By the way, I use SCA as a verb to mean “require an application of Strong Customer Authentication”. That is, require that the customer authenticates the purchase via 2/3 knowledge/inherence/possession.
At Monzo we do possession (your phone) and one of inherence (biometrics) or knowledge (your pin)
Exactly because SMS opt only meets the possession criteria (ie. the fraudster would only need possession of your phone). So it’s not a valid form of SCA
Does the recurring payment have to be for the same amount? Or could this be a way around SCA on repeat payments?
Thanks, that’s very helpful, and is somewhat reassuring! Apple Pay would likely reduce reliance on needing my phone with me, as presumably, I can fulfil SCA requirements from any of my Apple devices. So perhaps that’ll be the way forward for me, and hopefully the regulation will encourage greater adoption of it.
I hope it won’t impact PayPal checkout too significantly though. So far I don’t think I get any of these in app confirmation or sms prompts when using PayPal, which is primarily why it’s still my main option when buying stuff, when Apple Pay isn’t an option.
Oh joys I can’t wait for the SMS option to vanish, that’s a couple of websites that won’t work at all then 
unless of course they finally fix the payment system to accept the fact I’ve pressed the button in app at Monzo’s end.
Thames Water is my example of this… So means I get free water right?
Ha ha, not sure they’ll agree to that
For me it’s the National Lottery and Argos Card, both I pay via DD, however if I want to play extra games with the Lottery, I have to use the SMS option. Similarly if I’m paying extra off on my Argos card it has to be SMS too.
National Lottery just ends up signing itself out, Argos Card just goes to a blank screen if using authentication via the Monzo app.
Argos card actually worked for me the other day with authorise in app. First time ever
Oh I’ll try again when it gets to payday, didn’t work at start of this month as I recall forgetting I needed to use SMS.
Sms took ages to come through so I opened the app to see if it would work
Didn’t open Monzo from the notification though. That still might not work
Looks like Amazon are dabbling with 3D secure now, had a transaction come through asking for authorisation.
Snap. I believe SCA is necessary, but frequently get frustrated making purchases on my iPad and then having to bail out as I realise I don’t have my phone on me. At that point I flip to Starling or my legacy bank as I can have their app on multiple devices.
Could be interesting if people ever lose their phone and want to buy a new one online but need a phone for SCA.
For now, most of the time, I can use the SMS fallback, which thanks to iCloud delivers to all of my devices. So I can still authenticate from any device.
As this gets phased out though, unless merchants find creative ways around it or implement Apple Pay which should circumvent it entirely, then I’m going to need the full Monzo experience on other devices if I’m to continue using them as my primary spending card.
I don’t see old banks having the means to process these things via a smart phone application any time soon. And what of the people who lack a smart phone?
There’s still a lot of questions regarding this stuff. What the regulations actually require, and the accessibility issues it raises.
Technically you need it meet 2 out of 3 - inherence, knowledge, possession. Possession is most popularly the person’s phone, but for legacy banks it could be one of those little ugly POS machines we had back in the days (at least I had one with Barclays).
For Monzo “phone” is an obvious choice, as you need a phone to open a Monzo account
I personally think it’s a great idea and would be happy to have this feature for every transaction
Oh boy, abandonment will sky rocket! Especially considering that these annoying little things aren’t usually handed out willingly. You have to actually request them, and potentially jump through onerous hoops to get one. I’m in a bit of a weird bind trying to get one of these from Barclays so I can get back into the mobile app. In order to get one, I need to update my address. In order to update my address, I need to visit a branch. Only issue is, i live so remote now that it requires a 5 hour drive to my nearest branch, in addition to the fact there’s a global pandemic. And Barclays are supposed to be one of the better banks for the modern era!
My mum gets annoyed when I send her money using a link because she has to manually find her details and input them in herself. She doesn’t have one of these devices, but I can imagine she won’t be best pleased if they become a necessity in the future.
Banks need to be ready and have something more frictionless in place for when the time comes. I worry they won’t be. Monzo have a decent process with the phone, but it’s still limited to the phone. Ideally, something will come to exist where the device used for possession is the one you’re already shopping on. Perhaps an argument can be made for an Apple Watch app at this point. 
if you can find a Barclays ATM, you can generate the code there instead of trying to get into a branch
There are no Barclays ATMs on the island unfortunately.
Can still access my account via safari though without the need of a PINsentry, so I’m not entirely locked out per se!
Thank you, though!
Long shot, but if there’s a Nationwide near you they tend have stock of the card readers. When I needed a new one they didn’t check I was an account holder and just gave me one.
Curious if another bank’s reader would actually work with another bank?! 
We have RBS, Bank of Scotland, and TSB branches here, though all except Bank of Scotland are rumoured to be closing! May be worth popping into one of those to see if they have one that’s compatible!
Thank you!
Barclays and RBS are definitely compatable (same device different branding)
HSBC use a proprietary one