
How passive 2FA works
Strong customer authentication is at the start of the payment journey
Safecypher dynamic CVV2 is a 3-digit security code generated on a cardholder’s smart phone. New numbers show for a short time inside a secure app with bank-accredited biometric access or PIN control. They replace the 3 digits on the card when paying online.
Once activated, online payments are validated by entering the dynamic 3-digit number from the app into the payment page in place of the static CVV2 code on the card. If the code is correct, the cardholder is authenticated in the background and the transaction approved.
Mobile payment journey
Desktop payment journey
Technology is robust, flexible and scalable
Well-designed and dependable with security built in at every stage
- Built to the highest RTS security standards using market-leading vendors
- Reviewed by a Qualified Security Assessor throughout the build to ensure security
- Microsoft Azure security features provide control, scalability and future-proofing
- Construction is parameterised for flexibility
- Pause switch enables issuers to revert cards to static CVV2 in an unlikely outage
- Implementation is rapid with no impact on legacy systems
FAQs
What is Dynamic CVV?
A CVV, or Card Verification Value, is a security code found on debit and credit cards that is used to verify a cardholder’s possession of the card during card not present (CNP) transactions. Dynamic CVV (dCVV) is a CVV that changes routinely between transactions, providing an additional layer of security that enhances the cardholder purchase experience.
What types of cards use Dynamic CVV?
A Digital dCVV may be added to any existing payment card, and configured in the financial institution’s mobile app. The cardholder opens their bank app for the new CVV at the time of purchase. Digital dCVV enhances security. This added layer of protection is complementary to ecommerce fraud solutions like 3DS & TSYS Smart Secure. For digital onboarding, issuers may combine Digital dCVV with instant issuance through the Digital Card View in the issuer card app and provision to the card wallet on the user’s device.
What current market challenges does Dynamic CVV help to solve?
• Increasing dollar losses and cases of CNP fraud
• Rise in false declines on ecommerce transactions
• Moving legacy card technology to digital platforms
• Cardholder insecurity and fear of scams
What value does it provide?
With a new security code generated every five minutes, most transactions will have a new code and fraud initiated from stolen card information may be greatly reduced.
What are differentiators for this solution compared with competitors?
Cardholders are more in control, retrieving a new CVV from their mobile app for each purchase. The cost of physical card production with a dCVV chip is eliminated. Digital dCVV is fully Integrated in the financial institution’s mobile app which is a better cardholder experience within the flow of a mobile purchase transaction or use of digital wallet.
Who can benefit from the solution?
Issuers will benefit from lower fraud costs, lower overheads on fraud management and the possible elimination of the need for mass* reissues in the future. Cardholders will benefit from a higher level of security, especially with ecommerce transactions. Fewer false declines and a reduced potential for fraud also make for a better purchase experience. Merchants also appreciate the added layer of fraud protection and fewer abandoned purchases due to authentication issues.
*At the issuer’s discretion, not mandated by the networks/schemes
What are the key benefits for issuers?
• Provides ecommerce transaction protection
• Renders stolen card information virtually useless
• Reduces CNP fraud and false declines
• Requires no changes to merchant infrastructure
• Digital dCVV aligns with mobile app and digital wallet
• Ease of deployment – Two APIs make deployment easy for issuers
What are the key benefits for cardholders?
• Provides an added layer of card security
• Adds peace of mind and an increased sense of security for ecommerce purchases
• Frictionless user experience
• First adopters’ appeal
• Powerful selling point for card acquisition
• CVV controls via the issuer’s mobile app and digital wallet, such as turning dCVV on and off
What are the features and functionalities?
• Activate Digital dCVV on any existing EMV card
• Apply to existing cards with no reissue required
• New CVV is generated at issuer configured intervals (from one to five minutes)
• CVV is conveniently managed in FI’s mobile app
• Two-factor (2FA) authentication occurs early in payment journey
• Issuers may (through APIs integrated in their app) enable cardholders to turn on/off Digital dCVV
• Digital dCVV is never stored in the physical card or in a user’s digital wallet
Where is the solution available?
Digital dCVV is available for consumer credit cards in the United States of America.
How far does Dynamic CVV go towards eliminating fraud and false declines?
While we cannot say that dCVV eliminates 100% of fraud and false declines, it comes close. There are always instances in which systems go down either with the processor or network. In cases of processor and network interruptions, automated rules kick in and a cardholder could face an interruption on a higher cost transaction. However, when cardholders enter the correct dynamically changing CVV codes, this solution reduces friction, increases approval rates and increases interchange revenue for issuers.
What factor is behind increased approval rates and interchange with Dynamic CVV?
