Security - it doesn't 'feel' secure

indeed others have commented on the nature and feel of this community such as Throwingspoon:

Hereā€™s just the latest example where you complained about PIN protection, even though it wasnā€™t relevant to the thread and no other users had commented on it:

Thereā€™s also no indication there that you realise Monzo are going to add the feature. This is not the only time itā€™s happened. Iā€™m just trying to point out that it doesnā€™t help the discussion and this forum is best when weā€™re all adding different viewpoints and evolving the discussion.

They have said they are adding fingerprint protectionā€¦nothing about PIN or password

Iā€™m more interested in seeing examples of it, rather than other people making this accusation.

Iā€™m not saying that it doesnā€™t happen. It sometimes does, and I have defended people in that position in the past. But it is very, very few discussions where someone gets jumped on.

Fair enough, itā€™s just what Iā€™m used to with all the banks Iā€™ve used- I have a token which I have to input OTP/ password+OTP/ pin + OTP sent to phone. Iā€™d rather safeguard transactions Iā€™m making, like youā€™d expect to key in your card details and CSV each time you make an order rather than keying it in once and being able to pay every time without any sort of protection.

As has been discussed, there are security implications around PIN and password recovery. Iā€™m not saying itā€™s the right or wrong decision, but itā€™s not an arbitrary one, and itā€™s not necessarily final. If thereā€™s more that can be added to the discussion around app security then thatā€™s great. But dropping in a gripe about it at every opportunity doesnā€™t help that discussion.

agree when users add their viewpoint. However in far too many cases users donā€™t just add their viewpoint but also stamp in other views.

recently a new user posted in this community and rather than give them some leeway for posting a thread similar to seen before multiple users weighed in to critisise them for reopening a topic, not browsing with the search function (though they may not have used Discourse before), posting a string of half a dozen previous examples to really rub it in. Not one said welcome to the community, here is a new user guide you can do, etc. They probably made them feel so unwelcome they will not come back, and the thread would not look good to others. In the end I had to flag it for attention.

If people stick to their opinions rather than row with others, and make allowances that some of us may not be so technically minded or may have mental health issues or visual impairment and hence can not always be expected to be on a par with many of you more regular users, the community could be more forgiving and a warmer more welcoming experience

2 Likes

If they have found this community somehow and can use Google search I think itā€™s right to point out that search before posting. When a new user join they should read community guides why should others have to point out.
There are going to 100s more joining community in future I donā€™t think welcoming everyone and making them feel at home will work.

Itā€™d be interesting to know if there were any telemetry stats on how many users enabled Touch ID security for opening the app. The community requested it, but how many use it?

1 Like

Maybe there could be a Monzo stats pageā€¦?

@naji :wink:

When a new user joins it is NOT obvious where any community guide or rules are.

While it may be right to point out the search function this can be done in a friendly welcoming way but it recently seems to be told to new users in a tone of annoyance and irritation.

There was some annoyance and irritation when we started getting 4/5 new threads on ā€œcan I keep my prepaid card?ā€ - then we created an FAQ and linked to it.

Iā€™m not sure there is any particular annoyance? Generally what happens is someone will post ā€œMaybe you should take a look at this: {{link}}ā€ and it will get merged by a mod.

3 Likes

that was one of the examples I thought of. Agree referal to existing threads is best way (with referal to Mods to merge threads as best they do it before the new thread gets too long)

1 Like

Bring back @AlexS
ā€¦

4 Likes

he was like a Time Lord and merging a thread as the user hit the enter key

3 Likes

I would try to do thatā€¦but Iā€™m not a leader :stuck_out_tongue:

3 Likes

In some ways youā€™re right, if you were to consider the forum as the beginning and end of the community experience :slightly_smiling_face: The forum isnā€™t everyoneā€™s preferred medium for connecting with both the Monzo team and other Monzo customers. Weā€™re looking to build on the incredible foundations weā€™ve established here to reach as many of our customers as possible through things like in person events, social media and user testing sessions.

Itā€™s important that the wider Monzo community feel connected and listened to, however they feel most comfortable.

In my eyes, the service we provide and community activity should be a single offering - continued feedback and input from our customers plays a huge part in building something of real value. Aside from this, itā€™s also a lot of fun :slightly_smiling_face: Weā€™re working on bringing the community experience closer to the app experience so that thousands more of our customers can enjoy the best that the Monzo community has to offer!!

5 Likes

I can can see what @Naji meansā€¦ I saw this on my CA feed yesterday.

There have been lots of posts in the past about lack of security on the Android app.
This time I was genuinely worried about how easy it was to reset my current account pin.

When using the in build chat advice, the only security question I was asked was my date of birth, which I donā€™t feel was a secure form of authentication. Especially, if an intruder already has access to my smartphone, and they could easily deduce it from the vast quantities of data people have on their phones.

Are there any plans to increase the level of security when dealing with sensitive information when contacting customer support? I would think the minimum level of security would be some form of separate password that I have to enter, or partially enter contacting support.

1 Like

But this is a really terrible user experience. Another thing to set and remember, what if you forget it?

Not sure what this means? Support wonā€™t give out personal information on chat although I do agree this being persistent is a problem.

To be honest, if someone has access to your smartphone, the issues are going to be much greater than someone resetting your pin.

2 Likes