Can monzo tell me who has my card data stored?


(Richard Bairwell) #3

I guess you are just asking for a list of merchants you’ve spent money with (and so might have your payment details if they’ve stored them) and probably any payment processors (such as WorldPay, Paypal, Google Pay). It won’t include companies which have your payment details but who haven’t charged (or authorised) against your card (as Monzo would not be notified of the fact they have your details).


(Jack) #4

Nice feature, I’d say this is partially covered by the reoccurring payments section of the payments tab, or by searching your feed for active card checks I guess.


#5

Yeah, I mean all of them, not only the ones where I spent money


#6

Maybe having a list where I can easily enable/disable the card :thinking:


(Richard Bairwell) #7

If they haven’t charged your card in anyway, Monzo would not have been ‘alerted’ to the fact they have your card number.


#8

I know, but I also know that everything is possible, specially for Monzo :rofl:


(Rika Raybould) #9

Will take a look into how they might be doing this but I suspect they’re listing all merchants who have made an authorisation with the recurring billing flag set. :thinking:


#10

Even being able to see that would be good. How often do people find that a company takes a card payment which was authorised many months previous. Or even worse take payments after you have cancelled a contract or service.


#11

This is amazing. Continuous payment authority (is that the right term?) really needs to be under user control like direct debits. It’s ridiculous (in my view) that I don’t have any visibility - let alone control - over this.

Anything that Monzo can do to lead the way = :hot_coral_heart: :hot_coral_heart:


(David I) #12

When I talked to HSBC about this some time ago (my old current account) they told me they had no way of showing me all merchants who had set up what they called Continuous Payment Authority (CPA) on my Visa cards. Seems crazy to me that a merchant has the authority to charge my card but the bank could not tell me who they were.

If Monzo could do better than HSBC then this would be another reason for me to be happy with my choice to move banks :smile:


(MikeF) #13

I feel it’s been explained a few times on here over the years that CPA really isn’t ‘a thing’ in the same way as a direct debit in that it’s something that exists with the retailer/supplier rather then anything that’s registered with the banks. That’s why banks can never terminate them other than by blocking the retailer in its entirety.

It makes sense to me in that if I tell someone to charge my card every month, I don’t need bank authorisation like a DD so how is my bank supposed to know? Neither I nor the supplier need to tell them and they don’t have a means of recording the data even if I did tell them.

I can’t see that trying to put bank ‘permission’ in place for such things would work either.

Is that right?


#14

But!

Sometimes there’s an active card check whenever a payment is set up with a merchant maybe there could be a way to sort of enhance this and see if a CPA was set up :man_shrugging:
I think if there’s one Bank who can do something about CPA control that’s Monzo so hope they will come up some solution in future.


#15

The only high street bank I know that actually stops a CPA without any problem is Barclays. They seem to have access to enough data to show them a CPA, so the information is definitely out there in many cases.


(Tony Hoyle) #16

Halifax told me it was impossible to stop a CPA short of cancelling the card completely - even ordering a new one didn’t work as they just told the retailer the new number.

I absolutely hate them but US companies in particular use them a lot.

There’s even https://www.fca.org.uk/news/news-stories/continuous-payment-authorities-it-your-right-cancel - which is just not honoured (well, Monzo might.)


#17

That sounds like a very clever thing Wells Fargo are doing - access to my own data on a simple to understand basis is something I really appreciate.


(David I) #18

How would I go about cancelling a CPA with Monzo at the moment? Would it need a contact request through the app? Do the CS team have the tools to allow them to cancel this even if I requested them to?

I realise that a CPA is not like a DirectDebit - an issue created by Visa/Mastercard I assume - but would be great if when the first transaction establishing the CPA has some additional information against it which Monzo should be able to gather. Then providing a list or report to us of all the transactions which were marked in this way would be very informative.

#justathought :thinking:


#19

There is no rule about how a company processes a CPA, many companies will just process it as a standard transaction through a terminal or through an online processor. So all the bank would ever know in many cases is its a regular payment from a particular company.

For a bank to cancel a CPA it instructs the company to no longer claim under any authority it may have from the banks customer. If they don’t the bank then goes through a different route, it can be complicated and most banks just tell you it can’t be done for ease. Monzo will be estimating its a CPA like it does with standing orders or direct debits, it won’t be obtaining information from the company its a CPA, some big companies prices regular payments and direct debits through a different merchant account so a bank can see its regular from them details.


(David I) #20

That is a very interesting thought and I have a question. I make a transaction with a vendor and provide card number, expiry, name and CVV. The vendor decides that they will be re-using those details for a future transaction; what do they keep to allow them to get future funds.

  • My understanding of PCI is that they are not allowed to store the CVV so are they storing a previous authorisation code to make the second transaction?
  • Could Monzo therefore track this through re-use of an authorisation code?

I am speculating about things I am not particularly knowlegable about but really would like to see more info provided by Monzo in this area.


(Kolok) #21

They could put it through without a CVV code, but then they take a risk if the customer queries it, ( although the bank would also have to allow it through as not suspicious)

For example Amazon never ask for the security code even for a new card.


#22

That would depend an many things. If an authorisation code is required then reusing an old one isn’t permitted in most circumstances, there are ways some companies do, but whether or not that abides by the rules can be argued both ways. However a live authorisation code is not a requirement for processing a transaction. So providing a company is only submitting transactions within the limit agreed with its bank/acquirer there would be no need to live authorise a transaction under a CPA, thus no need for a CVV. That is the reason some companies will often process numerous small transactions under a CPA, lots of talk about stopping that, but that is going to be hard to stop.