Can you describe your people setup a bit, please? How many software engineers were involved, devops, testers, etc? How much you needed for the MasterCard 3dsv2 certification? How much in all?
1 Like
Our squad is made out of 11 people.
1 - relationship manager to our card manufacturers & Mastercard
2 - money operation experts
7 - backend engineers (and testers)
1 - team lead
We deal with all to do with card payments and ordering of physical cards.
We had to pass every certification assertion before even integrating with Mastercard.
6 Likes
Sounds great 
Although relying on the merchant for the app layout is a bit unsettling, had major issues with the UX on the Monzo web flow - the “Go back” button was a bit too much of a call to action so I’d keep pressing it instinctively rather than waiting for the timed return. Most merchants did not handle that well, hopefully that’s one of the tweaks? 
Even so trusting the UX to merchants sounds risky if they’re going to continue to be so brittle at handling the outcome.
Although having native in-app support for merchants does mean that you should have a smooth experience making your payment. As opposed to a new window with completely different colors, branding and layout popping up on your app (as is right now).
But then again, that works well when the merchants know what they are doing.
FYI - about 20% of our 3DS2 requests are from apps (80% from browsers)
5 Likes
Hello, please help me to understand something. When I use monzo card I always get notifications to authenticate the payments from the app. At the same merchants when I pay with another card the issuing bank asks me to authenticate the payment through sms. From here I understand that merchant is 3ds v1, but in this case why do you try to ask for authentication via app? Of course it is a great experience for me as a user to always approve via app, but how is this possible?
How does this work for foreign transactions where local laws do not require this.
I’m not sure if I understand the question… We no longer ask for SMS on 3DSV2 (as opposed to V1) because technically anyone with your phone could approve a transaction just by having your phone. With in-app auth, they need your phone and PIN
1 Like
SCA is a EU mandate. In fact, outside of the EU, lots of places barely even use 3DS (cough cough 
) as it adds friction, so a lower turnout rate for the merchant on checkout. Sometimes in the US merchants won’t even require CVC2.
But back to your question, I think we will have to evaluate the impact of doing this globally - but I doubt there is a “one-size-fits-all”…
2 Likes
Not trying to show off, but this week Mastercard told us we have built a world class 3DS2 ACS server 
Apparently banks out there aren’t quite getting it right
34 Likes
Does this mean we enter our pin code on the website of the merchant instead of in the app?
You never enter your account PIN on a website.
7 Likes
That’s what I thought. So how is the flow different?
I still don’t get what this means:
the Monzo pop-up window now has native Android and iOS support or as a modal on your web-browser. This will make for better-looking and smoother mobile checkouts.
Is this about the little box here?:
Or are we talking about some kind of Google/Apple Pay style thing?:
Or are we likely to barely notice anything compared to the current flow?
Yep. You got it just right.
The first picture is our web-browser pop-up (also called a “challenge window”).
We now support native in-app challenges, so Google/Apple could very well integrate it into their apps like you linked below. In fact, we are in touch with Google about just that 
8 Likes
The whole reason we are working on this is that in the middle of next year every single online transaction in the EU will have to go through 3DS.
(This is a massive over-simplification and there are a couple of exceptions)
9 Likes
Also, we may be re-phrasing the sentence on that browser challenge soon.Any suggestions?
1 Like
My only suggestion would be to use language a little less technical than “authenticate”. What you’re doing is asking the user to prove it’s them making a valid transaction, so “we must confirm it’s you making this transaction” type thing??
6 Likes
Yep. I agree with you here
1 Like
What do you think isn’t intuitive with the current notification?
1 Like