Want ability to set separate pin code to enter app than from the phone unlock pin code

I live in London, where getting your phone stolen is rife. I am worried if someone see’s me unlock my phone with its pin code and then swipe it from my hand then they will be able to get straight into my Monzo app and use it, as it only requires the default phone unlock verification rather than having its own separate one. I want the ability to set a custom pin (that is different to my phone unlock pin) to get into the app .

Both my Barclays and Starling apps allow this. Seems a big security risk for Monzo, and honestly makes me apprehensive about keeping my money in there.

Could we consider adding this feature?

They can’t do anything without your Monzo pin.

Are there three attempts and then a block? If not then the thief could go through numerous attempts.

Yes, they could guess from the 9999 potential combinations. Good point.

10,000 combinations - if digits can be repeated. A very minor point in the grand scheme of security though.

If you are worried about getting your phone stolen and used while it is still unlocked, giving a thief time to unbelievably guess your Monzo PIN and access your account - activate Added security in the :monzo: app (Tap: Profile Icon → Settings → Privacy & Security → Added security)
This can limit what can be withdrawn and where the phone can do it or not. In addition to a PIN or preferably biometrics.

2 Likes

Ahh I see. My phone unlock pin and my monzo pin happen to be the same, so that explains why I thought it was using my phone pin to make transactions. I will update my monzo pin to a new code at least. Regardless, I still am not a fan of thieves being able to get in and look around at all my bank stuff in the app though.

Also, I notice there is just a ‘Forgot pin’ button that you can click, which asks you to record a video of yourself. Is this verified by a human or AI? When I try and install the app and record a video of myself saying some words it is verified in about 5-10 seconds, which makes me think it is automated somehow.