Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 18 submissions in the queue.

Pilot Project Demos Credit Cards With Shifting CVV Codes to Stop Fraud

posted by n1 on Saturday December 29 2018, @01:55PM   Printer-friendly
from the ccv-(what's-this?) dept.

upstart writes:

Submitted via IRC for SoyCow1984

Pilot project demos credit cards with shifting CVV codes to stop fraud

US-based PNC Bank is in the middle of a pilot project that aims to test out credit cards with constantly changing card verification values (or CVVs) to reduce online credit card fraud. The dynamic CVV is displayed on the back of such a card in e-ink, and changes according to an algorithm supplied by Visa.

[...] A static CVV number can provide some protection from online fraud, but sometimes CVVs can be stolen in tandem with the card number. Worse, researchers have shown that Web bots making random guesses on legitimate websites can often come up with the appropriate CVV and expiration date to pair with a card number.

A dynamic CVV should—at least in theory—be far more difficult to guess and use. The idea of a dynamic CVV isn't new: the cards are being supplied by a company called Idemia, which announced its "Motion Code" dynamic CVV cards in 2016. Since then, Visa has detailed a specification for the dynamic CVV pairing, called dCVV2, and Visa is also a partner in getting this pilot project off the ground.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Pilot Project Demos Credit Cards With Shifting CVV Codes to Stop Fraud | Log In/Create an Account | Top | 26 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Sunday December 30 2018, @10:31AM (1 child)

    by Anonymous Coward on Sunday December 30 2018, @10:31AM (#779933)

    I tried to buy something on a website, I put my card details in, and the next panel popped up asking for my date of birth.
    I rang the company who said something about 'verified by visa' that is a secondary question system that asks for information Visa has. Like data of birth. Yeah, right. That's not security. That's a good way for my personal information to be scraped and my life hacked.

    Why can't CCV be generated per use? Put in your card details, open an app or web page to your bank, generate a CCV for the transaction, put it in, website authenticates. Done.

    Problem is, they can't even get the current system to work sometimes. I tried booking a place online only to have the card rejected. My bank said they approved the transaction. Their side declined it. Apparently their side wants an account balance or something which my bank doesn't provide. No issue with the transaction, funds available, numbers are right, it's just the requester being a prick by demanding more information than the transaction requires.

    There must be a better way to spent money securely online.

  • (Score: 0) by Anonymous Coward on Sunday December 30 2018, @10:37AM

    by Anonymous Coward on Sunday December 30 2018, @10:37AM (#779935)

    https://www.alphr.com/realworld/357115/the-pointlessness-of-verified-by-visa [alphr.com]

    The final question is your date of birth, but a quick peek at a site such as Facebook or one of many family tree websites (where some helpful member of your family may have entered your date of birth for completeness) will often reveal this. It makes you wonder who comes up with these “security” measures, and whether they’ve ever actually used the internet.

    It makes you wonder who comes up with these security measures, and whether they’ve ever actually used the internet