Used the 3D secure last night to validate my card in Tesco Pay+ Worked a dream
This is because verify.monzo.com has a sensible CSP, combined with:
If you repeatedly click the ‘I’ve already approved this’ link, on the third or fourth click you’ll be taken to a 404 page, with a link to return to the Monzo site.
Don’t repeatedly click it.
Thanks for the report though, @Liam_W! I think I know why that is and will take a look on Monday.
That’s exactly it. Should be fixed now!
I don’t have an option. To choose between APP or SMS, so it has derailed to SMS. However, I’m not recieving them, so can’t complete any of the orders.
I have to turn it off, re-do the order, then put it back on after. So currently best to have it off. However I’d rather keep trying to test it
Well… 3D secure worked so poorly on JohnLewis that I had to disable it just to get a transaction to go through!
So I headed to johnlewis.com, found what I needed to buy and added it to my basket. A value of £150.
I checked out and logged in, put my card details in and was met by 3D secure (awesome! Or so I thought…) the notification popped up on my phone (Android 9.0 / Monzo 2.11.2) I hit accept and boom it turned into a checkmark on the site and I thought everything was OK! However instead of taking the money out of my account, this is where it gets fun, inside the embedded window for 3D secure the johnlewis page loaded… the full page! I was in my basket again (not the checkout) and the only option I had was “proceed to checkout”. So I hit that and nothing happened. I refreshed the page, 3D secure had a tick again and the same thing happened.
I tried on my desktop at that point and after 3D secure gets approved but goes to a grey redirect screen after, trying to point at “johnlewis.something.something”
I went back to my phone and disabled 3D secure in labs, went to the mobile site and it worked perfectly with no 3D secure.
Very amazing experience of getting a notification and seeing how lightning fast it was! But sadly it failed to work 100% right
I didn’t get a screenshot of the useful bits sadly!! But here’s what I do have:
If you imagine the whole johnlewis mobile site crammed into the Monzo 3D secure rectangle there… that’s what it was and I couldn’t proceed. Happened twice on my phone and failed entirely on my desktop.
Happy to answer and Q’s on this to help get it resolved before 3Ds moves out of labs!
Seems like an issue on John Lewis’s side more than Monzo - they are passing the wrong redirect URL when attempting 3DS, so when Monzo finishes it redirects to that wrong URL which happens to be John Lewis’ home page.
I agree, I definitely don’t want to blame Mozno Just figured I should report it here nevertheless
The flow for Monzo’s side of things was pretty damn slick, but once the redirect happened (it broke on the PC) it went very wonky. Yet I’m sure John Lewis must play nicely with other bank’s 3D secure implementations So perhaps it’s a combination of the 2 not playing nicely!
No idea, hoping that Monzo will weigh in and know what’s going on
Looks partially fixed for the Monzo logo, Rika - but https://verify.monzo.com/3ds/mastercard_logo.svg is still troublesome and shows up as a black rectangle
That one is going to take a little more work. I’m going to have to check if we are even allowed to modify that file.
As for John Lewis, we’ll take a look into it from Monday as I’ve got some things to buy from there.
Just did a 3DS transaction with MyHermes (shipping provider) and it worked perfectly using the in-app approval. Kudos to Monzo!
I would also like the ability to allow transactions from notifications on Android. I know you said it’s difficult on iOS. Any different on Android?
Probably. I don’t believe Android imposes the same security restrictions on stored secure data as iOS. But then iOS notification actions aren’t exactly burdensome to implement either, so I don’t know what difficult is classed as time wise.
Paid my credit card (MBNA) with Android using a push notification and it worked well. Great job!
One minor piece of feedback: could the push notification take to you the approval screen directly, rather than than the home screen?
I like that you approve it in the app as opposed to having to remember passwords, looks better & a lot more efficient.
This is something I forgot I wanted to mention too. It just makes sense, unless there is a reason for it to not work that way?
A lot of notifications do this for me as of late. A bit of improvement here would be nice.
On Android I click the notification and then I have to do a further tap to get to the approve screen… Annoying!
Can the app make use of Androids ability to put buttons on the notifications. Similar to getting a phone call when using an app…