Shopping online or via telephone offers important advantages for consumers and merchants alike:
- Customers can buy their favorite products and services from the comfort of home. There's no need to travel or wait in long lines.
- Companies can sell goods to those who can't physically access their brick-and-mortar stores. It's possible to connect with customers on the other side of the globe.
However, there is a downside to card-not-present (CNP) transactions.
It becomes much harder for merchants to verify if the card account holder is the same person who is making the purchase. If a criminal knows a customer's card number, name and billing address, he can initiate unauthorized and anonymous transactions.
To prevent this type of credit card fraud, many merchants and processors now require that customers provide a card verification value (CVV) during the checkout process. This value is the three- to four-digit code on the back of most major credit and debit cards.
Although this extra security requirement does help to reduce fraud, CVVs are easy to steal. Anyone who has held or seen your card can copy the code and use it later.
Now, there is a growing movement to use dynamic CVV codes that offer even greater protection against unauthorized purchases.
How Does Dynamic CVV Protection Work?
Instead of having a static three- or four-digit code on the back of the card, dynamic CVV technology creates a new code periodically. When a customer is ready to initiate a transaction, she receives an SMS or email with a one-time PIN. That unique code expires after the purchase is complete — or within the next few hours.
Making a new purchase thereafter requires generating another unique code that only gets sent to the email or phone number registered for that user.
Although the technology continues to receive a lot of attention, dynamic CVV protection isn't really that new. There already exist several competing solutions on the market:
- Digital security company Gemalto was one of the first to introduce this fraud prevention measure. However, early attempts involved embedding dynamic CVV displays directly into the card, making this approach prohibitively expensive for many users. In addition, Gemalto’s code changes every 20 minutes, which is sometimes too small a window when shopping via telephone.
- Fraud prevention solutions company Tender Armor relies more heavily on text and email. For criminals to initiate unlawful transactions, they must have direct access to cardholders’ smartphones or email passwords. Tender Armor also changes its codes less frequently — usually every 24 hours.
Dynamic CVV technology is still in its infancy, and it'll take some time for the industry to work out kinks. For example, how does one receive text alerts when traveling abroad?
Should You Incorporate Dynamic CVVs into Your Business?
If you regularly sell products online or via phone, it's important to make your team aware of dynamic CVVs. Yet as a business, you don't have to make any changes to your payment infrastructure. Implementing this fraud protection measure happens on the consumer side — not the merchant side.
However, there are steps you can take to make the entire shopping experience more secure for everyone involved: