A CVV, or Card Verification Value, is a security code found on debit and credit cards that is used to verify a cardholder’s possession of the card during card not present (CNP) transactions. Dynamic CVV (dCVV) is a CVV that changes routinely between transactions, providing an additional layer of security that enhances the cardholder purchase experience. 

A Digital dCVV may be added to any existing payment card, and configured in the financial institution’s mobile app. The cardholder opens their bank app for the new CVV at the time of purchase. Digital dCVV enhances security. This added layer of protection is complementary to ecommerce fraud solutions like 3DS & TSYS Smart Secure. For digital onboarding, issuers may combine Digital dCVV with instant issuance through the Digital Card View in the issuer card app and provision to the card wallet on the user’s device.

• Increasing dollar losses and cases of CNP fraud

• Rise in false declines on ecommerce transactions

• Moving legacy card technology to digital platforms 

• Cardholder insecurity and fear of scams

With a new security code generated every five minutes, most transactions will have a new code and fraud initiated from stolen card information may be greatly reduced.

Cardholders are more in control, retrieving a new CVV from their mobile app for each purchase. The cost of physical card production with a dCVV chip is eliminated. Digital dCVV is fully Integrated in the financial institution’s mobile app which is a better cardholder experience within the flow of a mobile purchase transaction or use of digital wallet.

Issuers will benefit from lower fraud costs, lower overheads on fraud management and the possible elimination of the need for mass* reissues in the future. Cardholders will benefit from a higher level of security, especially with ecommerce transactions. Fewer false declines and a reduced potential for fraud also make for a better purchase experience. Merchants also appreciate the added layer of fraud protection and fewer abandoned purchases due to authentication issues.

*At the issuer’s discretion, not mandated by the networks/schemes

• Provides ecommerce transaction protection

• Renders stolen card information virtually useless

• Reduces CNP fraud and false declines

• Requires no changes to merchant infrastructure

• Digital dCVV aligns with mobile app and digital wallet

• Ease of deployment – Two APIs make deployment easy for issuers

• Provides an added layer of card security

• Adds peace of mind and an increased sense of security for ecommerce purchases

• Frictionless user experience

• First adopters’ appeal

• Powerful selling point for card acquisition

• CVV controls via the issuer’s mobile app and digital wallet, such as turning dCVV on and off

• Activate Digital dCVV on any existing EMV card

• Apply to existing cards with no reissue required

• New CVV is generated at issuer configured intervals (from one to five minutes)

• CVV is conveniently managed in FI’s mobile app

• Two-factor (2FA) authentication occurs early in payment journey

• Issuers may (through APIs integrated in their app) enable cardholders to turn on/off Digital dCVV

• Digital dCVV is never stored in the physical card or in a user’s digital wallet

Digital dCVV is available for consumer credit cards in the United States of America.

While we cannot say that dCVV eliminates 100% of fraud and false declines, it comes close. There are always instances in which systems go down either with the processor or network. In cases of processor and network interruptions, automated rules kick in and a cardholder could face an interruption on a higher cost transaction. However, when cardholders enter the correct dynamically changing CVV codes, this solution reduces friction, increases approval rates and increases interchange revenue for issuers.

Convenience is the key for Digital dCVV card transactions. There’s simply less friction and potential step-ups in the purchase process for cards in which the CVV automatically changes. It’s easier to execute in the flow of the transaction. For example, typical 3D-Secure transactions have an abandonment rate of roughly 20%. This is due mostly to cardholders who choose to abandon a transaction instead of completing any additional verification steps that are necessary. In those cases, both issuer and merchant lose a transaction approval and the revenue and interchange that come with it.

dCVV also reduces fraud losses for merchants. Issuers are driven by merchant responsiveness. Based on current payment regulations, merchants are liable for fraudulent transactions, based on U.S. regulations. This means they face high costs in digesting fraud losses and in dealing with chargebacks. dCVV greatly reduces fraud, and thus, can significantly reduce the cost of chargebacks for merchants. As issuers introduce dCVV into their card portfolios, merchants will be more willing to do business with those cardholders.

3D-Secure, fraud scoring and other authentication controls use AI and machine-learning to stop fraudsters. While they are effective, those same tools can also be used by fraudsters to exploit weaknesses in card security.

What’s different with dCVV, is that cardholders are also engaged in the fight to prevent fraud when using their card in several ways:

1) Visible and tangible security — a cardholder can see their CVV code dynamically changing and understand how that protects their mobile and online transactions — resulting in greater peace of mind.

2) Cardholders retrieve the CVV with their mobile app, giving cardholders an active role in the fight against fraud.

dCVV deters fraudsters as it greatly lessens the chances that fraudsters will be able to both possess the cardholder’s device and access their mobile app at the same time.  With a dynamically changing CVV the window for possessing and accessing is very narrow.

It’s ideal for low transaction risk approvals. It stands as its own form of 2FA for issuers. By having cardholders enter the refreshed CVV, it authenticates the user — binding the cardholder to their device. Authentication begins at the earliest part of the purchase. If you’re on an issuer’s fraud team as an operator or strategist, dCVV acts as a 2FA authentication method to greatly reduce workloads on tracking and setting rules to prevent fraud.

dCVV codes cannot be intercepted “over-the-air” like other types of authentication codes (text messages, etc.). The dCVV is never stored on a card or device or transmitted.

With digital, this is a simple process using two APIs, managed through dedicated API documentation and workflow, that TSYS will provide the issuer when contracting for dCVV enhancement on their card portfolios.

Typically, with merchants, after the initial payment is validated, your card remains “on file” with the merchant for all subsequent recurring payments.

To ensure the cardholder journey is not impacted, TSYS will have a mechanism in place to recognize that the service is down and to revert to the static CVV.

Customer service is prepared to handle the switch “off/on” of dCVV, enabling cardholders to turn off dCVV in their app on the old phone and turn on dCVV in their app on the new phone. dCVV codes are based on tokens so the service will only work on a single device for a cardholder at any given time.

There is a benefit to Digital dCVV when paired with digital instant issuance of the new card (TSYS Instant Card) and placed into card wallets (TSYS Wallet Provisioning). Digital onboarding speeds up time to revenue for issuers. More importantly, this integration avoids manual provisioning of the card to a digital wallet. Manual provisioning of card to wallet results in higher fraud incidents. Fraud is virtually eliminated by digital onboarding with dCVV when wallet provisioning is automated.

CVV is the term for VISA; CVC is Mastercard; and CSC is AMEX. For the purposes of Dynamic CVV, we group them together as CVV. dCVV is technically dCVV2.