We’re always going to require you to enter your PIN or fingerprint to approve a transaction. Under Strong Customer Authentication, all payments not otherwise exempted need two factor authentication; when you go through our in-app 3DS flow, that’s satisfied by possession of device plus either knowledge (PIN) or inherence (Biometrics)
SMS isn’t considered two factors, only one (possession). Our 3DSv2 implementation (which is rolling out, but largely unsupported by merchants right now) doesn’t support SMS, and we’ll be withdrawing support for it from our 3DSv1 implementation during the SCA transition. The biggest reason for supporting SMS (the number of mobile applications which don’t support switching away to the Monzo app to approve the payment and back without losing the state of your payment) is fixed in 3DSv2.
It’s possible that our in-app approvals could be done in a smoother way than at present, but that’s a matter for the app engineers to prioritise against other matters.