Web / Online Banking 1

and then we will ‘borrow’ it off you afterwards lol


I was away on holiday recently and smashed my phone, resulting in the inability to access my Monzo banking. The main problem was I could no longer top up, so I couldn’t use my card either.

While this was an inconvenience (I had other cards with me) it strikes me as being a potentially big problem if I move all my banking to Monzo when Current Accounts are available.

I’m thinking maybe I’ll have to get another device (a spare iPhone or iPad) and ensure I have this with my on holidays, but do Monzo have any plans to deal with this problem? A web interface perhaps?

i believe a web interface is in the pipeline


Sorry to hear about your phone! We’re looking into building a basic website which will allow people who are unable to access the app to carry out basic functions such as check their balance or reorder a card but this is still in the pipeline.

You can login to the app on one tablet, one iOS and one Android device simultaneously, so I would advise using the spare iPad in the short term if that’s an option!


Okay thanks for the quick response Naji.

Thinking back on my past experiences on holiday one functionality that would be very important in the event of losing access to my phone would be the ability to set up new payments (or change/cancel existing ones). I’ve been on holiday before where I’ve had to set up a new payment and change another (which is why I always carry a card reader with me on holiday).

P.S. off topic but I love the release notes for iOS updates, they sure beat the pants of Facebook, etc. :slight_smile:

Really good point, thanks for this @christiaanb!

haha yep I know @james has a lot of fun with those updates :slightly_smiling_face:


Will there be Monzo online banking app ??

I’ve moved your post here, where you’ll find the latest update from the Monzo team & most of the comments from other users, I hope that helps :slight_smile:

1 Like

If by that you mean a Windows 10 app for use on desktop PCs then Monzo are not planning to produce an all singing all dancing one, but potentially a basic one to do what is needed if you lose access to your phone or wish to freeze a lost card. However some users have experimented with the API and created a website interface that runs in a browser.

Could you not use blue stacks on windows and install through that as an android emulator.

I’ve just shared this story


here. But I thought it’d also be worth pointing out the comments on the story from FinTech Insider’s site -

“Anderson, a professor of security engineering at the University of Cambridge, and one of Britain’s foremost experts on cybersecurity, says he has never banked online – and has no plans to do so. He believes that system has become so weighted in favour of the banks that it is now the customers that carry all the risk” … not exactly reassuring!

Very few cybersecurity professionals I know do any online or mobile banking. The ones that do, all use a VPN and tend to avoid public wifi hotspots.

which really drive home the benefits of Monzo not providing an online banking site.

1 Like

No it doesn’t, Monzo does provide mobile banking; there’s no difference from a security perspective anyway.

1 Like

If you take a look at the earlier posts in this topic or elsewhere in the community (unfortunately I don’t have time to search for them right now), you’ll see the security benefits have been listed already.

Well until cybersecurity professionals start making such claims in the community, I’ll ignore them.

The quote you posted above was certainly talking about all banking over the internet (as you know mobile apps use the internet; indeed if you’re a ‘legacy bank’ customer it’s treated identically to internet banking in the browser - you need to sign up for internet banking, because that is what it is).

Monzo is a bank that provides only internet banking - no phones or branches. The ‘app’ distinction is not meaningful, Monzo just happens not to have a web app.

The academic you quoted certainly won’t be a Monzo user.


Type of fraud described in the article that Alex linked is not far from taking out money from ATM and giving it to a stranger (and banks are not responsible for that). Obviously, thief commits fraud, but I can’t really say that bank should be responsible. I’d like bank to DO something, try to get my money back or something, or be vigilant about any accounts that are getting large sums of money from various sources in short amount of time, but if I send money to details that someone provided, that’d be my fault.

Security expert mentioned in this article should know better how to avoid social hack, though part of his disdain can be caused by rubbish infrastructure, many weak points and totally idiotic password policies.

I’m happy accepting responsibility for my conscious actions on web app, once/if Monzo ever gets one. :slight_smile:

I was going to make the same argument you have but the more I thought about it the more I realised @alexs has a point (even if it’s not necessarily the one he was making).

A website would be far more vulnerable than an app over public WiFi because at least with an app you’ve already downloaded you know that the client-side code that chooses what API requests to make is trust-worthy. When loading a website there are far more attack vectors because the client-side code is (likely) being downloaded each time.

It’s obviously far easier to maliciously inject some rogue JavaScript into a website that makes additional API calls than it is to spoof the API calls themselves, so the client is the weak-link in the security chain.


What would be even better is a desktop app for OS X, with two-factor authentication carried out by the mobile device :slight_smile:

and a desktop app for Windows too

But over HTTPS, just as the API used by the mobile app.

1 Like

HTTPS and HPKP would eliminate all these issues (impossible for a middle man to fake the server assuming the user has connected at least once), so the only vulnerability would be if the server is compromised, at which point you’re probably a little screwed anyway. And as said, if they can break into HTTPS they could also break into the API transfers.

Web banking is a feature you’ll need eventually, but getting a working mobile app and popularity with a core niche user base is more important to do first.