The point people are making though, is there is no massive hole!
Which massive hole is that then?
Security shouldn’t be a compromise, it should be created on the assumption that some people are idiots most of the time, and most people are idiots some of the time, and everyone has lapses in concentration.
A phone pin number (that you nonchanantly enter what 20,30,100 times a day in all sorts of places, the park, the train, a lift, in line at Subway) does not have the same level of security as a bank/card pin when you are really conscious of what you’re doing when you’re entering it, and where you are, and who can see you. If you’re relying on that phone pin for the security of your bank. That’s a problem.
Ok. You’re concerned about privacy, not security - just to clarify.
I’ve found the massive hole. It’s in your argument.
No it’s security, because the person next to you on the train who’s just seen you type in your phone pin as you check the news, now knows the pin to get into your bank.
It’s really really not that difficult, and if you can’t see it, then it needs to be changed for your benefit more than anyone elses.
So, they’ve seen your PIN, what will they do next? Steal your phone?
What is the actual risk?
So what you want are additional ways and means to get into your banking app that don’t rely on your phone PIN, and securely make financially sensitive decisions (payments, etc) without having to worry about your phone PIN being breached to do so?
So, enabling biometric security in the app, and using your bank PIN code to verify transactions and payments would cover that issue?
That’s your phone pin. Is it the same as your card pin?
That would be very silly. And poor security on the part of the user.
That’s why my phone code is 1234 and my card 4321
It would, but as has been pointed out, changes can be made to payees without the monzo pin.
Look guys, it’s Saturday, I’d love to stay all day and tell you how wrong you are but I have stuff to do. Enjoy. Xx
Yeah, but your phone code is now effectively your BANK code because it can be used to make changes within the app,without you needing to put in the actual bank code.
I don’t think I can explain it any more.
Might be Saturday but I’m bored at work. Dance for us, jester.
Edit: we can haunt this locked thread like poltergeists, @BritishLibrary
Well we’ve solved it. You can use your phone pin to get access to the app. But your card pin is used for changes and moving money around.
There’s your issue.
Ok people. All sorted.
What about the example of someone taking your phone, changing payee details, deleting the old ones and then returning the phone without you noticing?
Sounds like a movie script. I’m in.
But not if you have security turned on to get into Monzo already - which is possible, and entirely prevents this scenario you are concerned about.
To play it out:
- On the tube, someone sees me enter my pin [would be solved with being discreet, or using biometric, but ok]
- Person then has to steal my phone.
- Person then finds my Monzo app.
- Person gets in because I don’t have Biometric on the app
- Person goes into my contacts area
- Person finds a payee - finding one that I pay regularly enough that they are a frequent contact, but not regularly enough that I don’t know who they bank with.
- Person then changes they payee details to their own
- Person then closes the app, and, somehow, gets my phone back to me.
- Person then, somehow, gets me to make a payment to my frequent payee but under the fake bank account details (??)
- I don’t check that the account details are accurate before I enter my card pin / biometric.
Literally this whole scenario, as unlikely as it is, is solved by having PIN or Biometric access to the Monzo app.
Also, continues to tell everyone how wrong we are…
Edit: @Rat_au_van what am I supposed to do with my Saturday now you’ve locked the thread :’(
Edit 2: Interesting, you can edit a post once a thread has been locked!
Edit 3: Any book recommendations anyone?
Edit 4: @hdwrng This is far better than cleaning the house like I’m supposed to be doing.
I’m going to close this now because we are going round and round in circles and there are numerous other threads which have had rebuttals for these arguments before
Edit: You could read a book