Monzo Co-Worker Phone Access Misuse CIFAS Marker Removal

Our client's co-worker gained access to their phone and used the Monzo app to carry out transactions without the account holder's knowledge. From the customer's side, the issue was not suspicious use by them but loss of control over the device and the banking app on it.

From Monzo's side, however, the account showed suspicious activity associated with the named customer. The complaint therefore turned on whether the bank had properly examined third-party access, or whether it had treated account activity as if it automatically proved the account holder had authorised it.

The report confirmed a Misuse of Facility marker filed by Monzo Bank Ltd and attributed the transactions to the account holder. In practical terms, the filing appears to have assumed that because the activity occurred through the device and app, the customer must have been responsible.

What it did not seem to test properly was the possibility of third-party device access. That gap mattered because the whole case turned on authorisation, not just on the fact that the transactions were suspicious.

The complaint focused on access, control, and who actually carried out the transactions. It explained how the co-worker was able to use the phone, why the customer said the activity was unauthorised, and why suspicious transactions do not by themselves answer the question of who caused them.

That let the challenge push Monzo back onto proof. The bank was asked to explain what evidence showed the account holder had knowingly carried out or approved the activity, rather than simply relying on the fact that it happened through their device.

Monzo removed the marker within three weeks after reviewing the complaint and accepting that the transactions may not have been conducted by the account holder. Once the bank had to confront the third-party access issue directly, the filing became much harder to sustain.

For similar cases, the lesson is that phone or app misuse cases are really about control and authorisation. If the institution has not properly investigated those points, a serious fraud marker may be vulnerable to challenge.