{"id":6559,"date":"2024-10-04T14:13:26","date_gmt":"2024-10-04T08:43:26","guid":{"rendered":"https:\/\/zv3d.wpengine.com\/us\/?p=6559"},"modified":"2025-01-29T14:47:18","modified_gmt":"2025-01-29T09:17:18","slug":"role-of-dynamic-cvv-in-card-fraud-prevention","status":"publish","type":"post","link":"https:\/\/www.zeta.tech\/us\/resources\/blog\/role-of-dynamic-cvv-in-card-fraud-prevention\/","title":{"rendered":"Understanding the Role of Dynamic CVV in Digital Fraud Prevention"},"content":{"rendered":"

Contents<\/strong><\/p>\n

    \n
  1. Dynamic CVV Secures Cards From Card Not Present Fraud<\/strong><\/a><\/li>\n
  2. How Issuers Can Enable Dynamic CVV<\/strong><\/a><\/li>\n
  3. How Dynamic CVV Works<\/strong><\/a><\/li>\n
  4. Key Advantages of Dynamic CVV<\/strong><\/a><\/li>\n
  5. The Next Step for Issuers<\/strong><\/a><\/li>\n<\/ol>\n

    Credit cards <\/span>remain<\/span> one of the most preferred and fast-growing payment method<\/span>s<\/span> in the US, <\/span>with <\/span>total credit card purchase volumes reaching <\/span>$5.82 trillion<\/span> in 20231<\/sup><\/a><\/span><\/span><\/span>. <\/span>Credit cards are especially <\/span>preferred<\/span> for online payments<\/span>, and<\/span> accounted for 32% of all ecommerce payments in <\/span>the US in 2023<\/span>.<\/span><\/span><\/p>\n

    However, with this growth comes a pressing challenge: the exponential rise in online fraud especially Card Not Present (CNP) fraud. According to a report by the Federal Trade Commission (FTC), credit card fraud topped the list of identity theft types in 2023, with over 400,000 reported incidents of card credentials being misused2<\/sup><\/a><\/span><\/span><\/span>.\u00a0<\/span><\/span><\/p>\n

    One of the key drivers of this fraud is the reliance on static CVV codes, which can be easily compromised through data breaches, phishing, and malware attacks. Once these static codes, along with other card credentials, are stolen, fraudsters can use them to make online purchases without needing the physical card.\u00a0<\/span><\/span><\/p>\n

    Globally, CNP fraud losses are estimated to reach $28 Billion by 2026, with the number touching $12.8B for the US. 3<\/sup><\/a><\/span><\/p>\n

    Understanding Static CVV and Its Limitations<\/span>\u00a0<\/span><\/h2>\n

    A static CVV (Card Verification Value) is a 3- or 4-digit security code found on the back of payment cards, used to verify card-not-present transactions. It remains fixed for the life of the card and is generated using the following steps:<\/span>\u00a0<\/span><\/p>\n

      \n
    • Input data preparation: The card\u2019s Primary Account Number (PAN) and expiration date are selected as key data points.<\/span>\u00a0<\/span><\/li>\n
    • Cryptographic key selection: A secret cryptographic key (CVK), unique to the issuer, is used.<\/span>\u00a0<\/span><\/li>\n
    • Algorithm selection and encryption: The PAN, expiration date, and other data are encrypted using DES\/3DES, producing a truncated 3- or 4-digit CVV.<\/span>\u00a0<\/span><\/li>\n<\/ul>\n

      While static CVVs provide basic security, their fixed nature makes them vulnerable to fraud, especially Card-Not-Present fraud, if the card data is compromised.<\/span>\u00a0<\/span><\/p>\n

      Dynamic CVV Secures Cards From Card Not Present Fraud<\/h2>\n

      Dynamic CVV<\/span><\/b> or dCVV (Card Verification Value) offers a compelling solution to this global problem. By replacing the static CVV number with a digitally renewed random number every minute or so, dCVV effectively neutralizes stolen card data, making it nearly impossible for fraudsters to execute unauthorized transactions.\u00a0Unlike static CVV that is printed on physical credit and debit cards, a dynamic CVV changes periodically, making it significantly more difficult for fraudsters to exploit stolen card information. \u00a0The dynamic CVV can be accessed by the cardholder through various means, including:\u00a0<\/span><\/p>\n

        \n
      • A small digital display on the physical card itself<\/li>\n
      • A mobile banking app that updates with the latest CVV<\/li>\n
      • SMS notifications sent to the cardholder\u2019s mobile device<\/li>\n
      • A separate hardware token or device that generates the CVV<\/li>\n<\/ul>\n

        In the following sections, we explore how Dynamic CVV works, its benefits, and its critical role in safeguarding issuers and consumers against the escalating threat of fraud.<\/p>\n

        How Issuers Can Enable Dynamic CVV<\/h2>\n

        Issuers can enable <\/span>dyn<\/span>am<\/span>i<\/span>c<\/span> C<\/span>V<\/span>V<\/span> for their card programs by partnering with technology providers <\/span>offering <\/span>native support for dynamic CVV<\/span>.\u00a0<\/span><\/span>Following are some of the core capabilities a processing platform would require:<\/p>\n

          \n
        • Native ability to generate a cryptographically secure dynamic CVV<\/li>\n
        • Integration with and certification by card networks (Visa\/MasterCard) and to generate Dynamic CVV<\/li>\n
        • Ability to manage lifecycle of the dynamic CVV, including customizable expiry and refresh cycles for each cardholder<\/li>\n
        • Ability to support user control to enable\/disable dynamic CVV from their card app<\/li>\n<\/ul>\n

          One of the key capabilities issuers should consider when enabling dynamic CVV for their card programs is giving cardholders the flexibility to use it based on their preferences. Some users may prefer using static CVVs if they make frequent transactions or find logging into an app every time to get the CVV cumbersome. Giving cardholders the controls to disable\/enable dynamic CVV and set refresh duration will prevent frustration while allowing them to explore and adopt the feature at their own pace.<\/p>\n

          The following illustration depicts how a cardholder can enable or disable\u00a0their dCVV feature on a card issued on Zeta\u2019s next-gen processing platform.<\/p>\n