Monzo asks customers to change PINs after storage bug discovered

Monzo is asking up to half a million customers to change their PINs after discovering a bug that rendered them accessible to engineer's working on the bank's systems.

  7 5 comments

Monzo asks customers to change PINs after storage bug discovered

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

The security oversight saw customer PINs inadvertently stored in two distinct files in the company's architecture, one of which was open to engineer's as part of their job.

The challenger has spent the weekend deleting the files that were stored incorrectly and releasing updates to the Monzo app.

"No one outside Monzo had access to these PINs," says the bank. "We’ve checked all the accounts that have been affected by this bug thoroughly, and confirmed the information hasn’t been used to commit fraud.

"Just in case, we’ve messaged everyone that’s been affected to let them know they should change their PIN by going to a cash machine."

The issue affected a fifth of the bank's 2.5 million customers.

Sponsored [Webinar] The ISO 20022 for CBPR+ deadline is looming: Are financial organisations prepared?

Related Company

Comments: (5)

Alexander Mostowfi

Alexander Mostowfi Innovation Advisor Leader- Financial Services at Oracle Corporation

Assuming I read this correctly, this means 1/5 of Monzo's 2.5M customers now need to change their card pin via a visit to a cash machine, more importantly if those customers used the same pin on multiple cards (as many customers do for convenience) they will need to change their other bank card pins too. 

Craig Lawrance

Craig Lawrance Sales Exec at Starkspur Ltd

absolutely shocking!  Are these guys a Bank or are they just playing at banking?

Robin Setty

Robin Setty Partnerships Lead for banking solutions at ACI Worldwide (EMEA) Limited

One of the competitive advantages of the new entrants is that they're under less scrutiny than traditionals.  Imagine, the noise if this were NatWest or Barclays?

A Finextra member 

WP: They are indeed a bank, and showing the older ones how transparency works.  Can you guarantee that this has never happened at your bank?  I used to struggle to get hold of mine, let alone hear from them proactively.  Did your bank spot the Ticketmaster fraud and re-issue cards to everyone who'd shopped there, before notifying Ticketmaster, who previously had no idea?  Banking is moving on, which is a good thing.  Who is under less scrutiny?  The rules are all the same, and the customers of these new banks are a lot more active on social media...

Ketharaman Swaminathan

Ketharaman Swaminathan Founder and CEO at GTM360 Marketing Solutions

According to the common narrative:

Traditional Banks make Customers visit Branches because their UX sucks. 

To that we can now add:

Challenger Banks make Customers visit ATM Machines because their Security sucks.

LOL, I never imagined this is how the "UX versus Security" Holy Grail will be cracked eventually:)

[On-Demand Webinar] Trusted Transactions: The Future of Risk-Based AuthenticationFinextra Promoted[On-Demand Webinar] Trusted Transactions: The Future of Risk-Based Authentication