I was bigging Monzo up at work and was showing how impressive the 3D secure was with a ‘live demonstration’ as I was using my card to top up my lunch pass.
However one of my colleagues made a fair point and I don’t know the answer to. If I was using my card and I didn’t have my phone on me, how would I get around the 3D secure part?
It wouldn’t be authorised, a phone is required every time.
How often is an internet transaction going to be made without your phone nearby though? A card present transaction I can imagine is fairlyyyy likely, but an internet transaction less so.
It looks like amex were using a few different merchant accounts, and some were defaulting to SMS. Appears fixed now (as of yday) so hopefully next time you pay you’ll get the in app flow.
Interesting… I read that as they were forcing the amex merchants that weren’t already on the list… on to the SMS default list (because the in app flow wasn’t working for some people).
Edit: Also, Rika, if Amex is now sms only, why is that? I had the in app flow working fine before. When leaving and reentering the amex app, you’re placed at the previous screen and the Monzo 3DS frame refreshes immediately with success status.
You’re the only person I’ve seen on the forum say that. Everyone else has said that the in-app flow always breaks on leaving the Amex app because reentering it starts from scratch again rather than picking up where the transaction left off.
While I don’t have Amex myself so can’t speak from personal experience in this case, I can say that all of my non-Monzo banking apps work in this way - leaving the app means having to reauthorise and start again.
I’m curious about what’s different about your app that means you’re not having these problems.
Until I can work out why it works for some people but not others, yes.
I received several reports that it only worked with SMS through support. I haven’t yet been able to pin down why in-app authentication works for most people but not others with Amex.
Is it possible to change the flow so if a transaction is attempted for merchant X for Y amount, the user approves it via in-app but you then don’t get confirmation from the merchant it has completed (or you can tell that the iframe stopped refreshing/no user interaction on it) and within Z minutes the same merchant for the same user hits for the same amount it is automatically approved but flagged as a ‘potential problematic site’ for future investigation? (More than P users encounter the issue and it automatically defaults to SMS auth).
Maybe so, but does that mean I’m the only one to have it work successfully? I highly doubt it. It appears from Rika’s comment that most actually work successfully, anyway. Not just me:
How have you managed to come to the conclusion my app must be different? And how would I know such a thing?
We have a bunch of metrics that we’re tracking to help with this. There isn’t an automatic way (yet) as we don’t want to have a situation where fraudsters are able to skip the flow by purposefully failing to complete the authorisation.
I think it is a really good idea and love how you have brought it out, but here is a scenario where it would not work…
I login to Barclaycard/Amex/any other credit card app to pay a bill by my Monzo Debit Card
I get the notification through Monzo to authorise the purchase
When I tap the notification, it logs me out of the credit card app to the Monzo app, and I tap ‘Authorise’
When I go back to the credit card app, it has lost everything I have done and I have to re-do it, but it will not stay on that page as I have to login…
Anyone else have this??
I was thinking, for those devices that have 3D Touch on iOS, pressing on the notification to see the options of ‘Decline’ / Authorise’ would solve this issue - acting/pressing on a notification does not close the open application on iOS - for those devices that do not have 3D touch, pulling down on the notification would also show these options. The same goes for the Android devices.
This issue has been pointed out a number of times. At the moment Monzo are making 3D secure for stuff like Barclaycard/Amex/any other credit card app default to the text-a-code method.
These things are the best long term solutions though:
They would also greatly improve the UX when making any 3D secure payment on your phone.
The way 3D secure has been built is brilliant, so much easier to just authorise the payment from the app rather than having to remember a password or be text pin codes etc