I use Android and have converted my account into a full bank account. Much to my surprise, I noticed that entering the 4-digit card pin is all that’s required in order to make a wire transfer to another account.
Is this secure enough? I am not convinced and won’t use Monzo ad my main bank account till this changes (and joint accounts are added). I appreciate that, as long as there is no access via a website, no one can try to set up a fake website to intercept passwords etc, but, still, I don’t feel comfortable knowing that a 4-digit code is all that is needed to authorise payments from my account.
You might say that you also need access to the phone, but that’s weak security; e.g. many people use a pattern to unlock their phones; hold the phone at a specific angle, look at the smudges left on the screen, and that will give you a good idea of what the pattern was!