Shopping online or via mobile offers important advantages for consumers and merchants alike:
- Customers can buy their favorite products and services from the comfort of home. There’s no need to travel or wait in long lines.
- Companies can sell goods to those who can’t physically access their brick-and-mortar stores. It’s possible to connect with customers on the other side of the globe.
However, there is a downside to card-not-present (CNP) transactions.
It becomes much harder for merchants to verify if the card account holder is the same person who is making the purchase. If a criminal knows a customer’s card number, name and billing address, he can initiate unauthorized and anonymous transactions.
How are CVVs used to help prevent fraud?
To help prevent this type of credit card fraud, many merchants and processors now require that customers provide a card verification value (CVV) or card identification number (CID) during the checkout process. You may have also heard these terms before – CVV2, CV2, CCV – whichever acronym you’re most familiar with, the concept is the same in each case.
This value is the three-digit code located to the right of the signature strip on the back of most major credit and debit cards, or the four-digit code at the top right corner on the front of American Express cards. These CVV codes are considered “static” because they are imprinted on the credit or debit card and will not change unless the customer is issued a new card.
The CVV process is simple: The customer places an order with the merchant and is then requested to provide the CVV along with other standard information, such as name, billing address and credit card number. The merchant sends the code to the card issuer to authorize. The CVV is checked for validity against what the card issuer has on file and sends back an authorization or decline to the merchant.
Although this extra security requirement does help to reduce fraud, CVVs can be stolen along with the rest of the credit card information. This could happen when:
- Anyone who has held or seen your card can copy the code and use it later.
- Malware on a merchant’s payment system skims credit card details before they are encrypted.
Now, there is a growing movement to use dynamic CVV codes that offer even greater protection against unauthorized purchases.
How Does Dynamic CVV Protection Work?
Instead of having a static three- or four-digit code on the back or front of the card, dynamic CVV technology creates a new code periodically. There are a couple of different types of this technology:
- When a customer is ready to initiate a transaction, he or she receives an SMS text or email with a one-time PIN. That unique code expires after the purchase is complete — or within the next few hours. Making a new purchase thereafter requires generating another unique code that only gets sent to the email or phone number registered for that user.
- Small electronic screens are embedded directly onto the back of the card, and the code changes every 30-60 minutes.
Dynamic CVV technology is still relatively new, and it’ll take some time for this technology to go mainstream in the payments industry. Still, this security measure shows a lot of promise — especially as online credit card fraud continues to increase nearly five years after U.S. adoption of the EMV standard for in-store purchases.
Interested in learning more?
If you are a merchant and are interested in learning about fraud protection for your business, contact our team of payments experts today.