Prevent frauds rather than dealing with consequences after they happen.
When the card is being used, rather than just sending a notification about the fact, require a user to confirm that in the app.
That would probably have a time limit - when not approved in timely manner the transaction would fail.
What can be build on top of it
After the transaction failed because of timeout, it can be still approved - the next transaction for the same merchant for the same amount wouldn’t require approval again (probably with some time limit - 30m, 1h, 24h?)
White list - approval never required for merchants chosen by the user (just click on the transaction and add to the white list)
White list with limits - set a maximum amount for a white listed merchant, if exceeded the approval will be required
Opt-in/out - possibility to enable/disable this feature, when enabled that would effectively be a safe mode, drastically reducing a chance of fraudulent transactions
Automatic pattern analysis and recognition - even when disabled, you could still require authorisation from the user for suspicious transactions (based e.g. on location, amount, previous usage etc.)
The problem is that when you / someone else presents your card to a card terminal (contactless or chip and pin), Monzo only has a few hundred milliseconds to decide whether to accept or decline a transaction. So this would only work for online transactions, which Monzo is planning on implementing via 3D Secure (which is on the near-term roadmap).
I admit I don’t know technical details behind payments, but are you sure it’s only a few hundred milliseconds? I have sometimes seen “authorising” on the terminals for 5-10 seconds, which would be enough to approve it in the app.
The card terminals need to connect to their acquirer, who then have to connect to the buyer’s card network (Visa/MasterCard/Amex), who then forward the authorisation request to the buyer’s bank (in our case, Monzo).
I remember seeing this “a few hundred milliseconds” figure being posted somewhere by a member of staff somewhere here. I’m sure @HughWells can give more info.
Approval before the transaction and nothing afterwards VS defrosting the card before and freezing it after
Other (fraudulent) transactions could go through in this short window of time - selecting rejected transaction to allow it next time would prevent that
This approach will not work with automatic payments that could happen at any day and time (e.g. TfL’s Oyster auto top-up)
White list could practically eliminate need for approvals depending on the use case - I can only speak for myself, but I have a bunch of online services which I use regularly and a couple of places where I go for lunch. That’s about 20-30 items on the white list that would completely eliminate the need for approving transactions for me, with the exception of when I am on holidays.
I have never had a fraudulent transaction on any of my cards. It’s such a tiny percentage that I’m not sure there’s a need. If it does happen Monzo refund within an hour.
What happens if you have no data/signal/battery and want to buy something you happen to see on sale?
No it’s not. Even if you only have that problem 1% of the time (which is optimistic) you have a real problem when you do.
I appreciate the fact that you have good intentions here but it seems like you haven’t really thought this through. As you’ve mentioned, issuers have an incentive to reduce fraud so if this was a good idea, it would have been done already, it’s not hard to implement.
And what about that 1% of times when the merchant has problems with their terminal or connection is down and you cannot pay with card at all? Or what about stalls on the food market which often accept cash only? Should we all give up our cards and go back to cash only, because in 1% of cases you cannot use your card anyway?
This is an old blog post, but shows the different stages of a transaction:
My memory from previous discussions on this forum is that the 200ms requirement comes from the card network (Mastercard in this case). I assume this is so that transactions don’t take too long end-to-end.
Often the long time you see the card machine ‘authorising’ for is because that initial connection from the shop to the acquirer takes a while. Some shops still use dial-up modems for this.