29.8k unique visitors in the last 3 days

At Last, a Bank that Authenticates Its Call to You

The app provided by online bank Monzo tells customers the name of the member of staff currently trying to call them.

I have managed risk on behalf of big businesses, but I am also an individual who is the customer of big businesses that supply me with vital services like banking, energy and communications. This is why I find it hard to understand why the operational risk policies of big businesses so often exhibit a brazen double standard when it comes to identifying both parties to a phone call. The business may call you, at any time convenient for them, even if you are roaming abroad, and will instantly throw questions at you because they expect you to identify yourself without hesitation. But when you challenge the caller as to why you should believe the call comes from the purported institution, their robotic scripts supplied to their staff permit no answer except that you should trust they are not really a scammer, even though that is exactly what a scammer would say. This latter observation has become less fair over time, because the sheer number of phone scams enabled by the arrogance of big businesses does mean many now acknowledge their inability to authenticate themselves, and will suggest you call them back. However, calling the business back can be inconvenient, relies on the customer’s ability to independently check the business’ number, and may still fail if the return call gets stuck in a queue. One bank has finally done what they should all be striving to do, by creating a simple mechanism for customers to check if a call from the bank is authentic whilst they are on the line.

Monzo is a British online bank which requires all customers to install an app on their phones. A new upgrade means any customer receiving a call from Monzo can verify if the call is genuine by simply opening their app. As Monzo explains on their corporate website:

It’s a new feature we designed to stop fraudsters from tricking you into sending them money by convincing you they work for Monzo.

If we say we’re not talking to you, hang up

Here’s how it works. If someone calls and tells you they work for Monzo, open your Monzo app and head to ‘Privacy & security’ in Settings by tapping your profile in the top left of the Home screen.

If the ‘Monzo call status’ is showing that a member of the Monzo team isn’t talking to you, hang up right away and report it to us. You can start a report by tapping the call status.

If the call is genuine then the app will also inform the user of the name of the Monzo employee who has called them. This will provide further comfort to customers who are worried about being scammed. App-based authentication is such an obvious route to improved security that it makes sense to use apps for two-way authentication as well as two-factor authentication. Then both sides of the call will be protected from imposters.

Techniques like this would reduce reliance on less well focused security measures, such as the authentication of CLIs or the use of analytics to label calls. An app can provide an independent means of confirming a call is genuine that will continue to work when the customer is roaming abroad, whilst CLI authentication is very unlikely to work across borders because of the way national regulators are each imposing their own separate standards without any realistic prospect of cross-border interoperability. Giving confirmation to customers would be especially helpful in instances where the customer is traveling and needs to be contacted urgently, perhaps because a bank is unsure if payments made in a foreign country are legitimate.

Congratulations to Monzo for implementing such a simple but effective way of reassuring their customers and defeating criminals. Let us hope many other businesses follow their example by doing a better job of authenticating themselves when they need to call customers.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email