Dynamic CVV/CVC Codes Are Here!
Foil credit card hackers and eliminate card-not-present fraud.
The EMV Chip Card Era
Now that EMV cards are being deployed in the US, credit card fraud at brick and mortar stores is diminishing. Hackers cannot duplicate a chip card so they can’t make purchases in physical stores. But they can definitely use stolen card information to purchase things online and through mobile channels, a.k.a. card-not-present (CNP). This is due to the facts that 1) EMV chip cards do absolutely nothing to prevent CNP fraud, and 2) the credit card info required for CNP purchases is static and never changes. Thus, for the past 24 months, CNP fraud in the US has been on a sharp rise. This fraud migration has happened in every single country where EMV was deployed. One might ask, “Didn’t they see it coming?”
Once again, human nature prevailed and until the costs of CNP fraud reached an intolerable level, nothing would be done to mitigate the increase in CNP fraud. Now, the time has come. CNP fraud accounted for 70% of credit card fraud in EMV markets (APCA 2015, Financial Fraud Action UK 2015, UK ECB 2015). It’s about time we bring out the secret weapon: Dynamic CVV/CVC Codes.
Dynamic Security Codes Are Not New
Dynamic security codes have been in use in the enterprise and government worlds for over 20 years. It is a mature technology typically deployed in the form of a bulky keyfob, electronic display card or more recently, a mobile app. They provide two-factor authentication for a much more secure access method than just username and password. The dynamic code fob, card or app generates a 6-digit number for the user to enter after their username and password. The dynamic number is the second factor and if the hacker does not have the proper number, access is denied.
Today, dynamic CVV/CVC code devices come in dozens of form factors and variations, including a credit card size One-Time Password display card. This OTP display card made it’s debut back in 2008 when Bank of America began offering its “SafePass” card for account login security to prevent account take-over fraud. For a brief history on the OTP Display card, click here. OTP cards, fobs and apps are now widely used in the financial, healthcare, government, insurance, aerospace and enterprise markets. In all markets, two-factor authentication is basically forced upon the employees as a result of internal IT security policies primarily driven by compliance or in response to a breach.
Consumers Need Protection
The eCommerce, Financial, and Healthcare markets cannot force two-factor security on its consumers but some have made it available to their customers either free or for a nominal cost. This opt-in approach without strong marketing support results in very low adoption rates and thus, very little impact on fraud rates. The lack of marketing support is due to the viewpoint that security is a boring, necessary evil that should be kept behind the curtain to avoid “scaring” the customers. This backward thinking has been the reason for anemic mass deployment.
Despite what marketing execs believe, consumers are hungry for easy ways to protect their online and mobile accounts and transactions. I witnessed the demand when B of A briefly promoted their SafePass card at $19.95, causing demand to jump 6 times over the passive web page they had for their branded OTP Display card for account security. Despite the overwhelming success of a simple pop-up page to make people aware (very low cost), they felt they were “scaring the customers” and relegated the SafePass page back into the basement of buried links under their “Security” menu. Takeaway: Offer it and they will come.
The SurePassID Dynamic CVV/CVC Codes Solution
SurePassID offers a complete Dynamic CVV/CVC Codes solution including the SurePassID DSC Authentication Service, the Dynamic CVV/CVC Mobile app and/or the Dynamic CVV/CVC Payment card (see actual photo). Our server can be deployed to work with 3DSecure or whatever Access Control Server the issuer has.
We have been waiting for the fraud level to reach the pain point for the banks to start offering a solution for consumers to protect themselves. The pain level is now becoming unbearable (finally!). Do you feel the pain? Sign up for free trial sandbox account and take Dynamic Security Codes for a test drive.
Let’s face it, human nature generally follows this maxim: “If it ain’t broke, don’t fix it.” In business, this generally means that companies won’t do anything about a problem until it starts materially impacting the profits or the satisfaction of a significant portion of their customer base. Historically, credit card fraud was written off as a cost of doing business. Customers who experienced credit card fraud were not liable for the charges so they didn’t care much about it. Thus, dynamic CVV/CVC codes on cards were not considered as cost effective.
Today, more than ever, card-not-present fraud is on the rise and it’s going to get a lot worse before it gets better due to the deployment of EMV cards in the U.S. Customers are frustrated and tired of the inconvenience caused by credit card fraud. They are eager to protect themselves with a better solution.
Attention banks and credit card issuers: it’s time to take the next step to offer your customers Dynamic Card Security Codes, either with the SurePassID dCVx Mobile App or Dynamic CVx Credit Cards. Be the leader in PREVENTING card-not-present fraud and attract new customers.