Unsanctioned payment

eskbanker

Yes, I do agree with the fundamental point that if a bank states unequivocally that they will (rather than 'may') require OTP verification prior to transaction completion then it's not unreasonable to expect that the payment won't go through if that OTP is generated but not verified.

However, I was observing that your suggested resequencing of the final stages wasn't viable, i.e. you've already committed to the merchant that you're going ahead prior to any dialogue with the bank.  It's academic now but it would have been interesting to see what would have happened had you not "immediately closed the page", as the success or otherwise of the payment should have been visible in terms of error or confirmation messages....

born_again

Slightly off topic but a very valid point,
VbV & Mastercard secure both have a separate security screen, after purchase is made. Often this will simply roll over and not require a password to be entered. From personal experience they are useless and far to often allow fraudulent transactions through.
OTP can work in the same way.
Background checks are run on various parameters of the transaction being made. Mostly at purchaser end. 
When you think your transaction has to go through.
Banks security system, Visa/Mastercard security, then poss OTP retailer checks they run. All within a very limited timeframe. Or it auto defaults to approved or declined. Depending on how retailer have the timings set at their end.

When you say 
>>I booked, the bank, Halifax, put the payment  through anyway.<<
It was actually the retailer that put the transaction through. 
Retailers take the funds. Banks do not send them.

But I fully understand your frustration.

You are right OTP is there to help protect the bank & retailer as well, because as a customer if it is not your transaction. You get refunded. PSD (Payment Services directive) Either bank or retailer end up out of pocket.
ie. As customers we all end up paying as fraud losses get factored in to costs/pricing of products.

Tildaplum

i always thought it worked like this, but am obviously wrong

1. retailer requests funds using card details provided by customer

2. cc bank looks at request and makes an approved / declined decision and notifies retailer

When making that decision, i think it unreasonable of the bank to lead their customers to assume the transaction will not be approved unless the otps match,  whereas in fact clearly the transaction CAN be approved without matching otps

we are talking about the card - customer interface here, not the card - retailer interface

born_again

Tildaplum said:

we are talking about the card - customer interface here, not the card - retailer interface

It's all one interlinked system.
Think of it like this.
Customer > Retailer > bank (security system) other checks =  OK > Retailer = OK > VbV/MSec = OK > bank OTP > Approval > Retailer. All in a very short space of time.
If something times out, some retailers default to taking payment. Even when their systems show customer timed out or other message.

Tildaplum

Thanks for taking the time to reply born-again

where I am confused is the time out and the retailer 'taking the payment' - surely it is for the bank to authorise the payment rather than the retailer to say 'i will take the payment'

kind regards tp

born_again

It does seem strange that it does. Just the way that it seems to work in some cases.

We once had a issue with our security system. What ended up happening was auto approvals due to the length of time it took. Not sure how this will effect/work with OTP given I think you have a few mins to process.