Mastercard 3D Secure is really irritating

Why is Mastercard 3D secure so inconsistent in when it’s applied? How can I turn it off or stop it from coming up on sites I frequent regularly?

It’s really frustrating having to use it on frequently used websites I go on (Deliveroo, train tickets, some other regular shops I use etc.) which I must use 10-20 or so times a week. I’m not glued to my phone all the time, it’s often on charge, in my bag or not always immediately near me when I’m making purchases.

Has also caught me out on a couple of occasions when I’ve gone out only with my secondary phone. I know I’m probably in the minority who own two phones, but I don’t take my primary phone out all the time as it has a lot of personal information stored on it, loads of 2FA apps etc that are a pain to re-set up and when I’m out I don’t really want access to e-mails, messengers, social media, etc…

So there’s been a couple of times when I’ve tried to order food at a pub or restaurant on their website/app and been prompted… only to remember that the sodding app is on my primary phone… and then having to faff about downloading the app, downloading e-mail app, logging into my e-mails to login to the app with…

I’d be OK with it if I felt like it was actually helpful - but I don’t feel it is - the other day it didn’t come up on a new website I’ve never visited before for what to me is an unusually large purchase? So… what’s the point if it’s only going to annoy me on places I visit frequently and not unusual purchases?

The ones doing it are the ones who are doing as they should. Eventually the rest will catch up.

I understand why it’s done but the whole thing is incredibly annoying.


Unfortunately 2FA/SCA cannot be disabled when shopping at retailers as its enforced by the FCA.

You will eventually start seeing all retailers adopt it as Revels said above :smile:


That’ll need to change. It happens with other banks, too.


Sounds like me… Deliveroo 10-20 times a week.

It’s not possible to disable, and as replicated by other comments it’s a step banks need to take as ordered by the FCA.

It’s to protect your money at the end of the day.

To counter this, always pay in person with the physical card. I’ve never been asked once at the till in any place.




It was sarcasm. But not far off the truth. Easier for shopping :joy:

Apple Pay and PayPal avoid it too.

The good thing to come out of this. Apple Pay adoption is starting to boom online!

Some banks and PayPal still let me use SMS for 3DS which I prefer too as these get sent to all my devices and don’t need to have my phone. Monzo being an early adopter of the new rules mean they lose out on a transaction I otherwise would have made with them.

This is going to make iPad and Mac apps a requirement for me going forward. Even if it’s a tiny effort 10 minute port job. Better than nothing if I need the app to authenticate.


Hopefully this will push Monzo to make it so you can have the app on two devices/iPad.

I normally have my phone nearby but if I don’t it’ll be the IPad. Being able to do it on that would be ace


Revolut added an option for trusted retailers and also my new day credit card did as well so you can approve retailers that use commonly use

1 Like

Amex were first to do it; and last time I suggested others should adopt it too, I was told it’s a silly idea.

I think it’s the future as the current rules are a pain in the ass for no benefit because customers get refunded for everything even if they blatantly ignore the thousand warnings one has to click through these days


Yet some banks let you safelist merchants. Are Amex breaking the rules? If not, will Monzo introduce safe lists?


What happens if you whitelist a merchant and then you’re frauded at that merchant?


Nothing, because that isn’t a word :joy:


Yes, and also an Apple Watch app to be able to approve from your unlocked Watch if you have not taken your phone out with you.

Microsoft Authenticator, for example, allows you to approve logins directly on your watch straight from the notification.

American Express also allow you to do this and, as @ndrw said, were actually first to do so.

I am not quite sure how it would affect refund eligibility if genuine fraud occurred. Would the bank try to say it was your fault (you’d “been negligent”) by trusting a retailer?

1 Like

I doubt that’d wash anywhere. They’d have a hard time saying that using a feature they’ve built in to the app themselves is ‘grossly negligent’ on the users part.

1 Like

Yes, I imagine they would if you escalated it into a complaint, but at least initially they may try to fob you off?

3D Secure creates a liability shift from the retailer to the bank and this feature effectively auto-approves a transaction at the bank side with no intervention, so the retailer has done their bit, 3D Secure wise, by triggering the check in the first place. Therefore the burden of fraud would be with the bank, or the customer potentially if they failed to notice the transaction and query it. In that scenario, it’s easy to see why most banks don’t want to implement the feature as it would open them up to greater potential for losses for basically no benefit to the bank.

Customers might not like it, but every bank uses 3D Secure so they aren’t going to switch over this anyway - I would think.

I use Google pay online, and it doesn’t trigger security checks.

If you have secure hardware, it allows one to shop safer via Google pay & Apple pay where supported.

1 Like

We use an authenticator at work to get into systems and honestly the ability to approve a notification from my watch is a game changer. Would love for Monzo to offer similar


I haven’t been on this forums for ages, but the way Monzo handles 3d secure transactions is really frustrating. I wish Monzo added the approve button as a rich notification.

SMS codes were great, they integrated really well with Safari and the iOS keyboard, but they seem to be no more. Some applications kill the session if you go off them and you end up having to use a different card. Amex do it really well, they have trusted list, and they still send you a text message code.

I get that merchants decide on when to use 3d secure, but why can’t Monzo give us a choice on how to handle it on the other end?