Submitted via IRC for SoyCow1984
Pilot project demos credit cards with shifting CVV codes to stop fraud
US-based PNC Bank is in the middle of a pilot project that aims to test out credit cards with constantly changing card verification values (or CVVs) to reduce online credit card fraud. The dynamic CVV is displayed on the back of such a card in e-ink, and changes according to an algorithm supplied by Visa.
[...] A static CVV number can provide some protection from online fraud, but sometimes CVVs can be stolen in tandem with the card number. Worse, researchers have shown that Web bots making random guesses on legitimate websites can often come up with the appropriate CVV and expiration date to pair with a card number.
A dynamic CVV should—at least in theory—be far more difficult to guess and use. The idea of a dynamic CVV isn't new: the cards are being supplied by a company called Idemia, which announced its "Motion Code" dynamic CVV cards in 2016. Since then, Visa has detailed a specification for the dynamic CVV pairing, called dCVV2, and Visa is also a partner in getting this pilot project off the ground.
(Score: 0) by Anonymous Coward on Saturday December 29 2018, @10:40PM
And you'd be wrong. People don't repeatedly screw up their CVV. You have to put some spacing in between the discovery and the use, or it looks suspicious. Not a lot, but enough. However, this new system prevents you from waiting too long.
Also, people don't make a bunch of online purchases at once. Too many, and they all look suspicious. So you have to wait between them. The longer you can wait, especially if you use different delivery mules, the less likely you are to be noticed and the more your theft appears to be a random lucky guess from shotgunners, than it appears to be from compromised credentials. The latter of which is much more likely to be reissued by the card companies and starting the process over for the bad guys.