Reducing the cost of debit card top-ups

I tried freezing my card but it got to be a pain. Mainly impatient check out operators. Once I get used to pots I think it’s quicker

1 Like

as you say - if you keep it in a pot and feed it into your main feed as and when you need it that should work well

1 Like

That’s understandable, but if your card is stolen, it’ll be Monzo’s money the scamps will be spending.

4 Likes

“I’m paranoid someone will go on a 30 contact less spending spree”

that is the benefit of having instant notifications on your transaction feed , if its not your transaction you can freeze the card straight away and report it to Monzo

also there seems to be a limit on the number of consecutive contactless transactions before a pin is requested for payment , so 30 contactless transactions will never happen :slight_smile:

3 Likes

Really? With an online preferring card? I sure wouldn’t expect that. Possibly a transaction response code 65 if the pattern matched a spending spree, but not for usage within normal patterns.

I highly doubt Monzo has such a limit but if they do, that’s definitely not good. It’s just a bad way to think about security.

2 Likes

I didn’t take a picture of the ATM message but I’m sure it was one which is normally free. I’ll double check. However as it had declined (and this may be the case of successful withdrawals) there was a notification within the app, and perhaps the fee / costs are at the expense of Monzo and not so much me personally. Uploaded the screen shot of the Monzo message. image

I got it from the article below - :slight_smile: not sure anybody is going to admit to any of the security measures though otherwise they wouldn’t be security measures :slight_smile:
Im sure ( am I ??? :slight_smile: ) patterns would also come in to play where the legitimate user would normally on average make 2 or 3 contactless transactions in a day , to then present 10 or 15 would hopefully draw attention to unusual activity - need to ask for PIN to confirm legitimate usage ???

from the linked article -
“As a security measure, contactless cards demand that a user keys in his or her pin number after a certain number of payments or when a certain financial threshold is met. This is set by the card provider and varies from bank to bank. There is no time limit on the payments, so until it is reached the card can continue to be used.”

Note the date, that’s before the big push to online-first contactless. Though even then, some like Metro Bank would do the sensible thing and go online once the risk counters got hit instead of forcing insert.

Now, since almost everything goes online, there’s no sense in a simple transaction count counter. Banks see almost every transaction in real time and can make much more intelligent yes/no/insert decisions. If they want to force an insert, they respond with transaction response code 65.

Your example of a huge spike in a day is exactly what I meant. 20 transactions in an hour for someone that’s not normal for would be a great reason to send back response code 65 (force insert). 20 transactions over a month wouldn’t be.

Unlike in offline contactless, that distinction can now be made. Thus simple counters should be a thing of the past… should.

P.S. this also prevents the offline fraud the article is talking about. More convenient and more secure. A bit slower, tho.

1 Like

I think we are saying the same thing aren’t we ? - I just haven’t said “code 65” force insert for PIN - because I didn’t know what "code 65 " was :slight_smile:

“Im sure ( am I ??? :slight_smile: ) patterns would also come in to play where the legitimate user would normally on average make 2 or 3 contactless transactions in a day , to then present 10 or 15 would hopefully draw attention to unusual activity - need to ask for PIN to confirm legitimate usage ???”

Nope, because that article and your initial post was that there was a counter that allowed a maximum number of contactless attempts between PIN attempts.

That is how it used to be, but it’s simplistic. Today, in an online-first world, banks should be using real-time analytics. Hundreds of contactless transactions in a row, at a normal pace, should be fine. A dozen in twenty minutes, maybe not.

That’s the difference. There is no reason for a pre-determined maximum number or amount like there was when that article was written. It should depend on the situation.

1 Like

ah OK …:slight_smile: so now if you make an unusual number of transactions outside of “normal” usage a code 65 force insert PIN is triggered ???

It’s up to the bank, I’m describing best practice as I understand it from reading the EMV books and the Mastercard PayPass documentation. But yes, response code 65 (withdrawal count limit exceeded) can be used if a bank is suspicious, but wants to allow an insert (contact) transaction.

The terminal should then prompt ‘insert card’ or similar.

Whether this requires a PIN will depend on CVM processing, but in the UK with a UK-issued card generally would use offline PIN.

Not on reason code 65, but in general, some banks are much touchier than others. I’ve only had Monzo decline once and it was an Israeli Coke machine. Coke machines create awful authorisation messages. Other banks will decline for more minor issues, like those at Superdrug, or those at are common in countries like the US, or magstripe, or a host of other reasons.

Monzo seems to err generally more to approval than most banks I have experience with.

2 Likes

I think I understand now , as you say there is no particular count - if you make on average 2 contactless transactions a day for 7 weeks or however long you won’t require a code 65 as this is “normal usage” , if however your average is 2 a day and suddenly you attempt to make 20 contactless transactions in one day this will be flagged up by the banks analytics as potential fraud / card theft and will ask for a code 65

2 Likes

Basically, yes. Tho they’re not asking for a code 65. That’s the code they’re giving :slight_smile: Which should result in the terminal asking for a contact transaction if possible.

But yes, though obviously the exact numbers are up to the bank :slight_smile:

1 Like

could give, not will give

1 Like

Do all major banks now use online for contactless? I know all Amex contactless transactions are. I remember when the FinTech companies were the only ones!

We should probably have an online contactless thread. I’m not qualified to speak for all banks but it’s been at least a year since I’ve had an offline contactless transaction.

That said I do think the answer is still no. But getting close.

1 Like

I have successfully done my first bank transfer and it was very painless. My card reader was 5 year old and low battery and took 2 attempts because I misread the partially displayed confirmation number. I think the payee is stored in my nationwide account now. I can’t believe I never did this before. Put all the money but a tenner in a pot. No more costing monzo. I’m going to get a new card reader but I think I can just pay from my nationwide app now happy days :slight_smile:

5 Likes

Yes, that should work fine, it’s what I do. After the initial setup, no card reader is required, you can just go into the Nationwide app and make the transfer.

2 Likes

It looks like a few of these emails have been sent out today, could someone please copy & paste the full text (not a screenshot) into this thread :pray:

image

11 Likes