That’s not always the case. In my experience about 90% of my amex transactions are simply approved without any action by me. For the rest they send OTP by text and/or email.
I find im asked for OTPs much more frequently for Amex than with my Mastercard credit card, which almost always goes through without any action on my part (its so incredibly rare for them to require interaction that I don’t even remember how they do it)
3DS?
Oh nice spot! Did it ask you to do anything or just go straight through?
It was making an Amex payment, which always asks for 3DS and seems to bypass it anyway, so I’m not sure if it’s actually doing anything yet - but I’ve noticed this the last couple of times I’ve done it.
Interesting that it’s branded with MasterCard ID check which was an upgrade to 3D by MasterCard a couple of years ago. I believe it was meant to involve authentication via an app by selfie or via SMS OTP
I guess this is what’s been implemented then. Looks rather seamless, didn’t they say that they would support version 2.0 Mastercard ID (which is possibly shown here) but fallback to version 1.0 was also required.
Yeah that’s what was said on another thread so great to see it in action! I’m forever resetting my 3D secure password!
I think there will be that next level Auth added in, oh I love it when someone spots these new additions being sneaked in !
My 3d secure password is my most reset password ever! Running out of ideas for new ones!
I honestly can’t remeber the last time I used any of the card network verification systems. It always flashes up then let’s me through 
. Still looking forward to it though.
It depends on card and bank, capital one ask me everytime!
That certainly looks like a page I built.
Just to put it out there, be aware that while we’re still somewhat in the latter stages of development, the user interface is going to change quite a bit.
@rika good to see 3DS being implemented even if it hasn’t been finished yet.
Another 
off the big list 
Didn’t @rika say that version 2.0 would come later and that the MVP would be 1.0 only? (I might be misremembering, though!)
I honestly can’t remeber the last time I used any of the card network verification systems. It always flashes up then let’s me through
I think this is actually a feature. Authorisation can, I think, be done without actually asking the user to input anything. Nationwide seems to be hot on this option… (in this sense, although you’re not “using” it, you are using it, if that makes any sense at all!)
I have a feeling we’re getting confused between MasterCard’s Secure3D versions and Monzos implementation of authorising them.
Secure3D Version 2.0: https://www.gpayments.com/about/3d-secure-2.0/
I think Monzo are referring to version 1 of the Secure3D not being authenticted/authorised (?) through in app prompt as they have to implement a fallback first (password, SMS etc). Version 2 being in-app.
Unless they are the same thing. 
Erm, I think we’re violently agreeing!
My understanding is that there are two versions of the 3D Secure standard: 1.0 and 2.0. I think that Monzo originally wanted to go straight to version 2.0 because that has all the good things. But I think someone from Monzo (Rika?) said that you can’t implement 2.0 without also doing 1.0.
So… I think Monzo’s release is likely to be 1.0 only to start with, moving to support 2.0 over time.
Let’s try and invoke Rika during working hours. She’ll know! 
Is it actually doing anything yet, and if so, what? Browser fingerprinting? Or is it supposed to ask for some credentials or an OTP from the app?
Unfortunately, I can’t go into detail about the variety of methods we’re using to make that decision but it may ask for in-app approval (with an SMS OTP fallback).
As for the 3D Secure 1.0 verses 2.0. The details of this shouldn’t matter too much but we’re implementing in-app approvals on top of 3D Secure 1.0 using a custom challenge type. This is one of the benefits we get from building our own implementation from the ground up. The actual authentication method doesn’t matter to the merchant once you’ve been redirected to our service that handles the verification.
Having said that, 3D Secure 2.0 does greatly improve the way that we can perform in-app approvals.
I suppose it’s easy enough to check for anything going on on the client-side regarding that (à la BioCatch). Though if it was me, I’d be doing the bulk of checks on the server-side. IP checks inc. geolocation would probably be a quick win. Try it over Tor and see if you get an in-app prompt? 
