Insights Preslav Tonkov

The Monzos and Medicis

Monzo’s security woes, trust and challenger banks


In the 15th century, the Medici banking dynasty ruled over Europe. The Medici family had built up a reputation which created a large financial system in an era when information was scarce.


It is hard for the contemporary reader to imagine how cooperation between branches in Lyon, Venice, London and Cologne could be sustained without today’s constant, on-demand flow of information. Trust was key.


Similarly, when a digital, mobile-only bank was created in 2015 with the ambition to emulate the Medicis as a dominant bank, trust remained as important as ever.


This week we learned that nearly half a million of the challenger bank’s customers have been asked to reset their PINs after the information was left in an insecure file.


Monzo, which announced the issue in a blog post on August 5, 2019, admitted that customers’ PINs had theoretically been accessible to employees for months.


“This is pretty embarrassing because they are a financial institution, one of these new digital banks,” said cybersecurity expert Graham Cluley. “This isn’t the kind of thing you want to have to tell your customers – to change their PIN numbers.”


Response? Although no-one outside Monzo had access to the PINs, this was still a severe enough issue to garner a coherent and proactive response.


With the aim of becoming the most trusted challenger bank, Monzo acted proactively in the absence of  customer outrage at the issue.


Using a combination of a company blog, which has a formidable following of 40,000 people,  and an email to all affected customers, Monzo acted swiftly and effectively. Their actions left the impression that people really had joined the Monzo community which was reflected in the comments under the blog, with one user suggesting that they appreciated the transparency.


Impact? Established retail banks retain their current account customers by emphasising how their experience allows them to better protect customer data. As a result, challenger banks must be seen to make every effort to keep their customers’ information safe. Monzo’s corporate messaging did exactly that.


We are yet to see the extent to which challenger banks will succeed in disrupting the banking sector.Trust is undoubtedly a key factor on the journey to the top. With its handling of the data breach, Monzo took the opportunity to climb a little bit higher.