Just change your use of the Local Authentication API to allow the use of the device passcode to unlock the app.
7 Likes
Having worked on other Fintech apps and ran user research sessions on this very subject, a lot of clarity came from simply not calling it a PIN as too many users confused the PIN for their physical card with the PIN for their mobile app/online banking etc.
Call it a ‘passcode’ (or similar) and you remove the need to add additional characters to differentiate between a four digit PIN and a six digit PIN.
4 Likes
I’m a big fan of this. People love patterns.
Option 2.
I don’t see the issue with remembering an App PIN separate to a Card PIN.
It’s how my other banking apps work now.
FaceID at the minute is not great. Check your app first thing in the morning, with bed hair and no glasses, and 9 times out of 10, I lock myself out. Being able to enter a PIN in these circumstances would be so much easier.
1 Like
I feel this is more “Monzo”, doing it differently to just a regular digit passcode.
1 Like
This sounds good insight.
Out of the options above I’d vote #2 but I wouldn’t use the extra authentication over TouchID.
The Barclays app will do both FaceID / TouchID, but every so often, will force users to use a PIN.
Some functions in the app are also only available if you have logged in with a PIN, instead of TouchID/FaceID
This gets round the issue of someone else having an ID registered on your phone, which you may be happy to do, but not want to give them access to your banking.
1 Like
Option 3 - use the magic email thingy. Kind of like how logging into the web version works. It’s only very rare my fingerprint doesn’t work (sweaty fingers) and this would work for me. Nothing extra to remember and my email account is protected by 2fa anyway.
Option 2. I can’t image imagine many people struggling with having another code to remember, especially if it’s their phone unlock code / passcode. Having the passcode to unlock the Monzo app is fairly essential as the Touch ID isn’t the best workaround, especially with the hot weather, or if you’ve wet hands the Touch ID won’t work.
I don’t see this as a security feature / additional security to the app, I see it as a interface issue. I’ve had to log out of the app, log back in, click on the link sent to my Gmail, just to get back into the app because the Touch ID isn’t unlocking the app.
You can pay with the Passcode in Wallet, so entering a 6 digit (pin) code to make the payment is two more digits than you’d need to pay with your card in the first place.
1 Like
There we go… Simple solutions can sometimes be the best!
Option 3: A choice between a 6 digit code and pattern unlock (aka like Android) for those without a fingerprint scanner
Option 2 wins… it’s tried and tested and 90% of people probably have something similar with other banks and numbers are usually easy to remember.
Option 3 with emojis is probably a step too far… can you imagine someone going 
or was it
All in all, probably won’t use this feature, I’ll stick with touchID on my phone
2 Likes
Simple, just enforce using the device’s security measures, pattern/pin. Why use a different pin? Those with fingerprint/facial recognition, use that.
Why another PIN?
All my other banking apps use a 4, 5 or 6 digit PIN so not a huge problem. While I prefer fingerprint in most instances I haven’t enabled it for money transfers as a way to try not to forget my PIN too easily for when it’s required with card payments. I like this as a security measure when in the app.
Don’t make it Barclayesque with three or four different pin codes and passwords.
Barclays has a pin for card, pin for app, pin for website, pin for phone. That’s insane and very user unfriendly.
The first option is the best. Offline access is NOT required, simply because enabling the pin IS optional. So if users want offline access, they don’t enable pin. That’s it. Not to mention offline access is pretty much useless as your balance wouldn’t refresh.
Don’t start introducing complexity with different codes. Pin is already used for online payments (even though it’s the card pin), keep using the same pin for everything.
Thanks!
1 Like
No pin - you have Touch ID or Face ID - that’s all you need. I bet nearly all wouldn’t use a pin or enable it because they have Touch ID or Face ID.
My other bank accounts generally log on to apps / online banking with a username, password, and generally some piece of inputted question/answer, and sometimes a 2FA code.
This system works fairly well for my First Direct, For Example, to log in the highest access rights (i.e. set up new standing orders).
I think something like an “secret answer” or “enter 3 digits from your code” type thing could work well - but would require internet access to validate I guess?
Absolute rubbish! Not all devices have these, and with TouchID not being suitable for all due to certain medical conditions it is good to provide other options.
4 Likes
Would it be possible to use the card PIN and offline mode?
For example when the user sets up the PIN for the app verify with the server and store a token in the App. This will be the ‘passcode’
Then when the ‘passcode’ is entered it is verified against the stored token instead of the server.
If the user changes the PIN of their card they would then be prompted to change the ‘passcode’ to the app.
This may help to resolve a lot of confusion down the road and customers support requests.
The only problem I see with this approach is you would need to be online for setup.
1 Like
I am happy with my fingerprint login on Android as an alternative to a pin or pattern.
Could have SMS code or some form of 2 factor,
Could use CVC or last 4 digits of card (its secure in that you need an unlocked phone to select an app)
Ideally any direction would allow the user to decide and chose what authentication they desire. (T&Cs can state a minimum if its not enforced)