Stop offering Faceid authorisation for payment

Okay. So they’ve unlocked my phone. They’ll need to then flash my face again to unlock Monzo, then add their bank details and then flash my face again to transfer.

Bear in mind Apple Face ID won’t work with eyes closed if configured in the correct way. So they’d have to open my eyelids, point my eyes at my phone, all while not obstructing my face with whatever they use to do this … THREE TIMES.

Or. They could get my PIN number once, by shoulder surfing, or holding me at knife point & gain access to it all?

I dunno. I’m pretty sure Face ID is safer.

Bear in mind you can be fully locked out your Apple ID with just your passcode…… but not your face.

2 Likes

I wouldn’t want to face a trained assassin armed with a banana.

2 Likes

I would :smirk:

2 Likes

How about an assassin armed with a swan?

1 Like

If the assassin can handle a swan without being injured, I’d do whatever. Absolutely no chance you mess with someone can then handle a beast like that.

2 Likes

I think you’ve just made this up as a hypothetical situation. But it sounds preposterous to me and I’ve never heard of this happening. Do you have any evidence it’s ever happened or is an issue in reality?

3 Likes

My friend was mugged when he was travelling in Colombia (it’s really common out there). They also asked for his phone passcode, which is apparently quite a typical part of the mugging experience. Pretty hard to deny when you have a gun pointed at your head.

The first thing they do with the passcode is change or disable FaceID. What I’m not sure is if the user has changed their Face ID recently, whether Monzo would revert to the bank Pin code for the first time - I’m guessing it would.

It always reverts to the PIN code if making a transaction

My experience with that is that it forces you to authentic your banking apps again.

Your pin on Monzo is your card pin, so it can be separate to your one pin.

You can use Face ID to authentic on transactions.

1 Like

OP here. Dinosm you are accurately reflecting my concerns. All I am asking for is a way to turn off the prompt. My threat model has a higher risk from someone pointing the phone at me, than shoulder surfing my PIN - partly because I rarely make payments which require a PIN when anyone else is around. Not to mention that I can easily find quite a number of (un-verified by me) reports of criminals bypassing FaceId.

Right now a successful criminal has to use FaceId, or a different PIN, to unlock my phone, then my Monzo PIN to complete a payment. This is more different steps than if I have FaceId payment verification enabled.

But your threat model makes zero sense. If you’re in any position where someone has detained you enough to unlock your phone and transfer on Monzo using FaceID twice then you’re in trouble. They aren’t just letting you go.

You’ve concocted some scenario that doesn’t play in reality.

9 Likes

Honestly, I just want to use my PIN, not FaceId. This should be my choice. I’d like Monzo to tell me why it shouldn’t be so.

Andrew

It is your choice, that’s what the toggle is for

4 Likes

Monzo have a responsibility to make sure everyone’s account is secure, I’d assume statistically Face/Touch ID is proven to be one of the most secure options.

With everything being more digital as well, I guess PINs are considered less secure in comparison because a PIN can be figured out via brute force.

You probably find they won’t remove that screen that comes up asking you to enable it for that reason (that’s my own guess though).

It is!

What you are complaining about boils down to ‘I don’t like being given options each time, I would prefer them to be buried in settings instead’. And that’s totally fine, but lets at least be honest about it :slight_smile:

7 Likes

this is literally a non-issue!

1 Like