Convenience is the key for Digital dCVV card transactions. There’s simply less friction and potential step-ups in the purchase process for cards in which the CVV automatically changes. It’s easier to execute in the flow of the transaction. For example, typical 3D-Secure transactions have an abandonment rate of roughly 20%. This is due mostly to cardholders who choose to abandon a transaction instead of completing any additional verification steps that are necessary. In those cases, both issuer and merchant lose a transaction approval and the revenue and interchange that come with it.
What is a benefit that issuers may not be aware of when evaluating Dynamic CVV?
dCVV also reduces fraud losses for merchants. Issuers are driven by merchant responsiveness. Based on current payment regulations, merchants are liable for fraudulent transactions, based on U.S. regulations. This means they face high costs in digesting fraud losses and in dealing with chargebacks. dCVV greatly reduces fraud, and thus, can significantly reduce the cost of chargebacks for merchants. As issuers introduce dCVV into their card portfolios, merchants will be more willing to do business with those cardholders.
What differentiates Dynamic CVV from other fraud services that issuers deploy?
3D-Secure, fraud scoring and other authentication controls use AI and machine-learning to stop fraudsters. While they are effective, those same tools can also be used by fraudsters to exploit weaknesses in card security.
What’s different with dCVV, is that cardholders are also engaged in the fight to prevent fraud when using their card in several ways:
1) Visible and tangible security — a cardholder can see their CVV code dynamically changing and understand how that protects their mobile and online transactions — resulting in greater peace of mind.
2) Cardholders retrieve the CVV with their mobile app, giving cardholders an active role in the fight against fraud.
dCVV deters fraudsters as it greatly lessens the chances that fraudsters will be able to both possess the cardholder’s device and access their mobile app at the same time. With a dynamically changing CVV the window for possessing and accessing is very narrow.
Explain Dynamic CVV’s use as two-factor authentication?
It’s ideal for low transaction risk approvals. It stands as its own form of 2FA for issuers. By having cardholders enter the refreshed CVV, it authenticates the user — binding the cardholder to their device. Authentication begins at the earliest part of the purchase. If you’re on an issuer’s fraud team as an operator or strategist, dCVV acts as a 2FA authentication method to greatly reduce workloads on tracking and setting rules to prevent fraud.
How is Dynamic CVV a better option for fraud prevention than one-time passwords?
dCVV codes cannot be intercepted “over-the-air” like other types of authentication codes (text messages, etc.). The dCVV is never stored on a card or device or transmitted.
How do issuers execute setting up Dynamic CVV for use with their bank’s mobile app?
With digital, this is a simple process using two APIs, managed through dedicated API documentation and workflow, that TSYS will provide the issuer when contracting for dCVV enhancement on their card portfolios.
How does Dynamic CVV work with recurring payments?
Typically, with merchants, after the initial payment is validated, your card remains “on file” with the merchant for all subsequent recurring payments.
What happens in the case of a failover?
To ensure the cardholder journey is not impacted, TSYS will have a mechanism in place to recognize that the service is down and to revert to the static CVV.
Given that Digital dCVV is dependent on the cardholder’s device and mobile app, what happens when the cardholder changes or loses their phone?
Customer service is prepared to handle the switch “off/on” of dCVV, enabling cardholders to turn off dCVV in their app on the old phone and turn on dCVV in their app on the new phone. dCVV codes are based on tokens so the service will only work on a single device for a cardholder at any given time.
What are the benefits of bundling Dynamic CVV with digital client onboarding?
There is a benefit to Digital dCVV when paired with digital instant issuance of the new card (TSYS Instant Card) and placed into card wallets (TSYS Wallet Provisioning). Digital onboarding speeds up time to revenue for issuers. More importantly, this integration avoids manual provisioning of the card to a digital wallet. Manual provisioning of card to wallet results in higher fraud incidents. Fraud is virtually eliminated by digital onboarding with dCVV when wallet provisioning is automated.
Is CVV a standard term across schemes?
CVV is the term for VISA; CVC is Mastercard; and CSC is AMEX. For the purposes of Dynamic CVV, we group them together as CVV. dCVV is technically dCVV2.
Passive two-factor authentication
In Europe and globally
The frictionless booster adds passive two-factor authentication (2FA) to any existing risk assessment tool in Europe and globally.
- No need to rely on data from merchants
- No need for risk assessment via an access control server
- Transaction risk analysis benefits can be deployed more effectively
1 out of 5 challenges result in abandonment3 and lost sales impacting revenue. Safecypher passive 2FA reduces friction so there is less user abandonment and more revenue for issuers.
