Android Developer Blog: The Fight Against Impersonation: Monzo's Innovative Approach

Posted by Todd Burner – Developer Relations Engineer

Cybercriminals continue to invest in sophisticated forms of financial fraud, causing consumers to lose more than $1 trillion. According to the 2023 Global State of Scams Report from the Global Anti-Scam Alliance78 percent of mobile users surveyed have experienced at least one scam in the past year. Of those surveyed, 45 percent said they had experienced more scams in the past 12 months.

The Global Scam Report also shows that phone calls are the best method to initiate scams. Scammers often use social engineering tactics to trick mobile users.

The main place these scammers want individuals to take action is in the tools that provide access to their money. This means that financial services are often targeted. As cybercriminals ramp up their scams and expand their reach globally, it's important to innovate.

One such innovator is Monzo, who have been able to tackle scam calls through a unique impersonation detection feature in their app.

Monzo's innovative approach

Founded in 2015, Monzo is the largest digital bank in Britain and also has a presence in the US. Their mission is to make money work for everyone with the ambition to become the only app customers use to manage their entire financial lives.

Imitation fraud is an issue that the entire industry is struggling with and Monzo decided to take action and introduce an industry-first tool. Impersonation is a common social engineering tactic in which a criminal pretends to be someone else so he can encourage you to send him money. These scams often involve the use of urgent pretexts that pose a risk to a user's finances or offer an opportunity for quick wealth. With this pressure, fraudsters convince users to disable security measures and ignore proactive warnings of possible malware, scams and phishing.

Call status function

Android offers multiple layers of spam and phishing protection for users, including call ID and spam protection in the Phone by Google app. The Monzo team wanted to improve that protection by using their internal phone systems. By integrating with their mobile application infrastructure, they can help their customers confirm in real time when they are actually speaking to a member of Monzo's customer support team, in a privacy-protecting manner.

If someone calls a Monzo customer and says they're from the bank, their users can go to the app to verify this. In the Privacy & Security section of the Monzo app, users can see the 'Monzo call status' so they know if there is an active call with an actual Monzo team member.

“We built this industry-first feature using our world-class technology to provide an extra layer of comfort and safety. Our hope is that this can prevent cases of Monzo customer impersonation from happening in the first place and impacting customers.”

– Priyesh Patel, Senior Staff Engineer, Monzo's Security Team

Keep customers informed

If a user isn't talking to a member of Monzo's customer service team, they will see that, as well as some useful information. If the 'Monzo Call Status' shows that you are not talking to Monzo, the Call Status feature will tell you to hang up immediately and report it to their team. Their customers can initiate a scam report directly from the call status feature in the app.

screen capture of the Monzo call status, alerting the customer that the call the customer is receiving is not from Monzo. The customer is advised to end the call

If there is a real conversation going on, the customer sees the information.

screenshot of the Monzo call status, confirming to the customer that the call the customer is receiving is from Monzo.

How does it work?

Monzo has integrated a number of systems together to help inform their customers. A cross-functional team was assembled to build a solution.

Monzo's internal technology stack ensured that the systems that power their app and customer service calls can easily communicate with each other. This allowed them to pair the two and share details of customer service calls with their app, accurately and in real time.

The team then worked to identify edge cases, such as when the user is offline. In this situation, Monzo recommends that customers do not speak to anyone claiming to be from Monzo until you are reconnected to the internet and can check the call status in the app.

screenshot of the Monzo call status showing an alert while the customer is offline, letting the customer know that the app cannot verify whether the call is from Monzo or not, so it is safer not to answer.

Results and next steps

The feature has proven highly effective in protecting customers and has received universal praise from industry experts and consumer champions.

“Since we launched Call Status, we receive an average of around 700 reports of suspected fraud per month from our customers through the feature. Now that it's live and helping protect customers, we're always looking for ways to improve call status, like making it more visible and easier if you're on a call and want to quickly check who you're speaking to is who they say they are.”

– Priyesh Patel, Senior Staff Engineer, Monzo's Security Team

Final advice

Monzo continues to invest and innovate in fraud prevention. The call status feature brings together both technological innovation and customer education to achieve success, giving their customers a way to catch scammers in action.

A layered security approach is a great way to protect users. Android and Google Play offer layers like app sandboxing, Google Play Protect, and privacy-preserving permissions, and Monzo has added another in a privacy-preserving way.

To learn more about Android and Play security and further protect your app, check out these resources: