Monzo tells its customers to change their pin.

Monzo called hundreds of thousands of customers to pick a new PIN code, after realising it was storing users’ PIN codes as plain-text in log files. While the UK Fintech sector is flourishing with new technologies, Fintech companies’ success is extremely dependant on their ability to provide security to their customers. A few ground rules should be followed by any Fintech venture to ensure they don’t have issues similar to that of Monzo, or worse: Sensitive data sanitation – Conduct a static code analysis to detect sensitive data being stored in the code as plain text. Assess your logs structure to ensure that proper information is being logged, while sensitive information is unrecognisable. Implementation of technical countermeasures – incorporate security controls into the information system design lifecycle so that they become an integral part of the system’s operational capabilities. Invest in “security by design” concepts, implementing secure engineering processes. Introduce system-level security principles to be considered in the design, development and operation of an information system, in all layers of the product and make sure your teams implement these principles and are provided with appropriate security by design training programme.