Security and Monzo


(Jake) #1

Hey there, I’ve been really enjoying the current account since my switchover a month or so ago but I’ve noticed a few issues thus far. First up, if I forget my pin or need any other sort of account level changes made to my account, I have to open a chat up with support which is always an excellent experience. However, once the conversation is complete and they have asked for the personal details of the user, the conversation is saved on the device with no way for the user to remove the chats that I can see.

This only really becomes an issue if the account holder’s phone is stolen as this allows a potential attacker to get the pin reminder using past conversations with the support team and transfer money out of the account using the app now they have the account pin number.

My suggestion is to allow deletion of the chats that you have with support, if not having them automatically delete after a set period of time if they contain security related information. Additionally, there should be a pin or fingerprint based lock on the app itself to further increase security. Of course you should have your phone require a password to unlock in the first place, but under certain circumstances (specifically for android as I am unfamiliar with iOS) the phone will not require a pass code to unlock if the screen has timed out and not been manually locked.

Other security implementations could include two-factor authentication or Google Authenticator or any other authentication systems that are popular.

I believe this feature is long overdue now we can send and spend money so easily through the app and would go a long way in making more people recognize Monzo as a good choice for alternative banking.

Apologies if these features already exist, as I am not aware of them and if they are already integrated into the app these things should be easier to see.


(Gareth) #2

Search the forum for chat security or security but in short:

  • Chat will be rebuilt with sensitive info in mind, currently a third-party system

Most 2fa’s use your phone as the authenticator, are you suggesting a usb key or code device?


(Holly Alexander) #3

I agree, my security information is right there to see if anyone takes my phone and it’d be nice to be able to delete this.


(Sufi) #4

Just a couple of threads out of 10s more here for you to read all sides of the argument;