Launching 3D Secure!

I was bigging Monzo up at work and was showing how impressive the 3D secure was with a ‘live demonstration’ as I was using my card to top up my lunch pass.

However one of my colleagues made a fair point and I don’t know the answer to. If I was using my card and I didn’t have my phone on me, how would I get around the 3D secure part?

4 Likes

Agreed - this is how it should work!

I’ve paid amex twice in the past week and in app auth was available for both. So unless it’s happened very recently?

It wouldn’t be authorised, a phone is required every time.

How often is an internet transaction going to be made without your phone nearby though? A card present transaction I can imagine is fairlyyyy likely, but an internet transaction less so.

3 Likes

Ahh I totally agree. My colleague was just wanting to fully understand how it all worked and it wasn’t an answer I knew for absolute definite :blush:

1 Like

I read the following as “in app auth won’t work on these”.

But I may be wrong, and I may not fully understand what @rika means by “defaulting to SMS”.

When I paid with off my amex 2 days ago, it went straight to SMS.

It looks like amex were using a few different merchant accounts, and some were defaulting to SMS. Appears fixed now (as of yday) so hopefully next time you pay you’ll get the in app flow.

Interesting… I read that as they were forcing the amex merchants that weren’t already on the list… on to the SMS default list (because the in app flow wasn’t working for some people).

1 Like

I think you’re right actually, rereading it sounds like they’re moved to the sms default list. Hmm :thinking:

@Rika could you clarify if amex is sms only now?

Edit: Also, Rika, if Amex is now sms only, why is that? I had the in app flow working fine before. When leaving and reentering the amex app, you’re placed at the previous screen and the Monzo 3DS frame refreshes immediately with success status.

1 Like

I actually find the SMS easier in iOS12, as it gives you an autofill from the SMS.

5 Likes

This is a feaure of iOS12 I’m absolutely loving!

3 Likes

You’re the only person I’ve seen on the forum say that. Everyone else has said that the in-app flow always breaks on leaving the Amex app because reentering it starts from scratch again rather than picking up where the transaction left off.

While I don’t have Amex myself so can’t speak from personal experience in this case, I can say that all of my non-Monzo banking apps work in this way - leaving the app means having to reauthorise and start again.

I’m curious about what’s different about your app that means you’re not having these problems.

Until I can work out why it works for some people but not others, yes.

I received several reports that it only worked with SMS through support. I haven’t yet been able to pin down why in-app authentication works for most people but not others with Amex.

3 Likes

Is it possible to change the flow so if a transaction is attempted for merchant X for Y amount, the user approves it via in-app but you then don’t get confirmation from the merchant it has completed (or you can tell that the iframe stopped refreshing/no user interaction on it) and within Z minutes the same merchant for the same user hits for the same amount it is automatically approved but flagged as a ‘potential problematic site’ for future investigation? (More than P users encounter the issue and it automatically defaults to SMS auth).

1 Like

Cool, thank you!

Maybe so, but does that mean I’m the only one to have it work successfully? I highly doubt it. It appears from Rika’s comment that most actually work successfully, anyway. Not just me:

How have you managed to come to the conclusion my app must be different? And how would I know such a thing?

1 Like

We have a bunch of metrics that we’re tracking to help with this. There isn’t an automatic way (yet) as we don’t want to have a situation where fraudsters are able to skip the flow by purposefully failing to complete the authorisation. :policewoman:

6 Likes

Another post from me :innocent: lol

I think it is a really good idea and love how you have brought it out, but here is a scenario where it would not work…

  • I login to Barclaycard/Amex/any other credit card app to pay a bill by my Monzo Debit Card
  • I get the notification through Monzo to authorise the purchase
  • When I tap the notification, it logs me out of the credit card app to the Monzo app, and I tap ‘Authorise’
  • When I go back to the credit card app, it has lost everything I have done and I have to re-do it, but it will not stay on that page as I have to login…

Anyone else have this?? :face_with_head_bandage:

I was thinking, for those devices that have 3D Touch on iOS, pressing on the notification to see the options of ‘Decline’ / Authorise’ would solve this issue - acting/pressing on a notification does not close the open application on iOS - for those devices that do not have 3D touch, pulling down on the notification would also show these options. The same goes for the Android devices.

What we thinking? :exploding_head:

4 Likes

This issue has been pointed out a number of times. At the moment Monzo are making 3D secure for stuff like Barclaycard/Amex/any other credit card app default to the text-a-code method.

These things are the best long term solutions though:

They would also greatly improve the UX when making any 3D secure payment on your phone.

2 Likes

The way 3D secure has been built is brilliant, so much easier to just authorise the payment from the app rather than having to remember a password or be text pin codes etc :clap::clap:

2 Likes