What is a dynamic CVV

Saturday, January 03, 2015

Both merchants and cardholders are likely familiar with Card Verification Values. Also referred to as “Card Verification Code” (CVC), they are an anti-fraud tool explicitly used for transactions where the debit or credit card is not physically present for the merchant to inspect. CVVs are typically three digit codes found on the back of cards, though some card issuers have implemented four digit codes and have them somewhere on the front of the card.

If a fraudster acquires a customer’s account number, CVVs act as an additional security measure that will leave scammers unable to authorize purchases if they don’t have it. The more steps and sensitive info required to make phone or online purchases, the harder it will be for scammers to make illegitimate transactions and take over accounts. This is exactly the role CVV, card expiration date, and billing zip code requirements fulfill.

However, as fraud prevention continues to innovate and modernize itself to combat new scamming methods, some banks and card issuers have begun looking forward to implementing Dynamic CVVs. Because both merchants and consumers alike want more secure payment methods, this article will focus on breaking down how dynamic CVVs work, how they combat online fraud and can reduce chargebacks for merchants, along with describing their possible drawbacks.

What is a dynamic CVV?

As its name suggests, dynamic CVVs are in a constant process of change. Rather than having just one CVV throughout the life of a card, cards making use of dynamic CVVs take advantage of new technologies to periodically update the card with a new and unique CVV at a rate decided on between the cardholder and the issuing bank.

Compare this to traditional CVVs, which stay the same for multiple years until the card expires and a new CVV is issued along with a new card. For this reason, traditional CVVs are commonly referred to as “static” in comparison to their more modernized revision.

How does a dynamic CVV work?

There are two main ways dynamic CVVs can accomplish their periodic renewing, each with its benefits and drawbacks.

In conjunction with cardholder devices: When customers want to make a transaction online or by phone, they can have their bank send them a new CVV by text or email. This new CVV can last for just that one purchase, or for a few hours. After which, to authorize further purchases, cardholders (or, more importantly, scammers) would need to receive a new CVV code.

This “correspondence” method has been popularized within the last decade by mobile payment services, social media platforms, email hosts, and gaming websites. When a platform suspects a suspicious log-in, they’ll text or email a unique code to the user to prove authenticity and, hopefully, ward off fraudulent log-ins.

Dynamic CVVs work in the same way, and while there is a small inconvenience on both the bank and customers side, it makes fraudulent online purchases more challenging to accomplish.

Customers will have to have their purchasing experience lengthened out a bit, and banks will have to set up this correspondence system, keep it secure, and continually streamline it so customers continue to use it. But with virtually every cardholder having access to an email or phone in the modern age, this option is a promising development.

CVVs presented on an electronic screen: The other, and more “technological” option, are debit and credit cards installed with small electronic screens that produce a new CVV at intervals determined between a cardholder and the card issuer’s bank.

The typical card costs roughly $2 to produce, but cards using dynamic CVVs can cost upwards of $15 to make. While far more convenient to the customer, this option could take future developments to become an affordable investment for card issuers. While some banks have begun implementing them, it’s far from being standard, and it’s yet to be seen if these cards will necessitate higher fees for cardholders.

Regardless of logistics, these cards could be a crucial weapon in the fight against online fraud and, with time and development, could end up saving banks, merchants, and customers time and money. Merchants will see a reduction in chargebacks, banks can reduce their anti-fraud department’s costs, and customers can have their funds better protected.

Why aren’t card chips and swipe transactions enough?

Card chips, or EMV payments (named after Europay, MasterCard, and Visa, who developed the technology), are a great innovation for preventing fraud. Chip transactions have better encryption than typical magstripe payments and help fend off scammers trying to steal account information through hacking card reader terminals.

Furthermore, contactless payments that use NFC (Near-Field-Communications) technology have also made card payments more secure. Being able to simply hover your card or phone over a card reader makes for not only highly convenient payments, but also reduced security risks.

But, these anti-fraud tools are limited to transactions in which cards are physically present, and their innovations can’t be taken advantage of over the phone or during online payments. In fact, these tools have led many fraudsters to focus on the online marketplace to avoid the hurdles EMV and NFC technologies have made for them in offline transactions.

For this reason, dynamic CVVs could be a crucial development for platforms in which merchants have to take more risks and accept payments through user submitted card information alone.

How does dynamic CVV help fight fraud?

With traditional CVVs, once a fraudster has acquired a cardholder’s account information, it’s game over. Scammers can authenticate fraudulent purchases, sell the card data, or simply store the information until it’s useful.

But with dynamic CVVs, fraudsters are constantly working against a ticking clock. Scammers will no longer be able to hold onto stolen card data long enough to sell it off or make planned purchases. Instead, they’ll be forced to use it immediately, potentially in a rushed manner that will assist banks and cardholders in noticing something is amiss.

That’s if they're able to detect it’s a dynamic CVV. Many scammers will simply think they’ve acquired a cardholder’s info but, unbeknownst to them, the CVV code will have shifted and they’ll be unable to run purchases or will be selling outdated card info to fellow fraudsters.

Scammers have developed ways to acquire the card information necessary to make purchases in its entirety, all in one swoop: card number, expiration date, billing code, and CVV. Scammers can hack databases all they want, but cardholders with dynamic CVVs will have new card information by the time scammers acquire their outdated info. By having continuously changing CVV codes, scammers will be left with fragmented information that will leave them unable to authorize purchases.

Possible drawbacks

Expensiveness of the technology: As touched on earlier, cards making use of dynamic CVVs currently cost roughly six times more than traditional cards to produce. If dynamic CVVs work as theorized, they could save banks, merchants, and cardholders upwards of billions of dollars a year. But if they’re unable to be implemented properly or if they don’t revolutionize online payments in the same way that EMV payments revolutionized offline payments, then card issuers could be out a significant amount of money. For this reason, dynamic CVVs could be slow to roll out as card issuers perfect the technology and weigh out the potential risks.

Effects on scheduled billing payments: automated weekly, monthly, or annual payments are convenient payment plans for merchants and customers. Merchants can formulate their expected earnings more consistently, and customers can enjoy uninterrupted services.

How will dynamic CVVs impact automated purchases? Will dynamic CVV cards be able to update automated payment services with new codes in a secure and safe manner? Or, will customers and merchants have to forgo the convenience of periodic payments in favor of combating fraud? These questions remain to be answered pending further developments in dynamic CVVs.

Closing thoughts

With e-commerce becoming the preferred marketplace for scammers, digital purchases require an update. Dynamic CVVs could be a game changer in combating fraud with its revolving stream of security codes, but the logistics of manufacturing the cards and updating its effects on automated billing services could slow the rollout.

As it stands, though, dynamic CVVs are an exciting prospect that could save the online industry billions if not trillions of dollars across a decade. Dynamic CVVs could help reduce merchant chargeback rates, save banks time and money, and make consumers feel more secure making purchases online, thereby prompting them to shop more often and with more confidence.


Interested in our payment processing?

Heartland is the point of sale, payments and payroll solution of choice for entrepreneurs that need human-centered technology to sell more, keep customers coming back and spend less time in the back office. Nearly 1,000,000 businesses trust us to guide them through market changes and technology challenges, so they can stay competitive and focus on building remarkable businesses instead of managing the daily grind. Learn more at heartland.us