Protecting customers from the Ticketmaster Breach: Monzo's story

You’ve made the BBC front page news!

I haven’t had an email from TicketMaster which I guess means they don’t think I was a victim. Not sure that I trust their judgement of that though.

1 Like

Great work. Was intrigued to see that the US Secret Service handles all US card fraud!


Great writeup, good work Monzo peeps!

You’ve made the news!


@tom was also speaking about this on BBC Radio 4 this morning. (Skip to 34:20)


very impressive.

1 Like

Good to see such a proactive response from a challenger bank, and clearly no other bank had reported any problems to Ticketmaster… Perhaps it’s because big banks budget for fraud rather than seek to tackle it head on as we would expect. They have all the transaction data but do they have the staff and appetite to do anything with it. Appetite being a word I have heard used to describe remaining within budgets.

I wonder how many other data breaches like this have been ignored inspite of a clear denominating factor. How many millions of pounds, billions even, could have remained out of fraudsters pockets.

I’m really pleased to hear such a positive approach and long may this continue, and lead others!

Awesome work guys and thank you very much for looking out for us, you’ve got above and beyond.

I’m now looking at how I can switch everything to Monzo!

1 Like

WOW, very impressive and open response. Fantastic!

1 Like

US Secret Service (who are responsible for credit card fraud in the US)

What, all of it? Can’t something be done about that?

Or, perhaps, you might want to rephrase that slightly :smile:


It’s great seeing monzo being proactive but I think the problem most banks have is there systems are so old and creaking from bits that get tacked on here and there instead of rewriting huge chucks of code so Monzo has the edge if they started from scratch.

So I don’t see the old banks improving anything. Just keep showing people what Monzo offers and leave the old banks to keep creaking until something gives!

1 Like

So lovely to get a tiny peek behind the process involved with identifying fraud and Monzo’s proactive approach when helping customers safeguard their money. Really proud to be a Monzo user :raised_hands:t3:



I’m curious, who’s gonna be paying for that? Are those just the risks of doing business for any bank, or can Monzo (and other banks affected by this) hold Ticketmaster liable for the breach?


Fantastic. Curious how often this occurs with legacy banks, if at all.
Is Monzo unique in its approach to analysis and talking to vendors or is it just unique in its transparency?

I also want to know about the repercussions for Ticketmaster since they didn’t announce or confirm sooner. Why don’t they explain how they missed what Monzo caught? :upside_down_face:

As soon as we discovered the malicious software, we disabled the Inbenta product across all Ticketmaster websites.

Not soon enough, I guess. Also no mention of Monzo in this post.


Some mad /r/IWasWrongAllAlong material

The blog post mentions Ticketmaster saying no other bank has reported any breach to them, so either TM is lying, or (more probably) the legacy bank’s fraud detection systems didn’t see anything unusual (or at the very least, weren’t advanced enough to pinpoint the breach to this specific merchant).

1 Like

Surely they picked up on the fraud, stopped any further transactions and then just didn’t look into it any further? I would be surprised if banks went to this level on investigation for every single time card details leak, no?


We have a huge benefit in that our customers notice fraud very quickly due to the real time nature of our notifications. We have been working closely with other banks and many of the other UK banks did also start to corroborate what we had seen. By the end of May most of the large banks had identified Ticketmaster as a potentially breached merchant. It’s probably fair to say that our modern technology stack allows us to spot and react to things more rapidly then some of the other banks but as an industry we have a lot of collaboration and we work together to help keep our customers’ money safe.


Any chance of some info on how my card got ‘cloned’ circa 36 hours ago??