Payee details changed in the app without my permission?

Issue: Account details have been fraudulently updated on my Monzo account. Luckily I spotted the sortcode and account number were different, so did not send the money. I’ve notified Barclays that that is most likely a mule account on the screen shot, but they won’t take action unless they are notified by a bank

Details to reproduce: I did nothing to produce this
OS: Android
Device:Galaxy S7
App Version: Android 8.0, Monzo 3.12.1

edit removed screenshot because of personal details

If it is fraud it isnt a bug and you should contact Monzo directly via in app chat. Have you paid this person before or received money from them?

Hi guy

I removed the screenshot because it contained personal details

Contact monzo in app immediately if you think your account has been compromised. Also change your email password and phone passcode as access to your phone, phone unlock code and email is the only way someone could do this


I’m curious how the sortcode and account number could have changed if you genuinely did nothing. I’d be concerned your account has been compromised either by someone with access to your phone or your email (and they’d have to know your PIN too). I’d be changing my email password and my PIN.

And above all, report this using the in-app contact.

(Oops, just noticed @Rat_au_van has already said all this while I was typing :sweat_smile: But I’m going to press ‘Reply’ anyway just to reinforce the points.)


I did forget to mention account PIN :see_no_evil:

If someone set this up on a different device they’d need the PIN

Using the OPs phone they’d need PIN or biometric

So what happened?

A saved payee details were changed?!

Barclays changed a load of sort codes a couple of years ago under ringfencing rules, but I believe account numbers weren’t affected.

1 Like

Is the payee yourself or someone else? If someone else, is it possible they’ve used CASS to switch bank?

If a payee switches banks using CASS, the next time you attempt to pay them it triggers a change of bank account details from old to new.

1 Like

Could it be payee information from a CASS?

I noticed that I have duplicates and old ones from the far past because I forgot they would be moved over after a CASS. I realised months later.

It should be new information provided via CASS.

When someone switches to a new bank, a feature of CASS is to electronically inform banks where payments have been sent to the CASS’d that the account details have now changed and to inform the payee lists.

I’m not sure of the mechanics and how it works but it’s supposed to be seamless. If they’re not updated during the switch I believe they’ll update the next time a payment is made to the account after the switch as it electronically tells the sending bank again the details have changed and what they are.

Just one thought, has the Op been using the Merge Payee’s Lab function at all and somehow this got changed this way or did not work as intended?

If it is CASS a badge on the payee details would be good to identify the changes :slight_smile:

1 Like

@HoldenCarver, yes I’m very curious. My phone is secure and not shared with anyone. My email for Monzo is unique, so not something that could be harvested from a data breach anywhere else.

The payee was myself, hence I spotted immediately that the details had been changed to a different bank.

the first thing I did was Message Monzo, but that was four hours ago…

Any update as of yet? I’m curious to see how this happened. 18 hours for a relatively simple query seems excessive.

Not sure if it is connected. I went to make a trf to my Mum today, as I often do. However, for some reason it had her old TSB account details as recent payee instead of her monzo details. She has been with Monzo for over a year and I have made payments to her during that time. Not sure why her old TSB details would suddenly show up again…

There are so many counterintuitive quirks and oddities with how payees are managed it really could do with an overhaul.

1 Like

Checking the details of the account on google, it features in a few hits with other start-up banks as some sort of omnibus pooled account. So this might be an internal screw-up in Monzo rather than a fraud. Would be great for Monzo to clarify.
Example from another forum with the same account number:
“Revolut sent the funds to the recipient, but not from my Revolut account, but from their pooled omnibus account at Barclays Bank, London, with AC number 73152596 .”

@HoldenCarver I’ve checked and bank account payee details can be added with no PIN verification. The only PIN check is at the point of payment. As there’s no login check when opening up the app, this is quite poor security for payments.

You can enable PIN/biometric lock for your account if you wish

1 Like