Monzo Staff Weekly Q&A - Daniel Chatfield (Backend Engineer - Fincrime & Security)

Note : All Monzo Q&As to date can be found here

Good day/evening/night (depending where you are in the world) to all you wonderful people of the Monzo forum! Whether you’re a Monzo fanatic, Monzo-curious, or you only just heard about Monzo today and came online to find out what we’re all about, we welcome you, and extend a warm welcoming hand to join in with our forum fun

For all those brand new to Monzo, you should know that we love emojis. Especially and on (these seem to come up a lot in conversation, you’ll find out )

If you are new to Monzo and you like reading questions and answers, then here’s a pretty cool list. A list of what? A list of all Staff Q&A’s we’ve done to date! It’s totally OK to have your mind blown by this!

Read 'em and enjoy. Or don’t. But we suspect you will. Probs.

Week 1 : Chris MacLean, Customer Operations & Vulnerable Customers
Week 2 : James Nicholson, iOS Engineer
Week 3 : Tara Mansfield, People Operations Manager
Week 4 : James Routley, Backend Engineer
Week 5 : Hugh Wells, Customer Operations ‍♂
Week 6 : Naz Malik, Technical Specialist
Week 7 : Fred Morgan, COps Squad Captain (Calls & Social Media)
Week 8 : Emma Northcott, COps Scaling Team
Week 9 : Jarno Wolf, COps Financial Crime Specialist & Squad Captain
Week 10 : Maria Campbell, Head of People
Week 11 : Jim Amey, Night COps Captain
Week 12 : Richard Cook, Online Community Manager
Week 13 : Beatrice Borbon, Content & Press Manager
Week 14 : Tom Blomfield, CEO
Week 15 : Ella Johanny, COps/Hiring
Week 16 : Harry Ashbridge, Writer
Week 17 : Beth Scott, Overnight COps
Week 18 : Georgie Parmenter, Executive Assistant to the Founders
Week 19 : Vulnerable Customers Team
Week 20 : Leah Templeman, Interim VP People

Today I felt like making a pie chart. So I did. What fun.

That’s a visual representation, in pie format, of all Q&As done to date. And for those who say the numbers don’t match the numbers of weeks, I say, well spotted, you absolute fine specimens of human beings. A keen eye for detail! That’s because the Vulnerable Customers team sit within COps and we did a team Q&A just 2 weeks ago!

Here at Monzo we like data. Almost as much as we like people. Maybe more. Depends who you talk to. Some people really love data But the data here shows that we are still lacking certain team categories. I’m making it my mission to fix that!

So the word of the day is…S E C U R I T Y !

Please welcome, to the Hot Coral Hot Seat™️ the one and only Daniel Chatfield - Backend Engineer on our Fincrime & Security Team!

Daniel’s been here since all the way back in 2015, and is currently working on refactoring several financial crime systems to support joint accounts! (That’s right… joint accounts are coming, follow the @MakingMonzo twitter for all the deets)

Fun Fact about Daniel : There’s two public CVE’s attributed to his name!

Get your questions in, folks! Daniel will be here later in the week to answer them!

What’s a CVE? A US Navy Aircraft Carrier?

@simonb I can’t get that CVE link to work (and I’m nosey so I want to know what they were)

Hi Daniel
What are the extra security challenges with joint accounts compared to sole accounts?

Sorry - should be fixed now

Given the architecture of Monzo vs legacy banks, do you tend to find Monzo security to be more or less involved than the dinosaur competition and can you summarise why?

After reading the wiki page I’m still none the wiser as to what it means

CVEs:

• CVE-2015-2317
• CVE-2016-4751

What’s your opinion on cats?

you forgot pineapple on pizza!

What do you think is the most often thing that people forget when it comes to Security?

What do you think is the least known, yet quite important, thing about Security (and Fincrime)?

I love Chatfield. ️

What does authentication & authorization look like within Monzo’s architecture?

Can you give us any details about how you fit security into your CI pipeline? e.g. ensuring no vulnerabie dependencies are being used, security user stories, static / dynamic analysis etc.

Also, how do you ensure that all devs are practicing secure development?

How many things do you work on at a time? You’re doing the joint accounts but does that mean all your time is spent on that or is that a percentage of your time at the moment?

Why did you decide to become a backend engineer rather than any other type of engineer?

enjoyed reading your blog last year about fraud on the prepaid card

• if you can talk about it -

Is fraud on the current account at the same levels or lower/ higher levels than the pre paid having 600,000 + more customers since your last update.

Can we expect another updated blog post with details like - how much fraud is costing Monzo / preventing fraud is saving Monzo

Great questions all! Daniel will be here to answer them tomorrow so don’t miss your chance!

Hi Daniel ,

Do you have any dev tools that you use everyday that you couldn’t live without?

What’s your favourite IDE or are you totally retro using vim?

What feature are you most looking forward to Monzo releasing this year?

Interested to hear about monzos ‘route to live’.

I work as a developer at a bank and we have to jump through many many hoops to get code into production.

So whats the pipeline like after you’ve finished working on a ticket/PR? How many steps before it hits production?

Hey Daniel . A few questions if I might:

• how open can you be about your work internally? How do you balance the culture of openness at Monzo with “security”?
• how much contact do you have with other financial institutions? Do you see them as competitors or do you proactively work together to combat FinCime? Or does it depend on the organisation? (If you do all get together, I like to think that you all wear capes. Masks optional.)
• In Monzo: the telenovela, what would your character’s dramatic story arc be? Who would you pick to play you?