Transaction Limits and Pre-Authorisation


(Paul Brabban) #1

Hi there, great product!

I’ve been having problems with fraud lately on my credit card. I had a couple of ideas about trying to make this harder for criminals to do, here’s one.

I typically have a selection of merchants that I use frequently (Amazon, Ocado, etc) and a bunch of subscriptions to services and charities. Most of those services have a regular pattern. Subscriptions are the exact same amount for years on end, things like Ocado are typically in a range that goes from a number to double that number. Merchants like Amazon are pretty irregular, but also infrequent and I tend to plan ahead for purchases over say £50.

I wondered whether setting a limit per merchant might be workable - it seems that after a few weeks, it’d be possible for Monzo to start suggesting limits based on the patterns it’s seeing to help me. When I want to exceed a limit, I would like to hit a button to remove the limit for that merchant for the next hour, or something like that.

If I want to transact with a new merchant, then I can temporarily allow new merchants, along with perhaps setting a limit (as I’ll know what I want to buy and how much it costs at that point)

If I forget and attempt a transaction that breaks these limits, then send me a notification immediately as my transaction fails. The notification has a button I can press to allow this transaction when I try again. There’ll be a failed transaction and a little inconvenience in these exceptional circumstances but that’s a small price to pay to make fraudsters’ activities more difficult.

I think this would work for me, because I have predictable spending patterns - I’d imagine that’s pretty common but I can’t really say - so it should certainly be an opt-in/out thing.

Anyway, hope that helps and keep up the great work!


Real-time authorisations
#2

If I’m honest it would be a huge pain to have to manually allow new merchants every time I wanted to use a merchant which I don’t use regularly.

Also there might be issues with making payments to merchants when you don’t have internet connection or your phone is out of battery - you’d have to go find connection to temporarily allow new merchants before returning to make the payment.


(Paul Brabban) #3

Fair point about the battery/signal thing, hadn’t thought of that. Would a limit like the contactless limit below which a single transaction to a merchant is allowed without authorisation help? Or perhaps allowing single transactions in categories that maybe aren’t much use to criminals, like hotel rooms, food, taxis without second/pre-auth?

For me, I rarely use new merchants - I’m kinda boring that way! But totally appreciate this maybe wouldn’t work so well for the more adventurous!

The kind of situation I’m trying to prevent - a couple of weeks ago criminals managed to make 38x £100 transactions for gift cards to some merchant I never heard of which has taken two weeks to sort out with my credit card provider (who to be fair have been very good sorting it, but it’s still an inconvenience that they pretty much maxed my credit card). A few months ago, criminals attempted to buy an £800 laptop from ebay with my credit card. The thought that the might have gotten away with any of those transactions makes me angry!).

A low limit for transactions that I haven’t pre-authorised would work well for me, I think, and would make it much more difficult for low-lifes to get away with any serious amount of money… :slight_smile:


#4

Wondering how they got away with 38 transactions of £100 when it’s so out of your usual spending patterns. Surely that should raise some red flags with the credit card company for them to speak to you before authorising?


(Paul Brabban) #5

It did raise red flags, I got a fraud alert from the provider and they’ve sorted it out. I don’t think the transactions (or at least most of them) got authorised, but I’d rather the whole thing had been prevented rather than mopped up afterwards…


(Peter Roberts) #6

Given the real time aspect of Monzo I’m kind of struggling to see the use case of this? For legacy banking stuff it would seem a lot more useful to me


(Paul Brabban) #7

Well, I think that’s a fair point Peter, but it’s about preventing rather than reacting… and I was in the pub enjoying a drink with friends on a Saturday evening when I started receiving fraud alerts. Not the best time to start dealing with it :slight_smile:


(Peter Roberts) #8

That’s fair but what if monzo could just have a button on a transaction notification for ‘fraud’ and that’s all you have to do? I sort of think the machine learning stuff they are using is a more flexible and dynamic way to detect and reject proactively


(Paul Brabban) #9

Well, we’ve been trying to use machine learning to detect fraud for a long time, and we’re pretty good at it - but it’s something of an arms race as criminals up their game in how they hide and deceive, and I can’t see it being something that can be applied proactively anytime in the general case soon.

Learning my patterns of behaviour (for a start, I’m not trying to hide anything!) and then either asking me whether I want to set limits, or just setting the limits when confidence gets high enough seems like a more tractable problem… and might be something Monzo’s already doing to inform our spending views?