3-D secure for online payment


#1

Hi, it will be great if you can add 3-D secure for online payment, my card is often rejected because you don’t support this security.

Thank you ! :slight_smile:


#2

I find this interesting. My Visa card from my bank kept rejecting me due to 3D secure, but that was because my card actually supported 3D secure and I often couldn’t use the 3D secure as it required an SMS connection which I didn’t always have. When I switched to Revolut, this problem went away, as I have never been asked for 3D security. I’ve seen the “3D secure” logo pop up, but then it just automatically approved it and the payment was made. I’ve never been rejected for this before and I’ve used my Revolut card to buy from a quite a few places online.

I do agree though. 3D secure would be a nice addition. The authentication could perhaps be provided through the app itself rather than dicking around with SMS messages.


#3

I would like this too


#4

Hi,
I totally agree with you, sometimes it work and sometimes not, I contacted the support when my problem occurred and they checked on their side and said me that it was because of 3-D secure not supported…

As you said, the best will be 3-D secure with the app and not our mobile phone, abroad we always have a different number…


#5

The best is for the user to have the choice to receive one time password either through app or sms or even call. If through app, there is also an option to just tap on a notification of payment intent and to either validate it or reject it, like in Microsoft Authenticator.


#6

Good idea, but I don’t know if it will be easy/even possible to implement as Revolut uses a Prepaid MasterCard. :confused:


#7

Mobile operators are known to reject top-ups from cards not supporting 3D Secure due to high fraud rates.


#8

Good idea, but I don’t know if it will be easy/even possible to implement as Revolut uses a Prepaid MasterCard. :confused:

I use 3D secure with a prepaid Visa card. I wouldn’t have thought Mastercards were different in that regard.


#9

I’ve just noticed that me too in fact… Well, I think it will just be hard to implement for a such company/not actually a certified bank?


#10

I just want to latch on here: If you start supporting 3d secure/Mastercard secure do NOT require an unrooted smart phone!
A lot of banks get this totally wrong.

Case study: DKB: They recently forced all users to switch to 2-factor-auth 3d secure, but the app does not allow rooted phones (or phones with non-standard roms). Look at the resulting shit storm at [1]. As an alternative, they provide only smsTANs, which you have to pay for (7 cents). In addition these smsTANs only work for German mobile numbers, which basically make the card un-usable for 3dsecure transactions for me. Let’s say Revout will see a lot more use from me now…

From a security perspective, this decision is completely misguided:

-1- It is much easier for a rouge app to intercept an SMS than to mingle with a properly written app using encrypted communication using its root-rights. A “stupid” user, who gives random apps root-access-rights, will also give random apps SMS reading rights. This is even possible on non-rooted phones.
smsTAN is the less secure option on any phone.

-2- Pseudo-Power-users who have their phone rooted and are too stupid to understand the implications of giving random apps root, will turn to “work-arounds” that circumvent the apps ability to decide rootedness. For example [2]. This is the perfect entry point for rouge developers to create a very narrowly targeted piece of malware. (I’m not saying [2] is malware, I’m just saying if the author wanted to intercept pushTANs he is in a very good position to do so.)

[1] https://play.google.com/store/apps/details?id=com.entersekt.authapp.dkb&hl=de
[2] http://forum.xda-developers.com/xposed/modules/xposed-s-pushtan-rooted-devices-t3168892


#11

The existing 3D secure support is just awful.


#12

My card was being rejected for using 3D secure.
but this weekend started working, and I was able to top up


#13

Is it really just a Prepaid MasterCard? If so, how is it the balance can go negative?


#14

Yes it is. The balance can’t go negative. :slight_smile:


#15

The balance can go negative actually, although it’s rare.
There are topics on this forum with people complaining about that because in the US in some restaurants you can be charged 2 times for example.


#16

Oh yes that’s ok. That’s due to pre authorization that most of US restaurants/places process… but this is reverted in the account balance up to 10 days.


#17

it would be a nice/good/(willing)/… feature in my opinion,


#18

Count me in for the 3D Secure camp!

While 3D Secure can be optional, there are nowadays many merchants that seem to require it, and payments fail because Revolut does not support it. Such a bummer every time this happens.

A somewhat bigger problem is that there are entire countries where many, if not all, online payments go through processing gateways that are set up to require 3D Secure, simply because all the banks in those countries have been issuing 3D Secure cards for years now. Some merchants/processing gateways may not even realise that they’re effectively losing potential customers simply because the number of failing transactions due to lack of 3D Secure is extremely low. But unfortunately Revolut falls into that category.

An example of such country would be Russia, where I have to travel to a lot, but I am pretty sure it is not the only one.

I think that in 2016 3D Secure is sort of expected. Adding support for it it would significantly increase Revolut’s acceptance rate online. I’d love to see this implemented.
:r::rocket:


#19

… Agreed. Especially since SMS is not that secure : SIM cards can be “usurped”, eg someone can request a new SIM card at your telco operator (ex pretexting a format change or a loss) and identity is not always properly checked.


#20

Unfortunately, at this stage we do not support this security feature protocol. Hopefully, further down the line.