Card declined at Next (online)


(Dave) #1

Hi,

My card got declined using Next online. I don’t think they new why as the list of possibilities was card number wrong, CVV wrong, address wrong, card expired, insufficient funds etc…

I tried it twice and double checked everything.

I didn’t get any notifications to say money had been taken and refunded etc…

Used it loads of time since then, both online, contactless and chip and pin.

Not complaining, more informing you.

Thanks,

Dave


#2

There has been other people who have said Next Online declines their Monzo card.
Not sure why Monzo haven’t got Next to fix this now?


(Jack) #3

Could it be that Next use Mastercard 3d secure and monzo don’t support this yet? Although it is in the works…


(Andre Borie) #4

I didn’t get any notifications to say money had been taken and refunded etc…

The transaction hasn’t even reached Monzo then. Possibly they’re declining it on their end because of the lack of 3D-Secure, or the Monzo BIN is blacklisted?


(Michael) #5

I’ve had this before. It is down to 3D Secure. Nothing more, nothing less. :slight_smile:


#6

3D secure is still 6-12 months away according to the roadmap :disappointed:


#7

Anyone know why it’s so hard to implement or take so long? 3D secure has been around for a long time now and I would have thought when Monzo was being planned it would have been part of the big “let’s build a bank” meeting that went on many moons ago…

Just seems a little daft to me that something like this could effectively cause a lot of negativity with Monzo customers to the point where it might sway their decision to use Monzo as a main account…


#8

We’ve been waiting for 3D secure v2 before implementing it!


#9

I wasn’t aware of 2.0 but this gives a brief explanation: https://usa.visa.com/dam/VCOM/global/visa-everywhere/documents/visa-3d-secure-2-program-infographic.pdf


(Liam W) #10

Has V2 been released yet?


(Sufi) #11

:point_down: explains what is 3D Secure 2.0 and what are the differences.

https://www.gpayments.com/about/3d-secure-2.0

N26 has implemented 3D Secure, not sure if it’s 2.0 but this is how they explain it works;

How does 3D Secure work at N26?

Our risk engine will evaluate transactions made at merchants that use the 3D Secure technology. Based on the risk-parameters of the individual transaction, the engine will decide whether you have to confirm the transaction via a push notification in your app. In the instances in which you are required to confirm the transaction, follow the steps below:

  • Start your purchase at any online merchant that uses 3D Secure technology.

  • After entering your Mastercard details at the checkout, you’ll be redirected to another page explaining that to complete the purchase, you need to confirm a push notification in your N26 App. On mobile, you can just click on the logo to open your app. For security reasons, you need to confirm the push notification within 5 minutes. Please note: The 5 minutes timer starts running once you were redirected from the merchant’s page to the page asking you to confirm the transaction.

  • Once you have opened your app, you’ll see a pending transaction on top of your transaction overview. Just tap the bell icon on the left and the required push notification will pop up.
    Hit “Confirm” to complete your purchase.

  • Back at the online merchant, you’ll see that your payment was successful.

  • That’s it! Be aware, not every card transaction you’ll make online will require you to confirm via push. However, that does not mean those transactions bring a higher risk for you, but our engine considered it as a regular online purchase you are likely to make.


#12

I had this and Next closed my account. Pretty annoying.


#13

The N26 method is a pain as you need your phone working (no flat battery) and to be in the app to click on a button.

I want to be able to use my card independently of any kerfuffle in the app, so for me having to enter a password or passcode on the same browser I am actually making my purchase…that is the least friction!


(Matt) #14

Why not both?

Give me the option of entering a secure password or pop up with a push notification that i have to accept or decline?


(Sufi) #15

@BethS @simonb Seems a bit of contradiction…


(Andre Borie) #16

The issue with a password is that many sites embed the 3D Secure page in an “iframe” so nothing actually proves that the page you’re seeing is real and not a fake one. The “out of band” method of confirming in the app mitigates that attack.

Granted, they could also implement approval by logging into the N26 web interface in a separate tab (where you do see the address bar and can be sure it’s not a phishing page).


(knows someone who knows Tom quite well) #17

3D secure is an abomination!

A perfect example of how not to create a UX.


(Andre Borie) #18

Totally agree, it’s garbage. There are so many better options instead of that (throwaway card numbers essentially acting as an OTP, a separate OTP submitted in addition to the payment info, or a full oAuth-style flow where the merchant site redirects you to your bank and you have to authorise the transaction).


(Hugh Wells) #19

I’d never thought of an oAuth flow - that’s a neat idea actually.


(Andre Borie) #20

That would be the proper way to do it - not only is there nothing to phish (assuming the user is careful to check the URL bar before authenticating to their bank), but also the website doesn’t have to be trusted, as the bank’s page will display exactly which amount they are attempting to take.

It would be awesome if Monzo did something like that for businesses to take payments from :monzo: cards.