It’s becoming quite common for thieves to forcefully require you to give them your phone passcode as well. Here in London is definitely not unheard of. Had a colleague walking down near Liverpool Street approached by guys on bicycles, they threatened to stab him if he didn’t hand them the phone with his password.
In this scenario FaceID to open the app is a bit useless since they could reset it, then open the Monzo app to transfer money or whatever? Wouldn’t it be better to be able to set a different pin altogether just for opening the app? (HSBC has something similar)
Secondly, please no, that is a PITA and to be honest if they’re forcing a PIN to get into the phone then I would, sadly imagine that this would be the same for the PIN & unlocking Monzo too.
It has been a while since someone brought this up. I’m gonna strap myself in and prepare for the ride
(good suggestion OP but it’s unfortunately not a popular one. It gets brought up once every few months and the discussion digresses into security in general and all sorts of crazy edge case scenarios)
They wouldn’t be able to transfer any money, because all such actions require your Monzo card PIN (or FaceID/TouchID if enabled). The most they can do if they could reset the app and sign in is to see balance and transactions.
I think this is the point that OP is referring to.
As long as the card PIN is different to the Phone PIN, you should be covered in the scenario they give
As in you can give the thieves your phone PIN, but they can’t do anything without your card PIN, and they wouldn’t know that until later.
I don’t see how any kind of app lock, Face ID or PIN or otherwise makes a difference here.
If the thief just snatches the phone, you’re safe from transfers whatever state the phone is in, as they need to know your card PIN.
If they go from straight snatching to violent crime by demanding PINs or phone unlocking, it doesn’t matter how many different PINs you have if they’re prepared to threaten you for them.
I think this bit above is the key point in your message, but the solution you’ve proposed is perhaps the wrong way of thinking of it.
Quite a few apps will log you out and force you to re-enter your password and reactivate FaceID if any change is made to your device security settings or FaceID.
I’m not sure the Monzo app is one of them? Really and truly, if a change in settings is detected, you should be forced to log back in with a magic link + card pin. I think this is one part of the security theatre that more traditional banks do get right.