Probably as no one besides us who are on this forum would remember
Yes, but most shops know it in the US, even in Montana, at petrol stations, I always got āenter the numbers from your postcode followed by zeroesā when I went in and asked them to turn on the pump since my card didnāt work. I had to explain it wasnāt a Mastercard (this was trying to use my MBNA Amex, the Aqua always workedā¦ sometimes I like trying to see how to make a card I know is unlikely to work, work. Iāve found no combination that gets an MBNA Amex past a zipcode prompt).
We want Monzo cards to work everywhere for everyone without requiring any special prior knowledge
Fair point but doesnāt that defeat the idea of using the zip code as a security measure?
Hopefully by 2020 we will see EMV with normal offline PIN processing at these machines and itāll all be a thing of the past
Using a workaround like the one you described above where customers encode their UK postal code to a 5-digit number would be slightly more secure (by making it more difficult to use a lost or stolen card at a fuel pump), but it would result in the vast majority of customers not being able to use US automated fuel dispensers at all.
In this case we have made a deliberate decision to choose improved usability for everyone, and accept slightly higher risk by making US fuel pumps work the same as any other US self-activated magstripe terminal. The additional risk is carried by us, because if a fraudulent transaction does occur, the bank is liable not the customer (in most cases - unless they have been grossly negligent).
How so? Given it would follow the directions on the Mastercard site, and what staff at US petrol stations are trained to tell customers, it seems it should be fine? Stats would be interesting.
Also, my concern isnāt lost or stolen cards at all - thatās negligible. Itās use of cloned magstripes.
Absolutely and I do appreciate that fact - far, far too many customers worry about things they arenāt liable for anyway! Though Iāll note, after 2020, the merchant is liable in the case of US AFDs using magstripe, so hopefully itās a thing of the past by then!
Sorry I meant to say I am not so confident this workaround is well known. Anecdotally Iāve never heard of it and neither of the two gas stations I recently visited (in different states) we aware of it.
We could tell customers about it through the app, perhaps in the country welcome message, but it would be very likely a lot of customers wouldnāt see it, or would see it and forget.
As a side note at a technical level the ISO8583 data element that contains the address verification data in the authorisation request message is not zero-padded at the network level (zeros are considered significant digits of the customerās address), so I suspect a workaround like this might be specific to particular issuers or card processor vendors.
It is the MasterCard scheme recommendation, rather than any issuing bank or electronic fuel dispenser operator.
Do you have a link handy by any chance? Iād be curious to read about it as we havenāt come across it
I can not find a link to the PDF I saw from Mastercard Europe but here is a link to Mastercard Canadaās advice for cardholders travelling to the US. https://www.mastercard.ca/en-ca/consumers/features-benefits/travel-tips/mastercard-pay-at-pump.html
I first heard about it when a NatWest business banking employee told me to try using the numbers from my UK postcode (the one associated with the card) followed by padding zeros.
This is why I suggested it, LOL. It isnāt random advice. Itās what people are told by US āgasā stations (that usually donāt sell gasā¦ But thatās a different rantā¦) and by Mastercardās site if someone goes searching.
Of course allowing any number is even easierā¦
Hi,
We got back from New York on saturday, and just wanted to report back on Monza debit card usage in NYC / Manhattan.
No problems whatsoever. Used it online to book Top of the Rock tickets, and instore at a number of stores, and it was accepted without issue everywhere I tried.
Didnāt use it on the MTA Subway, as we preferred to use cash, and we also used cash for meal payments & tips. Also we had a reasonable amount of $$$s with us, so had no need to use it at an ATM.
Generally was able to insert the card and use the pin for authorisation, but was asked to sign a receipt in Hard Rock cafe store, after entering the pin.
Also, Disney store in Times Sq, only had to swipe the card, and that was enough - not asked for pin or signature.
Love the Monzo mobile app though, and how you get immediate notification of use and initial exchange rate. Once the rate settled, we were getting $1.40 / Ā£1.
Still gonna use my Monzo account as a travel money account (for now)ā¦ but in the futureā¦ maybe it will become my main current account.
To be expected at many shops in the US (though Disney Store does also take contactless in the US, odd since they donāt here - even though their terminals here are capable of it). CVM waiver is the same for contact/contactless/swipe in the US.
EDIT - just to clarify Iām referring to signature CVM waiver rules, but signature is the CVM used for swipe in the US anyway. PIN rules are different so most shops will ask for PIN (though many will just take the risk) if inserted.
Did the receipt actually have a signature line (misconfigured terminal) or was the cashier just not properly trained on CVM handling?
Just been to Vegas used my Monzo everywhere no issue other than a few contactless machine but think it was more the machines
The contactless terminals were probably not EMV contactless but Magstripe contactless
The current account debit cards support magstripe contactless.
Yes, but they did not say they had a current account card so they may still be on a prepaid card. Anyhow, some contactless payment in the US is problematic such as vending machines for drinks and snacks. A friend of mine had problems with Coca-Cola machine despite trying a few different UK cards.
The Coca-Cola machines in the US and Israel (maybe elsewhere?) donāt format their authorisation message properly.
Curious to know how that garbage managed to pass EMV certification - Iād say the least a certification can do is enforce that the data produced by the certified system is consistent with the spec.
It isnāt EMV-enabled.