Reducing the cost of debit card top-ups

( related to Monzo CEO, Investor in Monzo ) #312

I got it from the article below - :slight_smile: not sure anybody is going to admit to any of the security measures though otherwise they wouldn’t be security measures :slight_smile:
Im sure ( am I ??? :slight_smile: ) patterns would also come in to play where the legitimate user would normally on average make 2 or 3 contactless transactions in a day , to then present 10 or 15 would hopefully draw attention to unusual activity - need to ask for PIN to confirm legitimate usage ???

from the linked article -
“As a security measure, contactless cards demand that a user keys in his or her pin number after a certain number of payments or when a certain financial threshold is met. This is set by the card provider and varies from bank to bank. There is no time limit on the payments, so until it is reached the card can continue to be used.”


(Allie) #313

Note the date, that’s before the big push to online-first contactless. Though even then, some like Metro Bank would do the sensible thing and go online once the risk counters got hit instead of forcing insert.

Now, since almost everything goes online, there’s no sense in a simple transaction count counter. Banks see almost every transaction in real time and can make much more intelligent yes/no/insert decisions. If they want to force an insert, they respond with transaction response code 65.

Your example of a huge spike in a day is exactly what I meant. 20 transactions in an hour for someone that’s not normal for would be a great reason to send back response code 65 (force insert). 20 transactions over a month wouldn’t be.

Unlike in offline contactless, that distinction can now be made. Thus simple counters should be a thing of the past… should.

P.S. this also prevents the offline fraud the article is talking about. More convenient and more secure. A bit slower, tho.

1 Like

( related to Monzo CEO, Investor in Monzo ) #314

I think we are saying the same thing aren’t we ? - I just haven’t said “code 65” force insert for PIN - because I didn’t know what "code 65 " was :slight_smile:

“Im sure ( am I ??? :slight_smile: ) patterns would also come in to play where the legitimate user would normally on average make 2 or 3 contactless transactions in a day , to then present 10 or 15 would hopefully draw attention to unusual activity - need to ask for PIN to confirm legitimate usage ???”


(Allie) #315

Nope, because that article and your initial post was that there was a counter that allowed a maximum number of contactless attempts between PIN attempts.

That is how it used to be, but it’s simplistic. Today, in an online-first world, banks should be using real-time analytics. Hundreds of contactless transactions in a row, at a normal pace, should be fine. A dozen in twenty minutes, maybe not.

That’s the difference. There is no reason for a pre-determined maximum number or amount like there was when that article was written. It should depend on the situation.

1 Like

( related to Monzo CEO, Investor in Monzo ) #316

ah OK …:slight_smile: so now if you make an unusual number of transactions outside of “normal” usage a code 65 force insert PIN is triggered ???


(Allie) #317

It’s up to the bank, I’m describing best practice as I understand it from reading the EMV books and the Mastercard PayPass documentation. But yes, response code 65 (withdrawal count limit exceeded) can be used if a bank is suspicious, but wants to allow an insert (contact) transaction.

The terminal should then prompt ‘insert card’ or similar.

Whether this requires a PIN will depend on CVM processing, but in the UK with a UK-issued card generally would use offline PIN.

Not on reason code 65, but in general, some banks are much touchier than others. I’ve only had Monzo decline once and it was an Israeli Coke machine. Coke machines create awful authorisation messages. Other banks will decline for more minor issues, like those at Superdrug, or those at are common in countries like the US, or magstripe, or a host of other reasons.

Monzo seems to err generally more to approval than most banks I have experience with.


( related to Monzo CEO, Investor in Monzo ) #318

I think I understand now , as you say there is no particular count - if you make on average 2 contactless transactions a day for 7 weeks or however long you won’t require a code 65 as this is “normal usage” , if however your average is 2 a day and suddenly you attempt to make 20 contactless transactions in one day this will be flagged up by the banks analytics as potential fraud / card theft and will ask for a code 65


(Allie) #319

Basically, yes. Tho they’re not asking for a code 65. That’s the code they’re giving :slight_smile: Which should result in the terminal asking for a contact transaction if possible.

But yes, though obviously the exact numbers are up to the bank :slight_smile:

1 Like


could give, not will give

1 Like

(Harry) #321

Do all major banks now use online for contactless? I know all Amex contactless transactions are. I remember when the FinTech companies were the only ones!


(Allie) #322

We should probably have an online contactless thread. I’m not qualified to speak for all banks but it’s been at least a year since I’ve had an offline contactless transaction.

That said I do think the answer is still no. But getting close.

1 Like

(Dawn Trespass) #323

I have successfully done my first bank transfer and it was very painless. My card reader was 5 year old and low battery and took 2 attempts because I misread the partially displayed confirmation number. I think the payee is stored in my nationwide account now. I can’t believe I never did this before. Put all the money but a tenner in a pot. No more costing monzo. I’m going to get a new card reader but I think I can just pay from my nationwide app now happy days :slight_smile:


(Jolin) #324

Yes, that should work fine, it’s what I do. After the initial setup, no card reader is required, you can just go into the Nationwide app and make the transfer.


(Alex Sherwood) #325

It looks like a few of these emails have been sent out today, could someone please copy & paste the full text (not a screenshot) into this thread :pray:


Shared Pots
Paying in money
(Rodolfo Simoes) #326

Do us a favour, please?
We’ve noticed that you usually top up your Monzo account with a debit card.

Would you mind switching to topping up by bank transfer instead?

Bank transfers are much cheaper for us to handle than top ups, because we use a third-party platform who charge us for the privilege. Those charges make up half of our costs, which means less money to invest in new stuff you’ll really like. So switching to bank transfers will help make Monzo better.

Plus you’ll be able to see how much you have in your other account before you top up, which means no nasty surprises – like accidentally going overdrawn.
It only takes a couple of minutes to set up
You’ll first need to set Monzo up as a payee from your other bank. To find the details you need, go to add money as normal and tap ‘Bank transfer’.

Once you’re set up, you can load your card with just a few taps from your other bank, and you’ll get the money instantly. It’s just as quick as topping up with a debit card.


(Dan) #327

I don’t see why they don’t just scrap it… then people would have to use Bank Transfer?



Great read :+1:t3:


(Rodolfo Simoes) #329

Basically, because of commodity and speed to release funds to the account.

I understand the whole main account goal, however, in my opinion, (And I think it is fair to say that a lot of people do the same) the Top Up - using the card - is one of the main features of Monzo, hence the traction from the community to get it enabled on the CA.

I, personally, only migrated my card as soon as the Top Up feature was made live on the CA

But that’s just me :slight_smile:

EDIT: having said that I understand that potentially some changes will come into play and i fully support that - after all, if you have a business you will, ultimately, aim for even/profit. If at some point this becomes too much of a heavy burden then something needs to change - as they already did with the new customer 100 pounds top up max amount in 1 go.

Removing it would be shooting oneself in the foot, I reckon.



Interesting to note Monese have now added card top ups to their already long list of top up methods (faster payments, SEPA credit transfers, PayPoint and Post Office counters) however their maximum card top up amount is a hefty £1,500.00!



It is interesting to see how much it costs Monese to accept card topups…


Using an EEA Consumer Debit Card incurs a small fee of 0.35% (as opposed to topping up via cash deposit which incurs a 2.5% charge). Other international Consumer Debit Cards are also accepted (and will incur a 2.5% fee).

We anticipate this feature to broaden its scope in the future to include other methods of top-up such as WeChat, Paypal, Giropay and credit cards.