I don’t follow see that as better.
The current model works well.
I even disable fingerprint to open the app, as fingerprint to unlock the phone is enough.
Nothing consequential can be done without needing the card PIN, and I think my current balance is enough to scare off any thief.
4 Likes
How is someone meant to break into your bank if your phone is offline?
But you’re advocating for old challenge and response devices… There’s basically no such thing as trust no one. It it technically exists as a theory but is extremely hard and costly to implement, and you’d never see it because it would cost you to much to implement. a challenge and response device that you want would not be part of a trust no one setup.
A pin sentry device can be hacked, and a card cloned. pin sentry devices are all the same as well, so they actually don’t need yours or to hack one. they can just pick one up from any bank. It doesn’t even need to be your bank.
I’m failing to see what your concern is ill be honest. It just sounds like your looking for a reason to have a pin sentry device.
Your current concern of your phone being stolen and somehow used offline or hacked are in all honestly unlikely fantasy. What problem do you have that you’re trying to solve? What security concern do you actually have? Who are you trying to protect your business from? So far you haven’t provided any reason the current security isnt sufficient.
1 Like
I see the conflation of security and privacy is still bubbling away as an unreasonable discussion.
2 Likes
Safest thing to do then is to just live underground forever.
If a state actor wants to hack your phone then even a PIN Sentry’s not going to help you 
5 Likes
If Monzo ever did this, I’d leave in a heartbeat. It’s 2019 not 1999, we definitely don’t need pin sentry anymore or anything remotely like this
7 Likes
My concern is that entire security model relies on a single device which is my smartphone.
I didn’t say PIN Sentry is a solution for all security problems. Just provided it as an example how multiple authentication factors can be separated from each another.
Even if your unlocked phone was stolen with the Monzo app open and unlocked. What could someone do?
See your balance?
That doesn’t necessarily make it more secure.
It does not.
It relies on your device, your face (example), your location, transaction trends, centralised managed security (your google/icloud account), and your pin.
What do you think someone could do if they stole your phone from you?
1 Like
People lose money by scams and phishing. Doesn’t matter if that’s fintech or legacy.
Your phone isn’t being hacked, this isn’t the Bourne Identity.
Fingerprint/face locks your phone. If it’s stolen then they aren’t getting in. Even if you left it unlocked they can’t transfer money or anything without your pin/thumb/face.
If you’re worried about them slicing your thumb off then I would say you shouldn’t use app based banking.
As mentioned way above the pin sentry and card readers are all just theatre. Complete nonsense.
4 Likes
The whole PINSentry thing came up before of course
Shame, great film
Then what are you doing with a smartphone–only bank account? In fact, what are you even doing owning a smartphone?
Look at all the cyber security experts waiting to welcome you to your new bank account.
4 Likes
I don’t have anything to add on the security front, but crikey this is a scene and a half…
3 Likes
I want to be served by a human nutcracker when I show up at Monzo’s next open evening 
1 Like
I can’t stop staring.
But to be fair, they would be dashing in hot coral…
2 Likes
Here you go. Here’s an intercepted and hacked PIN sentry device. Yes it is possible. Good luck,.
If you enable PIN security in Monzo then you have 2FA - fingerprint to access your phone, PIN to access your bank account. Something you know plus something you are.
3 Likes
A choice of second factor would be nice, though a luxury.
Maybe something like this
Far less expensive for the (ahem) security-conscious is just to have a second phone that you leave switched off and in a drawer till you need it.
Then wander round with a banking app on your main phone that has no more than a week’s money in it. Simples
Then we can all sing a certain Alanis Morissette number when you are conned into giving away your life savings by a phishing scam…
1 Like
Just because it’s done on a single device doesn’t mean it isn’t 2FA. For example if I want to login to my Instagram account, I need to put in my username and password then go to the Google Authenticator app to generate a code.
Similarly to login to the Monzo app you need your email address, access to your registered email account to grab the magic link (there’s no reason why the email account has to be synced to the phone by the way, sending the link address from a computer exists), and then you also need your card’s pin number. That’s definitely 2FA - knowledge + possession.
You can set up a pin lock for the app too if you need it. There’s talk in another thread about linking that to the card’s pin but a pin’s a pin at the end of the day. Further to all of that, if you want to transfer any money you’ll need to authenticate either biometrically or with a pin too.
I think in this thread the community have made it pretty clear that they don’t want this to happen. Monzo have also previously addressed this topic saying it’s not going to happen so I guess that’s that then 
They could go in, change one of the referneces for a payment (which required no pin) and next month you’d be paying their credit card bill (or whatever) instead of your own.
Security a bit of a worry for me too. Seems pretty fundamental and very basic to at least have put the pin in to the app when you open it.