Credit card fraud is on the rise, despite numerous hi-tech methods aimed at stemming the tide. From skimming to site cloning to triangulation and outright physical theft, criminals are always trying to stay ahead of merchants and banks, which are busy implementing new methods to reduce the risk of fraud. In the contactless payment world, Dynamic CVV has become a key weapon against fraudulent transactions that might otherwise stymie this growing payment technology. But, is it really secure, and how does it apply to traditional credit card fraud?
Understanding Security Codes
In simple terms, a card security code (CSC) is a feature which protects payment transactions against fraud. The CSC comes in addition to an embossed card number, PIN or password associated with the card to help ensure that a user possesses the actual credit card at some level. For point-of-sale transactions, a scanning device will check the CVC1 or CVV1 encoded within the magnetic stripe of the card. This ensures that the user actually possesses the credit card and not just the embossed card number.
But, what about contactless payments, in which users are unable to scan the magnetic strips of their cards? For telephone- or Internet-based transactions, a user can relay the card’s three- to four-digit CVV2 or CVC2 code which is usually printed on the back of the card in the signature panel. In most instances, these codes do a decent job of demonstrating that a credit card user possesses the actual card. With that being said, the emergence of contactless NFC payments has brought the need for new security measures to reduce the risk of fraud and promote greater consumer confidence in this burgeoning new payment technology.
Dynamic CVV Codes
To authenticate contactless credit card transactions, major brands such as Visa and MasterCard have built dynamic CVV codes into their contactless cards. Basically, the security measure attaches a unique algorithm to a card, which results in a new security code after every single contactless transaction. If a thief ever obtains the card, he or she cannot use it for any sort of fraudulent contactless transaction, because the thief wouldn’t know the card’s unique algorithm, which results in ever-shifting security codes.
Dynamic CVV codes are quite useful for contactless near field communication transactions; however, they do nothing to help secure traditional point of sale transactions. If a thief obtains the information within a credit card’s magnet stripe either through skimming or by physical theft, the card can still be used in a multitude of ways. That said, without knowing the algorithmic-based dynamic CVV code, the thief would not be able to use the card for any sort of contactless NFC payment, and that’s a good thing, especially since dynamic CVV codes generally demand no change in infrastructure for merchants who adopt the technology.
By reducing the risk of fraud related to contactless payments, dynamic CVV looks to hold an important place in the future of credit card security, especially if it can bolster consumer and merchant confidence in this growing payment technology. Despite the fact that NFC is experiencing some headwinds to adoption, the underlying security concepts are sound and are beginning to show up in other innovative ways, illustrating the constant evolution of the struggle between payment providers and fraudsters.