Some sites refuse a transaction unless it’s 3DS-protected. An alternative could be ‘variable CVV’ method, something like this:
The way Monzo have done 3DS is pretty impressive
That’s very interesting. How is Monzo doing it? What makes it impressive - easy to use, from a technically point of view, and/or other aspects?
I don’t have a Monzo account. Is it done via app like this suggests?
N26 is doing 3DS intelligently (i.e. not 100% of the time) and via its app.
Yeah! Monzo uses the app.
Basically it says open the app and tap confirm
Does it force you to do it every time? N26 is only requesting I do it in some cases.
Yeah it makes you do it every time it’s requested
The problem with variable CVVs is that online usage becomes a pain. Every transaction needs to be verified with the latest CVV and it is not always convenient to have this added step. That said, the issue of fraud is getting worse and anything that helps prevent this is a bonus. Maybe a FaceID or biometric approach would make life a little easier. For example an app modification that uses FaceID or a fingerprint to complete an online transaction over a certain value. Just a thought … like the cards with CVV replaced by screen - always a conversation starter like biometric wallets!
Yes, please, please bring 3D secure!
So many times I’m trying to use my card online and it declines because of Curve not supporting 3d secure. Some banks use mobile tans for 3d secure and most other fintechs use an in app confirm button.
Maybe its possible for Curve to implement this in the app, meaning when 3d secure is required, a push app notification appears in the Curve app with “do you wish to confirm the transaction of x GBP/EUR/…” with a confimr and decline button - voila, done
What he said! Spot on
Agree with @Dann - Monzo have a pretty slick way of doing it, Curve could definitely go down this route.
This would be awesome, rather than entering a code!
The Monzo in app authentication is good - But it could be improved.
They revert to SMS for some things (especially credit card payments, because it was causing the credit card app to time out if you authorised within the Monzo app).
On iOS 12, the SMS authentication is amazing (with the auto code entering feature they have).
I’d love an interactive notification to approve a 3DS transaction (pull down on the notification and tap “approve”) rather than having to go in the app which can take 10 seconds or so.
I only see a ‘recommendation’ to stop sending OTP via SMS. Nowhere a ban.
Sorry if this is covered elsewhere, or if it isn’t even a “thing” or a concern, but I’ve been wondering what happens when an underlying card requests 3DS verification from Curve during a transaction?
I’m assuming some agreement must exist between Curve and the underlying cards so they know that Curve is allowed to charge the card without requiring cardholder verification? A bit like it must work with PayPal I suppose?
Curve is not a 3DS/Securecode merchant. It does however sometimes use this code to verify you are the card owner on initial setup.
We don’t have an agreement with all underlying card issuers or banks. Curve operates as both an issuer and an acquirer in the payment process. You can learn more about it in the article below.
In order to verify your funding (underlying) cards we use either a micro charge via 3D secure or using a verification code that you can find on your bank statement. You can find more info here: Adding your first card to Curve.
I read that, starting September 14, 2019, Revised Payment Service Directive (PSD2) requires Strong Customer Authentication (SCA) as implemented by MasterCard SecureCode and Verified by VISA. Will Curve have implemented these by then?
It is annoying because 3DS is a solution people never asked for, yet thrust upon by providers. I am all for security, but it was designed and developed in a time where apps barely existed in the early 2010’s. In all seriousness, if you have to display something in an inline frame today, something is clearly wrong.
There are many ways to implement 3DS. As an example with N26 Bank it’s totally seamless, for most transactions 3DS is approved by the bank automatically and the user doesn’t get any prompt or screen. For a few transactions they detect as more risky there’s an in app button to confirm