Various Security/Safety/Privacy questions

We’re still in the very early days of Open Banking, and frankly, I don’t see things really taking off industry-wide for a couple of years yet. That said, if all goes to plan then Open Banking should be an excellent thing for consumers; no longer will your financial data be siloed in one place - you’ll be in total control and you can bring this data to other (authorised and regulated) services and hopefully secure a better deal and save some money.

We’d like to make sure our own marketplace is somewhere that you know you’ll be able to go to and you won’t get fleeced, or have your data used against you; again, our goal is to save you money and give you total control
of your finances🙂

They certainly can! I can’t go into complete detail on how we manage our internal tools, but broadly speaking all information is encrypted and access is protected behind multiple layers of authentication. When we become aware of any security threats to macOS, we act right away to mitigate these risks. It’s worth bearing in mind that access to sensitive information is both password protected (with two factor authentication I should add) and behind a VPN; we don’t store any customer data or sensitive information locally. In fact, the only file I have locally stored on my MacBook Pro right now is an image I’ve used to set my wallpaper (which I’ve now promptly deleted because minimalism ).

Remember, our core banking platform doesn’t run on the Mac computers we use internally, it runs on AWS. In the unlikely event that one of our Mac machines were compromised, they’re set up in a way to effectively make it near-impossible for someone to gain access to any sensitive information, and access can be revoked from a specific machine at any time because of the way we provision them.

@GalaxyMergirl There’s no lack of love for Android at Monzo, believe me! Feature wise, it’s really more just a case of us having been iOS-only at first, and needing to play catch up with a fully built iOS app. We’re coming really close to feature-parity and as you’ve rightly said, Android does often get things first nowadays! I think once we’ve closed down the prepaid programme you’ll be pleasantly surprised at the progress we’re able to make

I know quite a lot of Android developers that themselves use Mac to develop - in terms of being productive nothing beats that. Monzo uses Macs more for the efficiency of it than any kind of platform-favoritism.

In fact, the only file I have locally stored on my MacBook Pro right now is an image I’ve used to set my wallpaper (which I’ve now promptly deleted because minimalism ).

Glad to see I’m the only one to do this.

Hey, I have Android Pay, I’m happy I don’t really need any of the other stuff. A basic account with Android Pay and a hot coral card. Nice notifications, and excellent customer service, too

Hey, I’m pretty platform-agnostic. At work I’m the ‘Mac person’, but I’m no Apple fan. I didn’t mean to imply anything cynical, only that if you do have an Apple-centric environment, it’s only natural to play with things on Apple first. We have the opposite issue.

Is that actually true? It’s been a while, but with the last (and to my knowledge only) offline transaction I experienced, I did not get a notification. Can someone confirm if that was just a bug?

I received a case of unmatched presentment, which I’d expect to behave similarly, and got a notification. I have not, however, had an offline authorisation. If these really don’t notify when presented, that would seem a glaring omission in the notifications. Did you report it?

No, I didn’t report it. I did (for whatever weird coincidence) have offline transactions on both my starling and monzo cards around the same time. I did contact starling and they told me they didn’t notify on offline transactions (which I thought was weird as its sort of the only case where I’d like the notification), and just assumed monzo did the same.

I’m sure you’d get something come through in the feed when the presentment comes through. @HughWells would you be able to confirm?

Edit: specifically I actually meant a notification for a debit in the feed

I sure got it in the feed, of course. But that is no different from any other bank where I see it in the statement. My question was about notification.

Ah that’s what I meant. I’ll try to be clearer next time

Hi
Please let me know if you can answer 3 more questions I have on:
App and Mobile Security
Data Use Policy
Pricing marketplace
I have added them to my original question to try to avoid making this whole forum post too long, however I am not sure if you saw them

Thanks

Tom

Wouldn’t it have been easier to just post the extra questions in your post above and not in your first post? Your first post is a long wall of text. Just post your additional questions below and people will see them.

To be honest, I didn’t even bother scrolling up.

I have added it at the bottom, this is the issue I think with forums it’s hard to get information from lots of replies, I want my question to be a community wiki, ideally this whole forum would be more of a stackexchange clone.

@Chapuys @ianlyon

Would like further info on following. A single wiki with all of the security/privacy queries and answers would be good. Still not sure about Monzo vs just using a payment app.
The answers on this link about chat verification security don’t fill me with loads of confidence, but then I need to do more research.

Newer Questions

@ianlyon: Whilst we couldn’t control the pricing decisions of third-party companies, when it comes to our planned Marketplace, we’d like to make sure that everyone on there is of an acceptably high standard and doesn’t charge rates that are over the odds; ultimately we’d like to save you money using the opportunities that Open Banking provides, so it’s not in our interests to promote companies on our own Marketplace that would do the opposite.

App and Mobile Security
How are you securing mobile phones and the app? Given android fragmentation, given for example lack of updates on older phones, not everyone will upgrade to the latest model?

Data Use Policy
How is my data from the app used?
How is it anonymised?
How will it be secured once someone closes their Monzo account?
I appreciate I think laws state you need to keep records, even with the data protection laws, it is more giving users control over their data, rather than it floating around online.

Redrafted
Can I export it when I close my Monzo accounts and will it be deleted soon after as per the protection laws, or will the data still exist as you use it to adjust, update your systems ect?

it will NOT be deleted SOON after, they are required by LAW to retain it for YEARS.

Here, thanks to SimonB, is the low down on this:

Financial law and regulation mandates that we must store your data for 5-6 years after closing your account.

For PII (personally identifiable information), this is 5 years.

The legislation that underpins this is the EU 4th Anti-Money Laundering Directive enacted on 25th June 2015, which member states (of which the UK is still one) had to be compliant with by 26th June 2017 (http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:JOL_2015_141_R_0003&from=ES)

The UK implementation of this was the The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (http://www.legislation.gov.uk/uksi/2017/692/contents/made). This updates & expands the The Money Laundering Regulations 2007 (http://www.legislation.gov.uk/uksi/2007/2157/regulation/19/made)

For all other information relating to you it’s 6 years to reflect the Limitation Act (https://www.legislation.gov.uk/ukpga/1980/58) (i.e. how long you could bring a claim against us for breach of contract) or raise a Financial Ombudsman Service complaint.(https://www.handbook.fca.org.uk/handbook/DISP/INTRO/?view=chapter).

Yeah, fair enough, I forgot about that.
Monzo is still to an extend a tech start up not a big business??
To be honest, I am not sure if you should worry about random websites but then Monzo is a bank.
Just would like to use Monzo for budgeting but maybe the product still being worked out…??

Sorry I should have drafted that question better.

Hey

Just to let you know I’ve seen this, but I have a super busy day today so I’ll do my best to get back to you with more detail when I have some spare time

In the meantime, you might find that one of the team or one of our ever knowledgable community members will jump in with more detail

Take as long as you need, I appreciate start ups sound a bit busy!

You seem to be coming from the assumption that established banks do banking well. That viewpoint is certainly… contentious.

I did get a push notification for an offline authorisation on easyJet last week.