We get about 1 second to reply to a transaction request, that’s not enough time for us to send a push notification, have someone pull their phone out their pocket and do biometric authentication.
The EBA require us to tie an authentication to the actual card payment. So in theory if you knew the merchant and amount ahead of time, you could do FaceID in the app and we could then approve that payment. But at that point, you might as well do Chip & PIN.
We are looking at doing something similar to this for payments where we you’ve hit the limits, but the terminal doesn’t support PIN entry at all (e.g. some Selecta vending machines). But it won’t be a good experience, because we would have to decline the first transaction, let you approve a future identical transaction in app, and then make you tap your card again.
Unfortunately our hands are tied on a lot of this stuff, we’ve worked really hard to minimise the impact, but there really isn’t much wiggle room for us.
The time to push back was about 5 years ago, when this law was being written. Monzo didn’t even exist then. The other banks have pushed back a bit, that’s why things like TfL are exempt, the original law would have treated them the same as any other transaction, leaving people stranded unable to pay to transport.
The law on the whole is quite well though out, and I do think it will have good impact on reducing fraud. But between the time it was written, and now, quite a lot of stuff has moved on and the law hasn’t quite kept up. I’m sure we’ll see some interesting new approaches to keeping peoples money safe appearing over the next few years.