Monzo Bank Stored My PIN Incorrectly

1 minute read
| Analysis

LONDON – In terms of emails you do not want to get while you’re on holiday, one from your bank with the subject “Please update your app and change your PIN” is right up there. I received it Monday, as UK digital-only bank Monzo confessed it had stored some users’ PIN numbers, including mine, wrongly.

Monzo Bank

Monzo Tells Users to Change Pin

As Andrew Orr reported for TMO, the bank  “logged PINs inside encrypted internal logs,” which engineers had access to. In an email sent to affect customers, the bank said:

We’ve fixed an issue that meant we weren’t storing some customers’ PINs correctly. There’s been no fraud on your account because of this, but you should update your app and change your PIN as a precaution.

It explained that “the issue affected less than a fifth of UK Monzo customers.” Lucky me.

Affected customers have to head to an atm and change our PIN. Monzo also released an update to its iOS and Android apps.

Damage to Customer Trust

Incidents like this are never good, of course. However, it feels more damaging in the case of Monzo.  This is a company that has set itself up to be the definition of a modern bank. It is digital-only. It works abroad, without any rip-off with charges. Your balance updates straight away.

I’ve been a very happy Monzo customer up to this point. However, claiming this is a bug, not a massive mistake, as the bank did in a blog post, is not really good enough. When things like this happen institutions have to take full responsibility. Too often, they pretend it is not a big deal and hope everyone moves on. That seems to be what is happening here, despite the fact thousands of people were affected.

Monzo customers who received a similar email to the one I did should follow the instructions and change their PIN. Although the bank insists there has been no fraud, I’d also suggest we all keep a close eye on our accounts in the coming days.

Leave a Reply

Please Login to comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
Notify of