Think I will leave this thread alone for a bit as no one is going to end up happy
Off to read about network monitoring again because at least Monzo blogs have taught me enough about that over the weekend to get it working myself 
3 Likes
In this case, Monzo. Their mistake in the first place and they haven’t forced changes, just suggested.
Good question. I remember it being a thing from my younger years but it would seem odd in the modern climate. I’ve only accepted it’s still around because someone said it was and despite several people on this thread seemingly working in banking no one has yet said that it’s not! Hopefully it’s not!
Personally I think PINs should be hashed and reminders not available, only resets. Any process that exposes the PIN by say SMS seems pretty vulnerable.
Did I miss something?
4 Likes
[flaming bin fire.gif]
2 Likes
I think you missed the point of my post completely, there is no argument about it being prudent to change the pin; my point was and still is that not everyone can get to a cash machine instantly, so to say the customer is negligent because they haven’t changed the pin is ridiculous. Further to your point, irrespective of monzo’s (badly delivered) warning, if my account was cleared out tomorrow I would not be negligent because I hadn’t changed the pin. In fact neither would I be negligent if I didn’t change it at all. Remiss or stupid or even stubborn perhaps, but not negligent.
Not sure on the Boeing relevance, when did they log PINs? I’m not saying all mistakes - I’m saying the most obvious ones such as this.
When working with Passwords/PINs, it is the most basic thing to check for. This is why I find it slightly concerning - a simple check did not happen and by multiple people. This is quite simply down to inexperience, something you don’t really want with your bank!
You seemed to suggest that problems with software would be picked up by those at larger (or rather not small) companies. If you did not mean what I thought you meant then we move on
They missed something rather more important that letting a developer see a jumble of PINs and they are huge with layers and layers of (dubious) process
If you are still talking about Boeing, what they missed was more important - yes! but much much more difficult to spot. What happened here with Monzo is about as easy to spot as you can get, so the only conclusion you can take is that no one checked.
Considering they are asking us to change our PINs, as a company they are obviously aware that this isn’t something they should be doing - but they still had 0 checks in place to make sure they weren’t. It was discovered by accident when looking at something else. Makes you wonder what else they are doing but aren’t aware of.
When has anyone suggested that a customer is or is not negligent. Ultimately it’s for you to decide if you trust the bank, if you don’t, find another.
Personally I prefer my bank to be open, upfront and honest. Which lets face it, most banks are not.
As for those who seem to preach that mistakes don’t happen in other banks, I can tell you they do and plenty in the big banks. I know from people who have worked as developers and from personal experience.
For example NatWest broke my rewards account and it took them 3 months to fix it. And all they said was it’s a known issue that sometimes affects customer and it will get fixed at some point.
This whole thread has become very circular and somewhat toxic.
3 Likes
Rat_Au_Van wrote "If you’ve been told your PIN has potentially been compromised and you decide not to change it then I’d call that negligent"
That is what I was responding to.
Yes that remark was somewhat toxic I agree.
You’re determined to get me to reply aren’t you? 
Yes that’s my opinion. It’s not one monzo share
How is that toxic?
1 Like
To be honest… I take my hat off to Monzo for even admitting this. A lot of companies would cover it up. If its judy a list of pins but nothing to tie it to me… why even bother telling me? I got the email but doubt I will change the pin because of this
1 Like
Honestly, I appreciate everyone in this thread being super security conscious, but I trust Monzo way more than some other banks. Here in the US, we just have this kind of thing happen routinely:
That’s way more customers, a way bigger area of attack, more damage, etc. Monzo at least started out as an app development team married with a financial team. The odds of having a similar scale leak are way lower than a traditional bank that added online baking after the fact.
4 Likes
I won’t be changing my PIN as I have not breached Monzo’s terms and conditions as I have not disclosed it. The fault is with Monzo and any potential loss (which I doubt there would be any) makes Monzo liable. If Monzo felt it definitely required a change, they would have forced one.
8 Likes
I was thinking about why they hadn’t forced a PIN change. I wonder if it’s a commercial reason though - forcing a PIN change will highlight it to all affected customers, I’m sure they hope most people don’t notice the incident and don’t lose their trust.
1 Like
It is a distinct difference in importance to me.
In my opinion, forcing a change implies there is a definite risk that accounts could be highjacked and you must change it. Requesting just means there isn’t a risk but want people to decide what they feel they are comfortable with. As Monzo can’t say that, they are blanket asking but not requiring.
4 Likes
So you’re not changing your pin on a point of principle - and on the basis that you’ll not be liable?
In the event that, hypothetically, your account were to be cleaned out or you were to be severely inconvenienced, would you expect immediate reimbursement?
A pin change just seems the logical thing to go for me ( irritating though that is).
1 Like
I’m abroad and cannot change my PIN. I’m not even sure when I’ll be back to the UK.
The ATMs here don’t seem to support PIN changes for UK cards.