Please add a second factor authenticator mode at each first access of a new device on the android app or web app, i.e. an OTP from the Google Authenticator app or a simple OTP code from the email.
Your platform is mature and really a good product, but it is very dangerous for people to risk this sensitive type of data ("money") being exposed.

Regardless of the MFA mechanisms present in banks, since the Wallet is an aggregator of sensitive content, such as balances and bank transactions from different current accounts of the same natural person, it is enough for a malicious user to be able to obtain the username and password pair of a user to access the Wallet website (or the app) in order to have a complete view of all the banking information of the user.

The user will not even be notified if someone else accesses his account using his credentials, because that user has not previously registered and authorized the individual devices that could access, nor is there an MFA mechanism on the Wallet, and not even a simple email login notice (with the IP, for example).

The hacker will not be able to change bank accounts, ok, but he will certainly have access to a lot of sensitive information that damages the user's privacy and potentially can also put him in physical danger (just think of the geolocation information, but much less is enough) or digital (e.g. social engineering).

I hope you integrate this security measure soon.

Thank you
Silvia Ag.