With the gradual acceptance of EMV in U.S. markets, payments security at checkout – that is, card-present transactions – is enjoying an enhanced level of security. There is little chance we’ll see another series of high-profile retail data breaches as we did several years ago. However, transactions in which a physical card is used at the point of sale is only part of the story. Online and contactless payments are taking over a greater fraction of payment scenarios and EMV does not necessarily protect these type of sales.
Most realize the need for new security measures. Dynamic CVV appears to be a promising technology that can protect sensitive cardholder data when a card is not dipped into a payments terminal. First, a short lesson – CVV and CVC are the 3- or 4-digit verification codes tracked on the magnetic stripe and printed on the card (often near the signature area).
MasterCard and Visa are implementing Dynamic CVV codes in cards capable of contactless payments. The technology attaches a unique algorithm to the card, generating a new security code after each transaction. Thus, even is a thief is able to obtain the card number, expiration date, CVV and such, replicating the card is fruitless. That particular code will never resurface.
For internet payments, payment security experts are testing systems in which the CVV code randomizes every 40 to 60 minutes. Again, any payment data in transit is in danger of theft. However, this form of Dynamic CVV limits the window in which stolen information can be used.
These technologies are introducing more secure elements in the payments chain, protecting consumers no matter how they wish to pay with credit and debit cards. That will inevitably lead to a dissolution of the barriers to adopting NFC-contactless payments and a more trusted sales environment.