I have just had my first experience of the new 3DS implementation. In my opinion it is not great.
Last month I paid my John Lewis CC and my Tesco CC bills via their apps using my Monzo account. All good as the payment left my Monzo account straight away and I could see the money was gone, it obviously took a few days to go through on my Credit card accounts, but I could see the payments were gone. i.e. I had surety my CC bills were paid (and visual proof)
This month I did the same and was sent to the Monzo app to approve the payments. I duly went there and believe I authorised the payment using fingerprint security on my iPhone. At the conclusion of the authorisation by me, Monzo returned to my account, no debit, no pending debit. Nothing.
So now I am in the position that I believe I have paid my credit card bills but absolutely no evidence available to me in the form of an outgoing payment (instant or pending ) or a pending inward payment in the CC apps.
Feels like one step forward in security and two steps back in client service.
I think with this new security measure you need to have something visible to the customer as an affirmation that something has occurred, whether it be “Your 3DS authentication to xxxx failed” Or “Your 3DS approval has gone through for £XX”
I did, nothing evident there, I am assuming that is because in both cases their apps do not keep you logged in, so when you have to switch to the Monzo app the Tesco/JL apps close down and probably think you have abandoned the transaction? It seems like a poorly thought through/implemented step.
As I said before, one step forward for security two steps back for client experience. Even if going back to the JL/Tesco apps and getting it done successfully were a route to getting it done the client experience has been significantly lengthened
Hi, already had that suggestion from Monzo help team. As a workaround it is an eminently sensible suggestion, unless you live somewhere where mobile phone reception is awful (as I do).
The key thing is, that is a workaround, developing software and releasing it and then saying if it doesn’t work use this work around is not really a great answer in my opinion. Get the software working properly.
Unfortunately Monzo is not alone, most of the financial service operators are going SMS for OTP to approve transactions. Marvellous IF
1 Your customer has a mobile phone
2 They can get a decent signal
It was referenced in the release blog post @Lymefossil. See here:
" When your credit card provider doesn’t like you leaving the app, we ask you to approve the payment by text instead
You told us that for some credit card providers, leaving the app was causing the payment to fail. When you try to make payments to those card providers and they fail, we’ve made sure that we ask you to approve the payment by text instead."
If you are having issues with a specific app / site, i’d suggest flagging it via in-app support. I read the above as implying that they will force SMS based verification where there are problems using app based approval, but need to know the sites impacted so it can be configured.
The failure with the Tesco CC app is a known issue with the Tesco app since it resets and locks everything once you leave it. I don’t know about the John Lewis version. The thing is, Monzo can’t be responsible for everyone else’s implementation as well as their own so work arounds are all they can offer. Longer termof course, they can implement something slicker but it’s still a work-around, just a less public one
The work around for that is (I believe) that things will be changed to use an alternative verification method for the moment.
Playing devils advocate, are there many scenarios though where you need to approve via 3DS, but don’t have a decent signal? Bearing in mind it’s designed to support online purchases, logically you are highly likely to be somewhere with WiFi / connectivity at the point you are purchasing?
Could they not allow you to authorise from the notification? It would mean you don’t leave the initial app.
Outside of this it’s slightly irritating to have to return to the original app to continue the payment, but nothing says this. For example when I pay Amex, it takes me to Monzo, I authorise and Monzo returns me to my home screen… and that’s it. I have to manually know to return to Amex to finalise.
A small text on the authorisaiton page saying “Great - transaction authorised, please return to your merchant screen to continue” or something like that. Particularly for a “newer” way of 3DS implementation.
I’d prefer this, or Apple Watch integration. The approval flow for Microsoft Authenticator / Duo works really well - far easier than going into the app to approve (although I appreciate there are benefits in terms of additional information that can be displayed in-app etc.).
Appreciate the comment and on face value correct but in reality causes issues.
I like to pay my CC bills and many others at home, ideally using apps as it is all (or was) relatively straightforward. If it introduces a step where I need to get an SMS to approve it, it doesn’t work for me. I have to go for a 50 yard walk to get one bar. This isn’t a problem for calls etc as most calls on mobiles are now via wifi (whats app/facetime etc)
But if banking is going the SMS route I am not in a good place, as I suspect a significant minority of the country will be. With the new Payment Services Directive, online payments for me will be a nightmare as most fin services are going the SMS route.
My issue with this is if the developed and released software is now to have an issue that will NOT work with some other fin services providers then workable work arounds have to be put in place, the ones suggested toome just don’t work unless I go somewhere I have a decent mobile phone signal. I.e. leave my home to do my banking!
I know this all sounds like a rant, and I am a relatively small % of the client base that will find myself in this position, but technology is supposed to make life easier, not encourage me to go for a drive!
I love how Monzo implement new ways of banking, and I think it’s great.
What I don’t like is when their new ways don’t work well with an existing company and the only response from members is “That’s the issue for the company”. It’s a cop out. It’s an issue for me, as a Monzo customer. I want a bank that is progressive but also acknowledge that they are still new and major companies aren’t going to change their ways just because Monzo have.
The SMS reversion / lack of mobile signal is a fair point, and not one I’d considered if I’m being honest. It’s ironic that the “fall-back” is in a lot of respects, less reliable than the primary method.
I think we’re all in agreement that the “flow” could benefit from being slicker - either better integration with other apps / services as 3DS matures, or alternate approval methods that don’t require app switching.
Absolutely, I think Monzo is a great disruptive new player and can teach the old companies how to do it better.
That is my disappointment, like you. Saying “It’s a known issue with…” i.e. implying it’s their fault not ours. You know what that’s when Monzo starts to sound a little like the old behemoths they are trying to disrupt!
I think this is why I would have preferred it to stay in labs (therefore, an option to toggle on or off).
Appreciate it can’t be perfect straight away, but I think it can be better than it is - For paying credit card bills, it seems to be causing more friction than necessary (and I reckon a lot of people will be using it for this functionality).
The “approve from notification” is the only thing that would make me happy with it to be honest - Having to leave the app and manually go back is a pain.
Just added a few more credit card providers we found over the last 24 hours to the list for defaulting to SMS due to their apps cancelling payments when using the in-app approvals.
Ultimately, we can try to work around this as much as we can but this is an issue that the credit card providers are going to have to solve before September 2019 when this kind of 3D Secure becomes common as a result of EU regulation on Strong Customer Authentication.
Having said that, we’re currently discussing how we could further work around this issue under the constraints we have. A lot of the suggested methods wouldn’t satisfy the regulatory or technical requirements we’re under.
Thanks @Rika - This is the first time I’ve seen that response.
So is that confirmation that currently, authorising the 3DS from within the notification (by pulling it down etc), wouldn’t be enough?
Is there likely to be further explanation on that (because for someone like me, who perhaps isn’t a coder or financial regulator, I can’t see the difference between authorising from the notification vs authorising from the app on the same phone).
I would imagine it’s easier than using the Tesco app which sounds like it’s not designed correctly. Also once the Payee details have been saved in the Monzo app you wouldn’t have to re enter them again like you do with card details.
As Rika has mentioned more providers have been added to default to SMS authentication so hopefully this resolves your issue so you don’t need to leave the Monzo app