Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security IT Technology

UK-based Mobile-Only Bank Monzo Admits To Storing Payment Card PINs in Internal Logs (zdnet.com) 33

Monzo, a mobile-only bank operating in the UK, admitted today to storing payment card PINs inside internal logs. From a report: The company is now notifying all impacted customers and urging users to change card PINs the next time they use a cash machine. Monzo described the issue as a "bug" that occurred when Monzo customers used two specific features of their Monzo mobile apps -- namely the feature that reminds users of their card number and the feature for canceling standing orders. When Monzo customers used one of these two features, they'd be asked to enter their account PIN, for authorization purposes, but unbeknowst to them, the PIN would also be logged inside Monzo's internal logs. Monzo said these logs were encrypted and that only a few employees had access to the data stored inside. The company said it discovered the bug on Friday, August 2, and spent all weekend removing PIN numbers from its internal logs.
This discussion has been archived. No new comments can be posted.

UK-based Mobile-Only Bank Monzo Admits To Storing Payment Card PINs in Internal Logs

Comments Filter:
  • to do a TFA on your phone to authorize purchases than signing or putting in a PIN...

  • Damn! The planet is run by a bunch of liars! And everybody says, *No biggie*...

  • by rickb928 ( 945187 ) on Monday August 05, 2019 @12:12PM (#59044266) Homepage Journal

    Regulations do not permit this. Book 'em, Dano.

    • Regulations do not permit this. Book 'em, Dano.

      If we have draconian punishments for self-reported breaches, we will have less self-reporting and more breaches.

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...