or walk away from their computer in an office plenty of time for someone to send an auth message for monzo and forward that onto them-self.
So my question is if we ignore the details on how someone could manage to get a login email for my account and someone did get into my Monzo account. What is in place to stop someone hijacking my account, changing my details to their own and requesting a new card to be sent to the new address?
Just to add if this isn’t something monzo are happy with discussing in public i’m happy for the post to be unlisted.