Labs Feedback: 3DS 🔓


#280

Oh, I don’t want a physical card generator, I’m thinking about solutions for accessibility. I’d prefer multi-device support, even if through a browser extension.


(Colin Robinson) #281

@jaisullivan Erm, you’re trying for £10 but you’ve only got a balance of £9.80?


(Jai Sullivan) #282

That’s the balance in my National Lottery account, I wanted to add an additional £10 to my overall balance.


(Colin Robinson) #283

Ah, confusing to one who doesn’t use the Lottery :wink:
Makes sense now you’ve explained it!


#284

It would be cool if the 3D secure screen displayed the balance in your account though (if this can be done securely).


(Michael) #285

I’d rather not …


(Hugh Wells) #286

What’s the use case? :wink:


(Tom Almond) #287

I’m not sure how this could be an issue?

The implication being that the person who’s stolen my number would receive a message asking to verify my purchase? In which case, what could they do with that?

The only instance I could see it being an issue is if they not only were receiving the messages but also had the users unlocked phone/bank details and were able to initiate a payment, to be able to verify it?


#288

For the text approval method

You’d know if you have enough money to make the transaction and so wouldn’t have to open the Monzo app (or even your phone, if it shows texts without being unlocked) to check the balance before typing in the code to approve the transaction if you have enough money.

For the in-app approval method

Assuming that selecting the 3D notification from your phone takes you straight to this (I’m on Android, so not sure it does but this flow makes the most sense to me):

it saves you having to click ‘Back’ to check your account balance before selecting the feed item again to approve it.

Basically, I think it would reduce the chance of you trying to approve a transaction you don’t have the funds for by reducing friction in checking you have enough money in your account.

NB: I know that people should make sure they have enough money in their main account before trying to make any purchase, but sometimes people forget.


(Chris Rimell) #289

I’m not sure I would not want my balance. I tend to know what’s in my account and if I’m making a purchase then I know I’ve got the funds (or indeed overdraft) to make it. If I wasn’t sure, I’d check. Not saying it might not be helpful but wouldn’t be the way I’d use the app/manage my finances


(Rika Raybould) #290

In general, we’d like to show the least amount of account information in the 3D Secure flow as possible. Just things about the transaction and that are already known to anybody going through it. Otherwise it would be trivial for somebody who had your card details to then turn that into a larger breach via. us. :grimacing:


((╯°□°)╯︵ ┻━┻) #291

People have mentioned that they’ve used the national lottery website because you can then withdraw the funds again.


(Antoine A.) #292

Can you rely on IP address and/or location to automatise some of these authorisations? Meaning if you purchase something from your device or a device around your device, it’s automatically validated.

For example the popup is browsed from the same WiFi connection than the one of the app when authorising (IP adress).
Or the popup accesses the app through local page shared over local WiFi.
Or the popup and app use location based security (browser geoloc), and is valid if they are at the same place.
Or use Web Bluetooth API (still in draft) to communicate between the popup and your device.

Such smart tricks would ease a painful process, even though the design of your popup is a tad better than usual ones.


(Jai Sullivan) #293

Just tried on my Mac and went through with no issues — really nice set up! :smiley: Is there a reason why a PIN is required in-app to approve rather than Face/Touch ID etc?


(Jack) #294

When I clicked on the notification it took me to my feed first, I then had to click on the item in the feed to bring up what you’ve shared above.

Encountered it twice today unexpectedly :slight_smile:


(Jeff) #295

I approved a payment earlier today and Face ID verified me. Might be worth toggling said settting off and back on perhaps?


(Jai Sullivan) #296

Just checked my settings and it was toggled off. Must have defaulted back earlier once I reset my Monzo session in iOS settings. All good now!


(Jason Smith) #297

Apologies if this has already been mentioned as I’ve not had chance to look over the entire thread but when this is enabled, does it enable for joint accounts as well or personal only?


(Rika Raybould) #298

It will enable it for you on all accounts. Meaning you’ll see it on your joint account but not the other person until they enable it too. :slightly_smiling_face:


(Jason Smith) #299

Thanks @Rika :slightly_smiling_face: Feature request to allow you to approve via a 3D Touch on the notification? That way you can quickly approve (once the device is unlocked so still secure) on the lock screen but also Apple Watch for those that have them?