They should just do away with email completely. Secure the login process so the magic link isn’t needed and then say to the customers
WE WILL NEVER EMAIL YOU AND WE WILL NEVER CONTACT YOU BY PHONE.
If the only communication is via the app along with notifications for things such as statements ready and all the other payment notifications it would make the whole process significantly less susceptable to fraud.
Something I never understood about Starlings process is the customer service PIN. If they call you, they ask you for the PIN when it clearly should be the otherway round.
Banks could make their life significantly easier if they just restricted outbound communications to their respective apps and all voice communication was from the outside in.
If your Uber Driver calls you he doesn’t know your number, his call is routed through Uber. Equally if you call your Uber driver you are connected to the their system and then the driver. The same could apply to banks. If Monzo wanted to get in touch with you by phone they could notify you in app to call a specific number at a specifc time.