I’m about to transfer £100 to top up a new card but it’s unclear by looking at the app what security is in place for my details being transferred across the wire?
Welcome to the community
I’ve just checked with James, who works in Monzo’s support team & the initial £100 deposit is a simple bank transfer into Monzo’s bank account.
Thanks for the reply @alexs. Stupid question but just checking if it was a secure communication, e.g. HTTPS? as I’m obviously passing over all my card details + 3 digital security code! Look forward to your feedback.
Monzo take security pretty seriously (to put it mildly), aside from needing customers to trust them - just like any bank - it wouldn’t be a good time to start losing user’s money, while the regulator is deciding whether to grant them a full banking license!
The recent development of Monzo.me was a great example of the care that they take with your data (& the same applies to your money) -
We wanted to build Monzo payments in the most privacy friendly way we could, whilst still making it as simple and easy to use for our customers as possible. We never send or store your full address book on our servers, instead we use the following process to check if your contacts already use Monzo:
- Your device generates a hash for each of the contacts in your address book
- Your device then uploads a portion of that hash to the Monzo servers
- The server checks if the hash matches any existing users and if it does, sends your device a slightly larger portion of the hashed contact
- Your device then matches the larger hash with its existing hash to confirm the correct contact record has been matched
- If there’s a match, we show you that contact as a Monzo contact. If there’s no match, the hash is deleted from the server and Monzo never sees any of the contact’s information.
- The server never receives any of your contacts’ phone numbers, names or any other personal details during this process. The only time we transmit their full phone number is when you actually send money to that person and this is fully encrypted in transit, stored securely as part of our banking infrastructure, and only sent once you’ve confirmed the payment using your PIN or fingerprint.
Details copied from this blog.
For card payments, I believe those are handled by Stripe, who themselves have a solid reputation for having the highest levels of modern security.
I was confident the security would be in place. It’s just with a native app it’s difficult to see whether TLS is being utilised (apposed to the browser with the green padlock and cert chain etc to be inspected).