I’d be interested to know what people do in regards to using the Verified by Mastercard gateway.
For me, I use verify by SMS as my phone is next to me, it pops up on the screen and I can enter the 6 digits before the screen goes black again. Even if purchasing on my phone, I’ll use SMS as iOS can autofill the 6 digit number as it reads it from the incoming SMS. It saves app switching etc…
I’ve never been a fan of verifying in app, as you have to get past Face ID, and then wait for the account to load, and then tap it etc etc… It seems really longwinded and cumbersome.
Following on from that, is their an additional cost to Monzo for having to send out SMS messages to verify?
Would be interested to understand other people’s usage of the app / ecosystem. I’ve set up a poll to judge the usability.
Do you use in-app or SMS when going through “Verified by Mastercard”
Being able to approve on my watch would be a huge upgrade.
11 Likes
Anarchist
(Press ‘Help’ search ‘Contact us’ or email help@monzo.com or call 0800 802 1281)
3
I don’t use my Monzo card online (except where Apple Pay is an option) , but I have had an SMS containing a verification code come through five or six hours after it was sent in the past.
I also avoid buying stuff on my phone where possible for the reasons you give. Verification texts arrive on my iPad and so can auto fill. It’s quite a slick system.
I can’t really speak for Monzo’s SMS system because I so rarely use it, but I just find SMS verification so unreliable.
Maybe I’ve been put off by experiences logging on to other services, but in the time I’m potentially waiting for an SMS to arrive and then copying numbers over, I could have already approved the transaction in the Monzo app.
Yes, I would love Monzo to add the option to approve or decline to rich notifications (3D Touch/Haptic Touch the notification and click Approve or Decline in the popup).
This would work well on Apple Watch and Face ID iPhones.
Microsoft Authenticator uses this method for 2 factor authentication.
For now, I use texts because the iOS autofill on that is the next best thing.
While auto-filling from SMS is great, I rarely do purchases on my phone, so the app is much quicker for me. Agree that a rich notification would be better still.
Slight aside: For the first time yesterday I saw a Monzo 3D secure screen telling me it was auto approved. I was buying booze so clearly Monzo decided that was in character…
But logging in via an email link isn’t? Neither are secure protocols for communication.
I will be annoyed if SMS auth is on the way without a suitable replacement. I don’t keep my phone on me at all times. In fact it lives essentially in an office on the far side of the house. I only retrieve it to take photos or when I’m going out. So I rely on the iCloud SMS relay to my iPad to shop using my Monzo card. To lose this functionality with no way of switching 3D secure off would mean I’ll simply have no other choice than to move bank.
I’m happy to sacrifice a little encryption here for the sake of convenience, given that it’s on a per transaction basis. I’m much less likely to be compromised via an SMS auth code to confirm a transaction than I am via an email log in link… it sounds so backwards and illogical to me.
Not to mention iOS auto inputs the code at a tap too. The convenience here for me is just far too great to sacrifice.
Already done to (near) death on other threads, but you cannot read off or launch the link from the lock screen and even then you would need to enter your PIN in app
SMS ain’t coming back where it’s gone, but can’t speak to any potential alternative
I know, I know, and I don’t want to rehash it either, that’s why it was only a fraction of my input and only for the sake of comparison to explain my bewilderment at the possible abandonment of SMS. I just can’t see where the logic is in deeming SMS insecure, but remaining perfectly happy to use email. The security issue isn’t with copy/paste or TTL, it’s lack of encryption and interception, perhaps phishing too. There’s more convenience to the SMS code, than there is to a magic link on the basis of frequency of use.
In which case I desperately hope it doesn’t leave. Do you have a source on where you read about 3DS2 dropping SMS support? I’m a bit concerned and would like to read it myself so I can make some informed decision about how and who I can bank with for my day to day spending going forward.
I use both but only because Monzo in app payment authentication doesn’t work on every website, there’s a small list of retailers I have where it doesn’t and I have to always use the SMS option
I have a Mac and, if shopping online, I will tend to use Safari - so I would get the autofill via SMS relay again anyway. I do appreciate this won’t work so well if you use a Windows computer or Android tablet!
I think a rich notification is ultimately the answer here, to make in-app authentication as quick and simple as possible.
Was over a year ago though, before iOS 13. Maybe things have changed given SMS has still been an option when I’ve needed it, and autofill works?
I still haven’t found anything in 3DS2 relating to ditching SMS, so perhaps just a Monzo decision to implement it without SMS? Would be a massive step back for me, that could be added on to the list of recent changes that make monzo less convenient to bank with.
The more I dig into it, the more illogical it sounds, and the more out of touch Monzo is starting to feel to me. So disappointing to bear witness to having experienced what once was compared to what is and where things seem to be heading.
At what point did the objective change from making banking better, to making it worse? Because that’s how changes like this are starting to make me feel as a customer. It feels like Monzo are slowly becoming the thing they set out to fix, and it’s depressing in a way.
I know this isn’t the right thread to dig into it all, but to highlight a few statements from the website:
We’re building Monzo together
We’re doing things differently
Monzo makes money work for everyone
We’re focused on solving problems, rather than selling financial products.
None of these feel true anymore, or at least not to the extent they once did, and it’s down to small changes like this that add up to profoundly impact the whole experience.
I love Monzo, and I love what they set out to be, and do, but I’m not so sure I love what they’re slowly starting to become.
The one recent glimmer of the old Monzo, are the folks at Monzo, like you, who take the time to engage with us here, come what may, and the recent commitment, particularly from you and your engagement in the thread, on fixing and improving the merchant data corrections. It’s come a long way over the last few weeks, and I hope we start to see a little more of that going forward now that plus and premium are out of the way.
From my perspective, and I imagine for a large number of others here on the community, you are a credit to Monzo, @Dan5, happy birthday!
As I believe has already been mentioned, it comes down to the fact that SMS isn’t secure enough to satisfy the regulations, as the messages could be intercepted by someone other than the intended user (reading SMS on lock screen; SIM hijack).
Ah, thank you for finding that! I’ve been struggling to find much, if anything, on this.
Given that it’s a regulatory issue, hopefully this will push more merchants towards accepting the likes of Apple Pay on the web, to completely circumvent such a system whilst retaining security. Or at least that’s the only reasonable alternative I can think of that would continue to work for my use case.
Yes, I believe that whilst the SCA regulations didn’t explicitly ban SMS, the FCA in the U.K. and the European Commission both issued advisory notices saying that they did not consider SMS to be sufficiently secure to meet SCA requirements.
Legally, this may have not have been as strong as having “banned” SMS, but it did mean it’s use wasn’t recommended.
Banks currently using SMS are, therefore, expected to migrate away from it.
However, having said all that, most banks don’t really seem to be doing that. Co-operative Bank used to use card readers and now uses SMS instead (a change which it made when it was looking to become compliant with SCA).
I’ve just remembered to report my failed transactions using in app authorisation to chat, this post has at least reminded me as the last few times I’ve wanted to report it chat has been closed for the night.
Here’s hoping they find out what the problem is, it’s the Argos card website which falls everytime I want to make a payment 🤦 SMS code is the only option that works
Sounds like it just times-out during the in-app approval process, so the transaction fails?
Unless it’s something going wrong behind the scenes.
I agree with @N26throwaway that Apple Pay in the browser would be a good way to avoid these sorts of issues, hopefully retailers will be looking at that as a way to remove SCA friction in the payment process.