I don’t currently have a full account as I don’t have £100 spare to deposit. However I don’t believe this is an existing feature, and it would make me feel more secure online.
A lot of banks offer security where you have to put in your “3rd, 4th and 6th” letters of your password, this can be time-consuming as you have to sit there and work out what it is, or if you have a friend making a payment on your behalf you don’t want to be giving out letters of your password. How about a section on the application called “Mondo vCode” (Mondo Verification Code) which will change every 10 seconds and generate a new code. Each vCode which will consist of FIVE characters. EG: “HK48D” And when you purchase something online there will be a page with the mondo logo (Verification Page) and “Please enter your vCode now”. This allows for security and also means that someone can’t make a payment for you on your behalf if they don’t have access to your Mondo account.
If this doesn’t feel secure enough as some people may have phones stolen, perhaps an option to switch, and decide what verification you would like to use. Password, vCode, or any other verification there may be.
Perhaps another idea would be a button to confirm the payment, so after you enter your card information, it links your card to your account, you can go onto the application and press “Confirm Payment” or “Decline Payment” however I feel this is less secure.
Or you could just pop up a notification in the App, and click on Approve or Deny…
Now that the app includes TouchID for P2P payments, there would be little difficulty with having touch ID to access requests to approve (or deny) requests for Verified by Visa, or Secured by MasterCard transaction.
That was my other idea, with the approve or deny, it deppends on user preference and security. Which is why I think there should be the option for each user to choose what type of verification they would like to use, a Verification Code, or Accept,Deny buttons, etc…
Also, lets please not invent yet another term for 3D Secure. Please just call it 3D Secure
I imagine MasterCard rules likely mandate referring to it as MasterCard SecureCode anyway though, as that’s their brand name for their implementation of 3DS.
I didn’t know there was a name for it haha! My bad, haha! However the existing systems use verification using a password, however I thoguth it would be more useful to use a code, or QR, or Allow button etc
From the discussions which have happened so far, I think it is extremely likely that it will simply show a holding page, your phone will get a push notification, and you’ll simply swipe left on it and hit “Approve”.
An in-app approve or deny payment feature is one of the things I’m most looking forward to building. I hope we can implement 3D secure in that way but I’m not sure.
In theory we could even settle payments between a merchant with a Mondo account and a Mondo user outside of the card networks which should reduce the price of … well, everything … by about 1% and combat fraud more effectively. The user would enter their email address / mondo user ID / some identifier on the merchant page, then the merchant would make an API request to us, we’d send a push notification to the user, the user would confirm with their thumbprint, we’d send an API request back to the merchant and they’d complete the checkout process.
Of course that only works once we have enough users to make this worthwhile for merchants so we’re focusing on that for the moment
Sounds a bit like a slicker version of ‘ideal’ (based in the netherlands). They have a huge market share over there. Not sure why it hasn’t taken off over here.
Some French banks have being trying out this tech that changes the security code on the back of the card every hour. So even if someone gets your details, they are out of date. I wonder what this does to the cost of producing the cards and whether it would make them too expensive for a startup bank
This type of card has a CCV that changes, there have also been experiments with cards that include a similar panel on the back for generating 2FA codes for accessing internet banking
Settling outside of the card networks is something that will be coming with PSD2 compliance wont it? (I believe XS2A allows for banks to directly transfer money to merchants instead of via card networks)
However I don’t believe this is an existing feature, and it would make me feel more secure online.
