Could Dynamic CVV Be the Card of the Future?

April 2, 2015
Dynamic CVV

The CVV code may be better known as "that three-digit number on the back of your credit card." CVV stands for Card Verification Value, and this system, which is either a three-digit number on the back of your card, or, in the case of American Express, a four-digit number on the front of your card, is designed to provide added security to your purchases. When you shop online or by phone, you'll need to give merchants this number to prove that you're actually holding the card so they know it's not a fraudulent purchase because there's no other way to identify you since you're not there in person.

As Visa notes on its website, merchants aren't allowed to save these CVV codes--also known as CVV2 codes--in their systems, so that's supposed to protect you from identity theft and fraud. The code's sent to the card-issuing bank, and it electronically verifies that that's you and authorizes the transaction, all in the matter of a few seconds. If someone's stolen your card number, say, through hacking into a merchant's system, getting numbers and making new credit cards, in theory they're not supposed to be getting the CVV.

Unfortunately, if your physical credit card is stolen, then fraudsters have your CVV number and can make purchases at will. In terms of using cards online, this could shape up to be a big problem rather quickly.

Even the EMV chip solution doesn't necessarily offer protection from these Card Not Present (CNP) transactions. The European Central Bank noted in a report last year that in relative although credit card fraud at the point of sale decreased--which is the type of fraud the EMV chip fights against--CNP transactions increased, which shows that thieves are figuring out ways to get access to cards and their CVV numbers to continue stealing.

Credit card maker Oberthur Technologies thinks it may have an answer to this problem: Dynamic CVV numbers. A dynamic CVV is one that changes frequently, so you theoretically couldn't make frequent CNP purchases with the same information.

Last August, Oberthur acquired NagraID Security, which developed this technology. Instead of a printed digit on your card, there would be an embedded chip that would display this code, and the code would change every hour. Because of the frequency of the CVV changes, capturing one static CVV wouldn't help thieves--they'd be behind the eight-ball in terms of having an accurate, useful number that a fraudster would be willing to pay them for.

Oberthur says this technology would be relatively easy to implement because it doesn't require a lot of changes on the back end. Card-issuing banks could still control the purchase authorizations. Online retailers wouldn't have to change the processes they already have in place. Oberthur also contend that customers would be more assured of their card's heightened security; however, if you're like me, you've memorized your favorite credit card number and its CVV, which makes online shopping a lot faster. With this solution, you'd have to locate your card for every online purchase you want to make. Oberthur didn't reference what would happen in situations where an online retailer has your card information stored for one-click ordering.

This would, however, require possessing a new type of credit card that comes with the technology to create the changing CVV numbers.

To make this effort a reality, Oberthur has invested in its manufacturing facility in Shenzhen, China, to be able to produce the patented display card technology. The company plans for initial shipments and trials during the second quarter of this year. The trial results will likely determine when the product will be available to the market at large.

See all posts →