Starling Feedback

Checking Starling, they do the same - store the address, no idea about asking for it as verification.

They should probably consider something like Amex’s chat blended with Monzo. Theirs is strictly live chat but there’s a separate pop-out section where they can ask for security details such as PIN’s and DOB which doesn’t stay part of the chat.

Sky also built something similar with LivePerson (I believe) called iDavid which has a similar functionality of keeping security details deprecate and out of the chat records for security.

Sky is bloody annoying. Have to close the chat screen to answer a text message with a link, enter the answer, back to chat to tell them you’ve done. Then be told you got your memorable word wrong and repeat process

Ideally I’d like to see no validation by default. If there’s a need for enhanced security, I’d like to see it handed off in as seemless a way as possible to existing security mechanisms - either biometrics (face/finger) or card PIN - to match the rest of the app.

No security theatre, please.

Yep, asking for security questions in chat is pointless.

1. It leaves them in the chat history, making them useless since someone having compromised the account (the very threat you’re trying to defend against) would have access to them.

2. it lets the advisor see them in plaintext, possibly remembering them or writing them down, which will allow them to later compromise the account should they want to.

It’s probably worth remembering that we can see most of your account information anyway - except things like PIN, full PAN and CVCs

Yeah, but there’s accountability there - every account access by an advisor is logged.

What I was referring to is if an advisor writes down the information and then attempts to compromise the account as an outside attacker without using his privileged access (and thus evade any logging).

Which is why KBA is utterly useless in the first instance: Too many people know my address, DOB, pets’ names, etc.

Here are some really good thoughts on this:

What would work better here do you think?

That’s the million dollar question…

Certainly I think that passwords - poor as they are - are better than KBA. 2FA is better than passwords…

My mother’s maiden name is usually unique per company, and usually something along the lines of KWUCL93BQP. I actually once had a customer service rep asking me “do you mind if I ask you were you come from? That name is unusual.”

Nothing - the user is already authenticated by their access token.

If the device is not trusted then something else can be used like the card - phones can talk to the card via NFC and use it to sign a “challenge” sent by Monzo in order to prove the card is physically there.

Wouldn’t work with iPhone 5, we haven’t got NFC

Or if you’d lost your card

Agree that that would be pretty good. But, sadly, a lot of people still dont have an nfc equipped phone, and the card may not always be available either.

EMV CAP with a good old “calculator” then? I know everyone hates them but that’s mainly because legacy banks ask for them for every single little thing; personally I wouldn’t mind having to use one for privileged actions like changing address or phone number.

Not sure to be honest, some talks were streamed. She just talked about where she worked previously, women in tech, how she decided to launch Starling (used her phrase “I had to do it”). She said they had hundreds of thousands of customers. And talked a little about their payment services they offer to other businesses. All in all talked for about 20-30 mins I think.
Nothing out of what the regular users of this forum wouldn’t know anyway.
Although saying that I didn’t know she was welsh and had a degree in computer programming (I think she said).

The whole theme of main speakers this year was around fintech. Had the CEO of Loot do a bit of a talk also along with Wealthify.
Interestingly loot are aiming for 1m customers by 2021 and are looking to launch overdrafts in 2019.
Monzo’s logo did come up on somones slide. Can’t remeber who’s though.

With my issue, I had to call Netflix from Fuerteventura, who took my card details from my legitimate account and then confirmed that there was a second account set up with what was described as an email address with mixed up characters. Im blaming Netflix to be honest because they should have something in place to prevent a new account being opened or at least highlight to an account holder if a card is already in use.

I’ve been using Starling for a while and was ready to go for the switch but needed to make sure I had an overdraft secured. I don’t normally use it but the wife is on maternity leave at the moment so wanted it there just in case.

They went into Bank mode and wanted me to send them 3 months worth or statements etc.

Monzo offered me one there and then and have always been helpful so have now started the switch.

Starling is too “Banky”.

Yes “Banky”

On this I have no issue sending them these statements. My finances are fine but couldn’t be bothered!

This is probably doing both Monzo and Starling a disservice, but Monzo feels to me like a tech company doing banking, Starling feels like a bank doing tech.

No value judgment should be drawn from this observation!

I think there’s some truth in this. I applied to work in a tech startup that got coverage on sites that I read like TechCrunch - I didn’t apply to work at a bank.

I can relate to folks like Tom and Jonas, because I come from a tech world. I have family members who work at Google etc, and I’ve worked with non-finance startups before.

Don’t get me wrong - we have people in our company from the world of traditional finance, and they are awesome people and it’s vitally important that we have people who know and understand that world. But I suspect that if it came down to it, most folks in the company would say “tech” rather than “bank” if they absolutely had to pick one over the other. Luckily we don’t! We get to redefine what a bank is, and that’s awesome.

Ultimately we are trying to disrupt an industry. We started from scratch with none of the principles that are considered to be part of building a “bank” because they’re pretty much all outdated.

It’s hard to execute the vision of something entirely new when you’re embroiled with legacy practices. That’s why the Spotify founders didn’t come from record labels or entertainment retail, and the Uber founders didn’t come from transport corporations.

You build the tech first. That’s the entire reason we did the prepaid Beta. It’s a relatively lightweight proof of concept to get people excited about something new. Prove that it works, prove there’s a market, and when you’ve done that, THEN you build the full product based upon everything that you’ve learned. Build your MVP and then iterate. That’s our model. Other companies operate differently, and that’s fine too