• United States



Can credit cards with CVVs that automatically change every hour kill off card fraud?

Oct 03, 20163 mins
Data and Information SecurityInternet SecuritySecurity

French banks are about to find out if bank cards with dynamic security codes can do away with card-not-present fraudulent transactions

When shopping online and paying with a credit card or debit card, you have to enter the three-digit CVV (card verification value) from the back. These are card-not-present transactions, and entering the security code is supposed to help verify that you physically have the card. But cyber thugs have plenty of ways to get hold of your CVV and burn through your money until you happen to notice the purchases and cancel your card. In fact, card-not-present transactions made up 65 percent of all card fraud.

A French digital payment security company called Oberthur Technologies (OT) thinks it can do away such fraud by changing static CVVs to dynamic CVVs, which change every hour. If a crook gets hold of your card number, his or her shopping spree could last no more than an hour; after the security code changes, the card number would be useless.

Instead of a CVV printed on the back of a bank card, the Motion Code CVV would be displayed on an e-paper “mini-screen.” The security code would automatically refresh to some random security code every hour. That time is not set in stone. OT noted that whoever issues the card could set the CVV refresh time to any time value. In the video below, the company suggested the security code could change automatically every 30 to 40 minutes.

The consumer does nothing different, simply enters the ephemeral security code when making online purchases. Ecommerce sites also don’t need to make any changes to accept payment via cards with Motion Code technology.

OT told The Memo that Motion Code cards are otherwise identical the regular credit cards: “You can bend, drop, even put it through the wash [with] no problem.”

The battery for the digital display on the back on the card is supposed to last longer than the card’s expiration date. An ultra-think lithium battery with a lifespan of about three or more years is built into a Motion Code card so that the three digits on the back of the card “will change every hour for three years.”

It looks like OT has been pitching the dynamic security code technology since at least October 2014. A trial was conducted with 1,000 French customers last October. BPCE, the second largest bank in France, Getin Bank in Poland and banks in Mexico also participated in a pilot to test the cards. Now, two French banks are reportedly about to issue Motion Code cards to their customers.

According to an interview on PYMNTS, Motion Code bank cards cost issuers more than EMV cards, but the technology could potentially do away with card-not-present fraud and the associated costs with combating the fraud. Additionally, card issuers and processors would need OT to install “a specific server that is synchronized with the algorithm that is used to generate the code.”

Would you be inclined to want a credit card that is secure-by-design to protect you from fraudulent purchases? At the rate that sites get hacked and people fall for phishing scams, putting stolen card numbers in the hands of crooks, it would seem like having that extra layer of Motion Code security could help a lot of people.

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.