I’d be interested to know what people do in regards to using the Verified by Mastercard gateway.
For me, I use verify by SMS as my phone is next to me, it pops up on the screen and I can enter the 6 digits before the screen goes black again. Even if purchasing on my phone, I’ll use SMS as iOS can autofill the 6 digit number as it reads it from the incoming SMS. It saves app switching etc…
I’ve never been a fan of verifying in app, as you have to get past Face ID, and then wait for the account to load, and then tap it etc etc… It seems really longwinded and cumbersome.
Following on from that, is their an additional cost to Monzo for having to send out SMS messages to verify?
Would be interested to understand other people’s usage of the app / ecosystem. I’ve set up a poll to judge the usability.
Do you use in-app or SMS when going through “Verified by Mastercard”
Being able to approve on my watch would be a huge upgrade.
11 Likes
Anarchist
(Press ‘Help’ search ‘Contact us’ or email help@monzo.com or call 0800 802 1281)
3
I don’t use my Monzo card online (except where Apple Pay is an option) , but I have had an SMS containing a verification code come through five or six hours after it was sent in the past.
I also avoid buying stuff on my phone where possible for the reasons you give. Verification texts arrive on my iPad and so can auto fill. It’s quite a slick system.
I can’t really speak for Monzo’s SMS system because I so rarely use it, but I just find SMS verification so unreliable.
Maybe I’ve been put off by experiences logging on to other services, but in the time I’m potentially waiting for an SMS to arrive and then copying numbers over, I could have already approved the transaction in the Monzo app.
Yes, I would love Monzo to add the option to approve or decline to rich notifications (3D Touch/Haptic Touch the notification and click Approve or Decline in the popup).
This would work well on Apple Watch and Face ID iPhones.
Microsoft Authenticator uses this method for 2 factor authentication.
For now, I use texts because the iOS autofill on that is the next best thing.
While auto-filling from SMS is great, I rarely do purchases on my phone, so the app is much quicker for me. Agree that a rich notification would be better still.
Slight aside: For the first time yesterday I saw a Monzo 3D secure screen telling me it was auto approved. I was buying booze so clearly Monzo decided that was in character…
Already done to (near) death on other threads, but you cannot read off or launch the link from the lock screen and even then you would need to enter your PIN in app
SMS ain’t coming back where it’s gone, but can’t speak to any potential alternative
I use both but only because Monzo in app payment authentication doesn’t work on every website, there’s a small list of retailers I have where it doesn’t and I have to always use the SMS option
I have a Mac and, if shopping online, I will tend to use Safari - so I would get the autofill via SMS relay again anyway. I do appreciate this won’t work so well if you use a Windows computer or Android tablet!
I think a rich notification is ultimately the answer here, to make in-app authentication as quick and simple as possible.
As I believe has already been mentioned, it comes down to the fact that SMS isn’t secure enough to satisfy the regulations, as the messages could be intercepted by someone other than the intended user (reading SMS on lock screen; SIM hijack).
Yes, I believe that whilst the SCA regulations didn’t explicitly ban SMS, the FCA in the U.K. and the European Commission both issued advisory notices saying that they did not consider SMS to be sufficiently secure to meet SCA requirements.
Legally, this may have not have been as strong as having “banned” SMS, but it did mean it’s use wasn’t recommended.
Banks currently using SMS are, therefore, expected to migrate away from it.
However, having said all that, most banks don’t really seem to be doing that. Co-operative Bank used to use card readers and now uses SMS instead (a change which it made when it was looking to become compliant with SCA).
I’ve just remembered to report my failed transactions using in app authorisation to chat, this post has at least reminded me as the last few times I’ve wanted to report it chat has been closed for the night.
Here’s hoping they find out what the problem is, it’s the Argos card website which falls everytime I want to make a payment 🤦 SMS code is the only option that works
Sounds like it just times-out during the in-app approval process, so the transaction fails?
Unless it’s something going wrong behind the scenes.
I agree with @N26throwaway that Apple Pay in the browser would be a good way to avoid these sorts of issues, hopefully retailers will be looking at that as a way to remove SCA friction in the payment process.
It’s something behind the scenes I think, no other website does it with me and I approve it within seconds. I’ve never once made a successful payment that way yet on the website
I was under the impression that whatever happens within the 3D secure box is down to Monzo, I’ll wait and see what they say anyways not like I’ll diagnose the issue with my guesses 🤦
I only have limited understanding of how it works, as I’m not an industry insider (just an interested observer) but I think the transaction is initially passed to the bank for authorisation, they reply to the merchant that they need 3D secure, the merchant redirects to the bank’s 3D secure portal, and then you are supposed to conduct the authorisation.
If successful, a “token” is created that indicates to the merchant that you authorised the transaction. You then get passed back to the merchant, and the token is stored as a cookie. They check this cookie, essentially put it through again (but this time with the authorisation code attached) and it gets processed by the bank before getting an immediate approval as it is “matched” to what was approved before.
That might be a bit wrong, but it’s how it’s supposed to work, I think.
