Perhaps I’ve had a bad experience. When I had fraud I was told I couldn’t speak to the fraud team, they were not customer facing and it would be “sorted”
Yeah, the thing is the payments that were coming out were in the normal holding process where the funds hadn’t been yet realised. In my view they should just immediately refund the money if you’re telling them it’s a fraud and it’s pending.
2 Likes
I agree, seems like the right thing to do.
I believe you may be entitled to compensation for this delay?
The time limit is normally by the end of the next business day.
(2) The payment service provider must provide a refund under paragraph (1)(a) as soon as practicable, and in any event no later than the end of the business day following the day on which it becomes aware of the unauthorised transaction.
It seems completely unacceptable to wait five days for this. Personally I’d make a complaint about this level of service.
7 Likes
I’m very surprised that Monzo haven’t put an auto-decline and freeze card on transactions from the involved merchants yet. Last week I had one of those for the first time - a push notification that they declined a transaction and froze my card, and to unfreeze and try again if it was a legit transaction (it was).
2 Likes
The frequency of this and lack of visible action from Monzo here is really making me reconsider banking with them. Do Monzo really not have a fraud call centre you can speak to? Do customers really need to wait 5 days for resolution? What actions are Monzo taking to stop this happening?
Ultimately, Monzo systems are authorising these payments with no second factor authentication. That sounds like a Monzo problem to me.
If you mean 3DSecure, that’s not a Monzo problem, that’s a merchant problem. The merchant has to initiate that flow, Monzo can’t impose it.
As far as I can tell, everyone who was victim to this fraud has got their money back.
It would be nice if Monzo could be a bit more open with what happened here a la the Ticketmaster breach, but at the end of the day, they don’t appear to have done anything wrong here.
Monzo knows if it was 3DS or not. All of the documentation I saw from other banks was “sorry if more of your payments decline, this will happen more as retailers make the necessary changes on their systems”
Monzo can, and should decline if 3DS is not implemented. Especially when MULTIPLE fraudulent payments happen on that merchant.
I know there’s a lot of love for Monzo on this site, but where there is genuine fault it must be called out.
This isn’t a support forum. People who have need action have got it.
It might sound like it to you, but you’d be wrong.
Ok, Monzo is blameless in all this then 
This forum is truly delusional
1 Like
It’s possible to both disagree with how Monzo have handled aspects of the situation while also acknowledging that they haven’t done anything wrong. It’s not an either-or binary.
1 Like
So you disagree with how they’ve handled it but think they handled it right?
Go on then seen as though you know it all, enlighten us about Monzos fraud systems and the fact they aren’t acting on anything… Nope thought not.
This isn’t just a Monzo problem any bank could get hit with these payments, 3D secure isn’t forced on every transaction. MasterCard and Visa would have to tell merchants that from X date if it’s not 3D secure it’ll be declined.
Evidence suggests in an the cases reported to this forum, refunds have been given.
The only reason anyone knows about these payments are because of the forum, otherwise no one would really be any the wiser
2 Likes
I know how it works from a merchant banking perspective (albeit not from a banking perspective)
What your viewpoint is saying is that of the merchant does not secure the transaction, the bank is not at fault. Do you know how crazy that sounds? That the security of your funds is in the hands of MILLIONS of terminal end points globally?
That is not how it works at all. And while I didn’t work on the payment stack through to banks, I can tell you that the payment stack through to acquiring bank is NOTHING like that. If we got a partial match on CV2, address numerics and postcode numerics and we chose to accept payment, banks would still often decline funds.
Read the thread, do some research of your own, then you’ll realise you’ve got it wrong (again)
2 Likes
The fact that you’re not understand the basics of the MasterCard / Visa rules is the most concerning, Monzo have no control over this or over merchants which don’t use 3D secure.
Your words not mine
Issuing banks can (and do) decline payments where 3DS is not used or implemented.
Monzo also choose to decline ATM transactions with magnetic strip (unless bypassed in the app). These are Monzo decisions, not MasterCard.
In fact, just because you made me Google this I’m actually starting to think Monzo are in breach of PSD2 regulations by approving these transactions. They should not be approved for exemption and should be declined BY THE BANK: (emphasis added as quoted from Stripe)
2 Likes
It has been common for years for banks to decline transactions for fraud protection meaning you have to phone the bank to authorise it. That Monzo never do that I previously saw as an advantage… but in this case… really the evidence is there, it should be a no brainer… put the merchant on the shitlist and verify everything until they fix their systems or mastercard kick them off the network.
1 Like
This is so interesting, thank you for linking to that post.
I’ve been following the discussion here and the consensus seemed to be 100% that the bank doesn’t have a say on whether a card payment requires SCA, but the Stripe post seems to flip that on its head and says it’s always ultimately the banks decision.
The funny thing is, I always thought that’s the most logical way it should work. It should be the bank’s decision to require or not require SCA, and every bank should require it except for few exceptions matching a customer’s profile (e.g. if I buy 10 things from Amazon every month with an average transaction amount of £50 I’d expect not to see SCA for my Amazon purchases but if you almost never buy from Amazon and suddenly you buy something worth £50 you should).
1 Like
Yes but that’s how the Ancient Greeks did it.
The slightly more modern method just needs you to reply to an SMS (I had to do that recently with Halifax). Of course, Monzo could just show a notification requiring fingerprint/PIN authentication in the app, which is more secure and easier.
2 Likes