Web / Online Banking 1

(Naji Esiri) #67

Really good point, thanks for this @christiaanb!

haha yep I know @james has a lot of fun with those updates :slightly_smiling_face:

(Ashley redwood) #68

Will there be Monzo online banking app ??

(Alex Sherwood) #69

I’ve moved your post here, where you’ll find the latest update from the Monzo team & most of the comments from other users, I hope that helps :slight_smile:


If by that you mean a Windows 10 app for use on desktop PCs then Monzo are not planning to produce an all singing all dancing one, but potentially a basic one to do what is needed if you lose access to your phone or wish to freeze a lost card. However some users have experimented with the API and created a website interface that runs in a browser.


Could you not use blue stacks on windows and install through that as an android emulator.

(Alex Sherwood) #72

I’ve just shared this story

here. But I thought it’d also be worth pointing out the comments on the story from FinTech Insider’s site -

“Anderson, a professor of security engineering at the University of Cambridge, and one of Britain’s foremost experts on cybersecurity, says he has never banked online – and has no plans to do so. He believes that system has become so weighted in favour of the banks that it is now the customers that carry all the risk” … not exactly reassuring!

Very few cybersecurity professionals I know do any online or mobile banking. The ones that do, all use a VPN and tend to avoid public wifi hotspots.

which really drive home the benefits of Monzo not providing an online banking site.

(Oliver Ford) #73

No it doesn’t, Monzo does provide mobile banking; there’s no difference from a security perspective anyway.

(Alex Sherwood) #74

If you take a look at the earlier posts in this topic or elsewhere in the community (unfortunately I don’t have time to search for them right now), you’ll see the security benefits have been listed already.

(Oliver Ford) #75

Well until cybersecurity professionals start making such claims in the community, I’ll ignore them.

The quote you posted above was certainly talking about all banking over the internet (as you know mobile apps use the internet; indeed if you’re a ‘legacy bank’ customer it’s treated identically to internet banking in the browser - you need to sign up for internet banking, because that is what it is).

Monzo is a bank that provides only internet banking - no phones or branches. The ‘app’ distinction is not meaningful, Monzo just happens not to have a web app.

The academic you quoted certainly won’t be a Monzo user.

(Marta) #76

Type of fraud described in the article that Alex linked is not far from taking out money from ATM and giving it to a stranger (and banks are not responsible for that). Obviously, thief commits fraud, but I can’t really say that bank should be responsible. I’d like bank to DO something, try to get my money back or something, or be vigilant about any accounts that are getting large sums of money from various sources in short amount of time, but if I send money to details that someone provided, that’d be my fault.

Security expert mentioned in this article should know better how to avoid social hack, though part of his disdain can be caused by rubbish infrastructure, many weak points and totally idiotic password policies.

I’m happy accepting responsibility for my conscious actions on web app, once/if Monzo ever gets one. :slight_smile:

(Tommy Long) #77

I was going to make the same argument you have but the more I thought about it the more I realised @alexs has a point (even if it’s not necessarily the one he was making).

A website would be far more vulnerable than an app over public WiFi because at least with an app you’ve already downloaded you know that the client-side code that chooses what API requests to make is trust-worthy. When loading a website there are far more attack vectors because the client-side code is (likely) being downloaded each time.

It’s obviously far easier to maliciously inject some rogue JavaScript into a website that makes additional API calls than it is to spoof the API calls themselves, so the client is the weak-link in the security chain.

(Zain Jetha) #78

What would be even better is a desktop app for OS X, with two-factor authentication carried out by the mobile device :slight_smile:


and a desktop app for Windows too

(Oliver Ford) #80

But over HTTPS, just as the API used by the mobile app.


HTTPS and HPKP would eliminate all these issues (impossible for a middle man to fake the server assuming the user has connected at least once), so the only vulnerability would be if the server is compromised, at which point you’re probably a little screwed anyway. And as said, if they can break into HTTPS they could also break into the API transfers.

Web banking is a feature you’ll need eventually, but getting a working mobile app and popularity with a core niche user base is more important to do first.

(Tommy Long) #82

It is more vulnerable than an app, simply because it has more attack vectors. Browsers have plugins, browsers have bugs, there’s the risk of fake URLs, etc., etc.

I’m not saying any of this is a compelling argument to not have a web UI, obviously the benefits outweigh the risks a thousand times over.

(Spencer Luxford) #83

I’m just wondering if there has been any mention of desktop access to current and future Monzo accounts?
I understand Monzo want to be mobile first, but lets face it, there are plenty of time and use case scenarios where logging into an account on a computer is both convenient and necessary! For example, if the battery on your device dies or you lose it, you can just log into the web site and still bank. Or downloading statements etc?
Anyway, just thought I would ask as I don’t use the forum as often as I would like and have never seen this mentioned.

(Alex Sherwood) #84

I’ve moved your post here, as there’s been some discussion about this feature earlier in this topic. I hope that helps :slight_smile:

(Spencer Luxford) #85

Haha, yeah no worries! Just noticed. Thanks for letting me know. :+1:

(Tom Urwin) #86

I know there have been talks before… but again now that I have the current account, I have to say before moving my life to Monzo there needs to be some web access. If I’m stuck in Timbuktu with no money and my battery dies, I need to be able to to get to my account.