Merchant Whitelisting or Risk Based Authentication Suggestion


I’m becoming increasing frustrated by Monzo’s lack of Risk Based Authentication (RBA) capabiliites and would like to understand if there are any plans to improve them. I’ve searched through the forum topics and cannot find one that covers this, so if you are already working ok this and I’ve missed it, I apologise in advance.

I use Monzo as my main bank account and regularly shop at the same places online, using the same devices and same IP addresses, but every time I purchase something, I am asked to confirm this with my thumbprint. Most other banks have adopoted RBA as part of their authorisation process, so repeat purchases from the same place with the same attributes do not require additonal verification - why has Monzo not yet invested in this?

If RBA is too difficult to implement, then what about merchant whitelist functionality, which is allowed by the Strong Customer Authentication rules under PSD2? If I could whitelist the sites I shop at regularly and trust, then my payment experience would be more seamless and less inconvenient - if I don’t have my phone with me and can’t authenticate, the transaction won’t go through.

I understand that by adding this feature, you might be increasing your fraud risk level, but you need to balance this against usability and at the moment I feel you’ve got this configured far too strictly and it is making the payment process painful. It might even be something that helps set Monzo apart from the other neobanks, so it feels like something you should be considering.



Revolut (not a bank) and AMEX do this. Who else?

Nationwide did it for me once when I was having particular problems with one merchant.

1 Like