This is very important and why penetration testing and security should be taken with the utmost of sincerity.
I’d wager that most large database hacks are down to shoddy security testing which would have picked up simple human errors. Eg. MongoDB by default has a port open which can be exploited to gain admin access
Any number with a couple of zeros (before the decimal point) is a fortune to me. Is it naive to think Monzo are still learning how to meet their customer needs so they ask a little more?
I see this sort of argument thrown around a lot. I usually hold your opinion in high regard, and think that you usually manage to be big fan of Monzo and still see things objectively, but please allow me to express my strong disagreement with you on this one.
Firstly, anyone who says “trust me, I know what I’m doing. Don’t ask me any more questions” immediately looses my trust. (I know you are not Monzo, and that this is not what happened here.) I do not trust anyone with my data, just because they or someone else say I can. I scrutinize them, and then make my decision. To just say “you can trust them, simply by virtue of being a bank” is (pardon my french) rubbish. Every organisation makes mistakes. Every individual, working for any organisation can make mistakes. Do not trust someone just because they are [insert trust-inducing word here]. Everyone who wants your trust needs to earn it.
As for banks specifically: Anyone in the security business knows that “bank grade security” is usually an example of how not to do things. I’m just gonna give you three examples of this:
(That last one would be so funny, if it wasn’t such a tragedy.)
I would definitely trust the likes of Google more than my bank to protect my data from hackers. (That’s not to say that I’m not 100% aware that Google will voluntarily share a lot more data than my bank will, and probably knows a lot more about me than my bank does, but that’s another story.)
Now, about the actual question: I also find this very weird. I was never asked by any other bank for source of funds. And that’s despite moving sums significantly larger than 3k between my and my wife’s current and savings accounts back and forth and in circles, to an extent that I always expected that the money laundering or fraud alarms would go off eventually.