Approve Online & Manual Payments

Kind of similar to the idea posted here.

A neat little feature idea is the ability to approve payments that are made either via Online or Manual Entry. I.E. not by the physical card.

You get 60 seconds or so to approve the payment (comes through on push notification, click that to quickly approve or reject [3d touch on iOS…]) before the payment succeeds. Card payments do not have this as it’s using a physical card.

This idea comes after a fraudster attempted to use my card details to make a purchase. I didn’t have the funds so it didn’t happen, but if I did then the ability to reject it would’ve helped.

Just an idea to through out. Might be rubbish might be awesome. Either way it’s a long term idea!

I think that has been suggested before in connection with “3D Secure”, and led to a fairly lengthy debate about the pros and cons afterwards, but I can’t find it right now.

Apparently Monzo only get a second or two to respond to transactions, so it wouldn’t work.

The new version of 3d secure will allow this kind of flow and IIRC Monzo are waiting for this to allow for app integration.

I know at least one bank has implemented 3DS by texting a code to the customer that they then have to enter into their interface, so there is apparantly room for more than a few seconds in the specs

I think that was referring to cardholder present transactions not online ones?

What happens if you have no phone signal to get the notification that requires the instant response? You’d need a robust fallback of some description.

The idea is that you don’t need to approve if you are using your physical card, so this shouldn’t be an issue.

It’s mainly for Online use and other manual input attempts. But indeed, that should be worked out too.

But that requires 3-D Secure. In the normal process authorisation has to be extremely fast.

That’s right. And I was talking about 3d secure all the time

Fair, but I was pointing it out since the OP wasn’t talking about 3-D Secure. In fact they even said manual (keyed) entry which can never be 3-DS

Yep, I get that, but consider this scenario.

I’m sitting at work using a work computer to do some online shopping. My phone, however, doesn’t have signal and can’t be connected to the work network as a matter of policy. Or let’s just say the phone has died because the battery has run out. Either/or.

I make a purchase, I use my Monzo card, I have money in the account. However, I can’t receive a notification that must be responded to ‘within seconds’ and therefore my purchases don’t go through. That’s going to be incredibly frustrating.

Your suggestions is laudable as a means of preventing fraud but the solution isn’t robust on its own, as it is over-protective and assumes that legitimate online transactions can only occur whenever the phone - and only the phone - is in a ‘serviceable’ state.

Fair point (though you should do work at work ) but indeed that would be an issue.

I don’t know the full answer to this. There could be a way around it, or if you know you are affected by signal issues in locations where you may attempt to spend you can turn it off before you go there? I quite like the idea of being able to turn stuff like this on and off where required.

You raise a good point though

Agreed on opt-ins. One thing I like about Monzo is the way we can enable or disable to features we want to use at any given time – mag stripe, payments with friends, location-based anti-fraud protection, etc. No problem with this being made an optional, rather than mandatory, layer of security for those who would like to use it.