[Premium Plus] Rotating Card - Physical, Apply Pay

[Monzo Protect] Rotating Card - Physical, Apply Pay

Howdy all,

I have a unique feature request / product request for the Monzo suite, I am conscious I’m posting this in a public domain so I won’t go into too much detail, rather the concept. I’ve been a user of Monzo for around 9 years I think, I’m a beta user and an avid Monzo customer.

I propose a new card / a new premium feature that’s aimed to protect users of Monzo against Cyber Fraud (I’m a Senior Product Manager in Cyber Security).

Solution:
Introduce a Rotating Card system — physical and virtual — where each transaction is processed using a unique card number (PAN), expiry, and CVV, rotating dynamically.

Both a physical card and digital version for Apply pay / Android pay that rotates temporary card number and details. Tagging on the temporary card feature in a rotation manor. For every purchase, a new card number is generated, both for the physical card and digital one.

The physical card to work in the same was as the digital one, treating it almost as a symlink to the latest rotated card number, expiry, cvv.

But why?
Threat Actors are more prominent that ever at the moment, with breaches across the retail industry at the moment, tensions are at an all-time-high, we can’t be dependent on retailers protecting Monzo consumers. Monzo should be adding additional levels of protection, Rotating Monzo Card (Or Monzo Protect - not quite sure yet on name) protects Monzo customers making purchases without putting additional steps on the customer. As of today, can you do this? Kind of, with temporary cards it works with online purchases but there’s a few steps. We need to secure in-person purchases, the Monzo Rotating Card will do all of this automatically by ever purchase using different details.

One edge case will be where refunds on purchases need to be sent back to the card, I think having 2-month period where each temporary card forwards back to the original main card will need to persist. Of course I’m not aware of the costs in the backend Monzo have with temporary cards, but assuming it works in a similar way to IP Ranges, this could work with little additional cost.

• PAN tokenisation / dynamic PAN assignment.
• Backend architecture needs to support:
• • Session-aware PAN rotation
• • Expiry/CVV linkage for physical and virtual cards
• • Transaction tracing for refunds and chargebacks

I for one would pay for additional tier for this feature (As a Monzo Max customer). The ease of user for this would be amazing. Id have two cards (Similar for Flex) one for main purchases, other ones for more unsure risky purchases.

Monzo Impact?
Market-leading security feature, true stand out from the rest.

I’d love to see this considered in Monzo’s Premium roadmap. If it aligns with upcoming security or fraud initiatives, I’d be more than happy to discuss or workshop further with the team. Let’s make card fraud irrelevant for Monzo users.

Google wallet creates virtual card numbers for linked actual cards when used for transactions to help protect the actual card. If a Monzo account generated a dynamic (new) card number each time, wouldn’t this break Google Wallet functionality in it’s current implementation?

Not sure about Apple Wallet but I’d imagine it’s the same.

That’s the beauty of it, this could be built on top. Monzo would be assigning this at the lower level of the payment stack, the banking side.

Apple Wallet does not rotate card numbers each transaction, their temporary DPAN remains the same for each device UNLESS you remove and add the card again.

Google Wallet does use a similar method but it rotates security code.

They do not provide per-transaction card number rotation. The DPAN remains constant for a given device and card combination, and virtual card numbers are typically static per merchant. Therefore, if a merchant’s system is compromised, the associated virtual card number could potentially be exposed.

And again, this would also support manual payments required with a physical card, not just mobile payment.

You can’t add single use cards in Revolut to Apple wallet, probably because the complexity and needing to auth it each time it needed adding?

Not sure the stack wallet end could handle it so frequently.

That’s what concerns me about dynamic card numbers - Apple/Google wallets wouldn’t work with them?

Personally, I’d rather have my GWallet functionality working.