Oh, I don’t want a physical card generator, I’m thinking about solutions for accessibility. I’d prefer multi-device support, even if through a browser extension.
@jaisullivan Erm, you’re trying for £10 but you’ve only got a balance of £9.80?
That’s the balance in my National Lottery account, I wanted to add an additional £10 to my overall balance.
Ah, confusing to one who doesn’t use the Lottery
Makes sense now you’ve explained it!
It would be cool if the 3D secure screen displayed the balance in your account though (if this can be done securely).
I’d rather not …
What’s the use case?
I’m not sure how this could be an issue?
The implication being that the person who’s stolen my number would receive a message asking to verify my purchase? In which case, what could they do with that?
The only instance I could see it being an issue is if they not only were receiving the messages but also had the users unlocked phone/bank details and were able to initiate a payment, to be able to verify it?
For the text approval method
You’d know if you have enough money to make the transaction and so wouldn’t have to open the Monzo app (or even your phone, if it shows texts without being unlocked) to check the balance before typing in the code to approve the transaction if you have enough money.
For the in-app approval method
Assuming that selecting the 3D notification from your phone takes you straight to this (I’m on Android, so not sure it does but this flow makes the most sense to me):
it saves you having to click ‘Back’ to check your account balance before selecting the feed item again to approve it.
Basically, I think it would reduce the chance of you trying to approve a transaction you don’t have the funds for by reducing friction in checking you have enough money in your account.
NB: I know that people should make sure they have enough money in their main account before trying to make any purchase, but sometimes people forget.
I’m not sure I would not want my balance. I tend to know what’s in my account and if I’m making a purchase then I know I’ve got the funds (or indeed overdraft) to make it. If I wasn’t sure, I’d check. Not saying it might not be helpful but wouldn’t be the way I’d use the app/manage my finances
In general, we’d like to show the least amount of account information in the 3D Secure flow as possible. Just things about the transaction and that are already known to anybody going through it. Otherwise it would be trivial for somebody who had your card details to then turn that into a larger breach via. us.
People have mentioned that they’ve used the national lottery website because you can then withdraw the funds again.
Can you rely on IP address and/or location to automatise some of these authorisations? Meaning if you purchase something from your device or a device around your device, it’s automatically validated.
For example the popup is browsed from the same WiFi connection than the one of the app when authorising (IP adress).
Or the popup accesses the app through local page shared over local WiFi.
Or the popup and app use location based security (browser geoloc), and is valid if they are at the same place.
Or use Web Bluetooth API (still in draft) to communicate between the popup and your device.
Such smart tricks would ease a painful process, even though the design of your popup is a tad better than usual ones.
Just tried on my Mac and went through with no issues — really nice set up! Is there a reason why a PIN is required in-app to approve rather than Face/Touch ID etc?
When I clicked on the notification it took me to my feed first, I then had to click on the item in the feed to bring up what you’ve shared above.
Encountered it twice today unexpectedly
I approved a payment earlier today and Face ID verified me. Might be worth toggling said settting off and back on perhaps?
Just checked my settings and it was toggled off. Must have defaulted back earlier once I reset my Monzo session in iOS settings. All good now!
Apologies if this has already been mentioned as I’ve not had chance to look over the entire thread but when this is enabled, does it enable for joint accounts as well or personal only?
It will enable it for you on all accounts. Meaning you’ll see it on your joint account but not the other person until they enable it too.