This has been nagging at me, but when you make a payment now, face ID is offered as a better alternative to using your Monzo account PIN? At first, this seems like a good idea but has some security concerns. If you enable face ID for login and payments you’re only as secure as your phone’s passcode. However, with pin entry on payments enabled, you have a second factor. I noticed my wife had this enabled the other day and why wouldn’t you there’s no warning in the UI so people will just do it without thinking. The WallStreet Journal has been reporting on people shoulder surfing to steal phone passcodes A Basic iPhone Feature Helps Criminals Steal Your Entire Digital Life - WSJ with Monzo directly pushing the face ID feature your helping to make your customers account less secure, some one gets the phone passcode and they can empty your bank account.
Your device pin and your Monzo pin (should) be different.
If someone is watching you, they need to watch for both. If FaceID is on for both then they’ll never see you enter either of them.
FaceID is more secure purely because someone else cannot watch your enter it and copy your face.
Exactly this. So no “emptying of accounts” could happen because it would need authorising.
This is true up to the point when someone has your passcode and then it’s a free for all. Also it’s still 2 factors vs one factor. So it seems like 2 factor is always more secure
So pleased we have this discussion again! 
If you give someone your pin then nothing else matters does it?
If there’s such paranoia about people seeing your pins and security, get yourself a Nokia 3210 and hide from everyone.
Ah ok if the payment fallback is PIN that’s much better. Almost like you’ve thought this through 
The number of hours I hid from everyone on my 3210 playing Snake.
I absolutely love FaceID because it provides pretty much no usability barrier at all. Just a quick blue circle and a tick. I’d use it for my front door if I could
This is something we’ve discussed a lot internally so I thought I’d clarify a few points.
When you enable authenticating with biometrics (e.g. for making payments, as opposed to the App Lock feature):
- We don’t allow falling back to the device passcode, so we’re not relying on the security of your device’s passcode as a factor. If biometrics fail for any reason, we fall back to your Monzo PIN instead.
- We require the registered biometrics (registered fingers or faces) to have not changed since the setting was enabled, to ensure that no one else has been added to the device in the interim.
The reason we’re encouraging customers to enable biometrics like Face ID is that it helps protect against shoulder surfing where someone may see you type in your Monzo PIN in public (a real risk as illustrated by the Wall Street Journal article linked above), as well as being quicker and more convenient.
Thanks for clarifying!
I found this section particularly reassuring.
All the more reason to go for an 8 digit passcode on your device rather than the typical 4
My phone was snatched in london streets and was protected by biometric face recognition, 100% the scemmers dint see any passcode by shoulder surfing , just snatched and transferred money from monzo bank ! I am sure the scammers can bypass the face recognition feature somehow,! In a terrible situation right now, devastated!
The only way is to use your Monzo card PIN which they absolutely must have had. Was it stored on the phone somewhere?
No I dont store the pin ! It might be video recording of my face on their device whie engaging me in a convo!
You’re going to need a much better lie than that.
Theres 100s of cases happening in london and if you find the video where the gang leader is interviewing , he says they just want to snatch an unlocked phone thats it!
There are zero cases of what you are describing, because it’s impossible.
So was it snatched or were you interviewed?
Someone can only take money from your account with your device if they have your PIN. Your phone pin and Monzo pin should be different, if they aren’t, they could have seen you enter it, but you’re sure that didn’t happen, but think it’s more likely they got a face recording and used that?
If they phone didn’t lock itself then they had your Monzo pin. No other way.
Monzo will know exactly how the payments were authorised btw.
How you so sure about this? Are you conducting it or researching on it ?
Thousands of phone being randomly snatched from street without knowing the passcodes and somehow the they are opening they phones, can be so bypass method!