I think this is an unfortunate framing. The property of public key cryptography is that unlike secrets such as passwords only one party has the private key. This instantly eliminates an important class of potential problems.
And unlike with something sophisticated like an asymmetric PAKE, I think it is relatively practical to explain this benefit to end users, Monzo's counter-parties can't lose a private key they don't have and can't produce signatures from Monzo themselves. If there are signatures that shouldn't exist Monzo knows the problem necessarily must be with their systems.
British Banks rely far too much on trust. A symptom of this is that periodically a big merchant (e.g. a supermarket) will accidentally run a transaction feed twice (e.g. all card transactions at Tesco on Thursday happen twice). The bank could insist (as it does for its own personal account holders) that these transactions have unique IDs authenticated by the card, which would thus mean the duplicates are rejected, but it trusts these huge merchant customers, so all the transactions they say occurred are just assumed to be fine, and the result is that the banks eat a bunch of customer anger and costs. It was remarkable to me that this would happen in 1995. It's outrageous that it still happens today, but it does.
I think this is an unfortunate framing. The property of public key cryptography is that unlike secrets such as passwords only one party has the private key. This instantly eliminates an important class of potential problems.
And unlike with something sophisticated like an asymmetric PAKE, I think it is relatively practical to explain this benefit to end users, Monzo's counter-parties can't lose a private key they don't have and can't produce signatures from Monzo themselves. If there are signatures that shouldn't exist Monzo knows the problem necessarily must be with their systems.
British Banks rely far too much on trust. A symptom of this is that periodically a big merchant (e.g. a supermarket) will accidentally run a transaction feed twice (e.g. all card transactions at Tesco on Thursday happen twice). The bank could insist (as it does for its own personal account holders) that these transactions have unique IDs authenticated by the card, which would thus mean the duplicates are rejected, but it trusts these huge merchant customers, so all the transactions they say occurred are just assumed to be fine, and the result is that the banks eat a bunch of customer anger and costs. It was remarkable to me that this would happen in 1995. It's outrageous that it still happens today, but it does.