
How passive 2FA works
Users are authenticated along with their card details before payment starts
Safecypher dynamic CVV2 is a 3-digit security code generated on a cardholder’s smart phone. New numbers show for 60 seconds inside a secure app with bank-accredited biometric access or PIN control. They replace the 3 digits on the card when paying online.
Once activated, online payments are validated by entering the dynamic 3-digit number from the app into the payment page in place of the static CVV2 code on the card. If the code is correct, the cardholder is authenticated in the background and the transaction approved.

Technology is robust, flexible and scalable
With security built in at every stage, Safecypher is ready to deploy
- Built to the highest RTS security standards using market-leading vendors
- Reviewed by a Qualified Security Assessor throughout the build to ensure security
- Microsoft Azure security features provide control, scalability and future-proofing
- Construction is parameterised for flexibility
- Pause switch enables issuers to revert cards to static CVV2 in an unlikely outage
- Implementation is rapid with no impact on legacy systems
Passive two-factor authentication
In Europe and globally
The frictionless booster adds passive two-factor authentication (2FA) to any existing risk assessment tool in Europe and globally.
- No need to rely on data from merchants
- No need for risk assessment via an access control server
- Transaction risk analysis benefits can be deployed more effectively
1 out of 5 challenges result in abandonment3 and lost sales impacting revenue. Safecypher passive 2FA reduces friction so there is less user abandonment and more revenue for issuers.
