SMS only banking

(Matthias Görgens) #1

I talked to some charities who work with poor people and help them with food and budgeting.

At the moment Monzo needs a smart phone to work, and not every poor person has one, yet.

I wonder whether it would be possible to give almost the whole Monzo experience via SMS and the occasionally use of a public library computer?

(Another way might be to go the way of early WhatsApp, and make sure to have a basic app that works on Java enabled feature phones, but I’m afraid that’s way too much hassle to be commercially viable at all. Even my suggestion above probably already borders on charity.)

Any thoughts?

(Hugh) #2

I’ve built several Monzo SMS hacks. Unfortunately the API is read only but you get the general idea :slight_smile:

(Matthias Görgens) #3

Read only via SMS would probably work: use the card to make purchases, get some budgeting advice and notifications via SMS. (For anything more involved and not read-only, use the library computer.)

(Hugh) #4

Yeah, I mean I’ve written code to do that :stuck_out_tongue:


Note that SMS is insecure and travels completely unencrypted, and you can’t authenticate replies from the user either as anyone can send an SMS to you while spoofing their number.

(Hugh) #6

This is one of its biggest flaws. Iirc there was a PoC for a 2FA MITM attack at a network backbone level?


Yes MITM’ing calls and texts is fairly easy. If curious i suggest searching for “P1 Security” on Slideshare they’ve done some good ones about mobile network insecurity. :+1:t2: