Will Your Next Credit Card Run on Batteries Thanks to dCVV2?
After years of testing and speculation, we may soon see payment cards with dynamic CVV codes—a technology called dCVV2—hit the global market.
The first CVV (card verification value) codes were a direct response to the growth in online shopping. A buyer would need to have access to the card number, expiration date, and this additional security code to complete a transaction. Thus, the inclusion of card security codes on payment cards provided an additional roadblock to stop potential fraudsters.
Card networks first began printing these card security codes on payment cards in the late 1990s and early 2000s. Today, including a security code on credit and debit cards is standard procedure for all major card issuers.
Taking a step toward dynamic codes, though, represents a major change for card networks and issuers. So, what is a dynamic CVV code, and how might this impact eCommerce in the mid-to-long-term?
How dCVV2 Helps Prevent Fraud
dCVV2, or dynamic CVV2 codes, is a technology that allows cardholders to enter a dynamic (or changing) CVV code at the time of checkout. Rather than rely on the static 3- or 4-digit code printed on a physical card, the customer can enter a code that changes on a frequent basis. This offers greater protection against criminal fraud.
While CVV codes are a valuable anti-fraud tool, they’re not foolproof. Fraudsters can still gain access to a static security code and use the information to make purchases. A dynamic code that changes regularly, though, would be much more difficult to spoof.
Any dynamic data is inherently more secure than static data. To illustrate, let’s assume that a fraudster manages to get access to a cardholder’s information. If that card information includes a static CVV, the fraudster only needs to know that one code. However, if the CVV changes every 30 to 60 minutes or changes after each use, it will be much more difficult for the fraudster to commit fraud.
Studies suggest that dCVV2 could prevent many instances of CNP (card-not-present) fraud. Even better, it’s relatively easy for issuers to roll out to their customers.
Because dCVV2 is an issuer-initiated solution, implemented on the card network level, banks and credit unions could sign up easily, with no integration required. For merchants, there would effectively be no change: they would continue to request the CVV2, and the cardholder enters a unique dCVV2 at checkout in place of a static one printed on the card.
Visa and other card brands explored different methods for implementing dynamic CVV codes over the last several years. The technology may actually be close to a wide rollout soon, with banks able to opt-in at the card network level. What’s not yet clear, though, is how the card brands will make this technology available.
Dynamic Threats Call for Dynamic Solutions.
You need a multilayer solution to deal with new and developing fraud threats. Find out how today.
How Will dCVV2 Technology Work?
The inclusion of a small LCD screen on new payment cards is one option. With an LCD display, the card code could change on a regular basis. This isn’t necessarily ideal, though, as it would make cars significantly more expensive, and would also be reliant on internal battery power.
There are other options, though. As pointed out in a recent feature for Pymnts, an app-based solution could provide a much simpler and more cost-effective alternative to LCD screens.
“A software app-based dCVV2 solution replaces the static CVV2 printed on the card with a dynamic dCVV2 that is delivered to a user’s smartphone, configurable from every 1-18 hours,” Keyno CEO Robert Steinman explains. “App-based dCVV2 is more scalable, as it can be used with already-issued cards, eliminating the need for an expensive new card with a battery and LCD.”
Of course, an app-based answer may require an additional step in the transaction process, which could make some merchants unhappy. Introducing more friction into the transaction has the potential to cause an uptick in order abandonment. The benefits of significantly reducing criminal fraud, however, should more than offset hypothetical losses.
In fact, adoption and normalization of app-based dCVV2 could be helped by the COVID-19 outbreak. We saw a massive surge in the use of mobile wallets and “click-and-collect” purchasing in 2020 as consumers looked to minimize physical contact points. It could be easy for companies to build dCVV2 into their platforms, helping acclimate buyers to the technology in the process.
No Single Tool is Foolproof
Adoption of dCVV2 protocols will be like other new anti-fraud tools, such as 3-D Secure 2.0. It will help mitigate card-not-present risk…but it’s still not foolproof.
CVV verification has been a cornerstone of fraud management's best practices for decades. That said, it’s only one part of a more expansive solution. Rather than relying on new technologies rolled out at the bank level, the best approach to stopping fraud of all kinds is for merchants to develop a dynamic, multilayer strategy.
The 2021 Chargeback Field Report
The 2021 Chargeback Field Report is now available. Based on a survey of over 400 US and UK merchants, the report presents a comprehensive, cross-vertical look at the current state of chargebacks and chargeback management.Free Download
New fraud threats emerge every day, as do new tools to help contend with these threats. We already discussed dCVV2 and 3-D Secure, but there are other widely-used fraud management tools that should be part of your strategy:
Address Verification Service
Issuer compares the transaction billing address to the billing address on file with the cardholder’s account, flagging mismatches as possible fraud.
This relies on detecting the identity of a device or system used during a transaction, which can help verify the cardholder’s identity.
Allows you to check the location of the cardholder on file against the current geographical location of the shopper.
Detects activity designed to disguise a geographic location and generate false IP address information.
Compares the shopper’s biometric information (fingerprint, heartbeat) to that of the cardholder. This is built into many mobile wallet apps like Apple Pay.
These are just a few examples. As we eluded to above, an exhaustive list is next to impossible, as new technologies develop each day to contend with new threats.
Fraud Scoring & Chargeback Prevention Also Important
Any tools employed to verify users during a transaction should be backed up with fraud scoring. This tool examines fraud warning signs in aggregate and assigns a simple numeric score (usually on a scale of 1 to 100) to the transaction. This facilitates simple, automated “up” or “down” decisioning to accept or reject a transaction.
Even with dCVV2, multilayer fraud management, and fraud scoring in place, you could still see chargebacks slip through your defenses. This is where Intelligent Source Detection™ technology comes in handy.
ISD pinpoints and evaluates specific chargebacks by their source, rather than their reason code. The tool then uses data to project where future chargebacks will come from, and how to either prevent them or fight them through chargeback representment.
Overall, dVV2 is a great new innovation in card-not-present fraud management. However, it should be just one part of a much broader, more comprehensive approach to the problem.