Online shopping has brought many advantages, both to merchants and customers. It offers ease of access to goods and services, and it’s easier for merchants to reach out to those unable to visit their brick-and-mortar stores. Although there are downsides to shopping online with a card, a dynamic CVV may help prevent fraud and keep the assets of both parties safe.
Let’s Start at the Beginning – What Is a CVV Number?
A CVV or card verification value, also known as CVC or card verification code, is a three (sometimes four) digit security number unique to each credit or debit card. In the past, a security code was a unique number written or printed on the card itself. These days, though, with all the virtual cards and digital wallets (for example, Apple Pay) that have come out, CVVs are changeable and change every time you buy something.
What Does the Term Stand For?
As we’ve mentioned, these codes have several terms. However, there are other acronyms in use, too, and what you hear might also depend on the issuing bank:
- CVV or CVV2 (card verification value),
- CVC or CVC2 (card verification code),
- PCSC (printed card security code),
- CSC (card security code),
- CID (card identification number).
Sometimes, it may be simply referred to as a security number, and they all point to the same thing – a code on the card.
What Is a Temporary or Dynamic CVV?
We’ve explained CVVs and what they are used for, but what is a dynamic CVV? A dynamic card verification value, also called a dCVV, is a short-term protection code linked to a virtual card in a digital wallet (such as PayPal). When you have a physical card with a static CVV, the virtual form of that card might have a unique CVV that changes over time.
These types of security codes change every time you buy something, or at least every day, in order to protect the virtual version of a credit or debit card. Dynamic CVVs are a newer protection feature that has become more popular since they were introduced by Australia’s “big four” banks in 2022 – Westpac, CommBank, ANZ, and NAB.
How Does Dynamic CVV Work?
So, it’s clear that dynamic CVV protection replaces the traditional static three- or four-digit code with a code that changes periodically. There are two main methods of implementing this technology – a one-time PIN via SMS or email and an embedded electronic screen on the card.
When a customer is ready to make a purchase, they receive a one-time PIN via SMS or email. This unique code expires once the transaction is completed or within a few hours. For any further orders, you will be provided with an entirely new code, which is only sent to the user’s registered email address or phone number.
Some types of cards have small electronic screens and keyboards embedded in the back. These screens display a dynamic CVV that automatically changes every 30 to 60 minutes.
CNP Transactions and the High Potential for Fraud
Internet sales are becoming more and more important in selling. In fact, eCommerce made up more than 19% of all store sales in the world in 2023. It is expected that by 2027, online sales will make up almost a quarter of all retail sales in the world. Such a vast market and all these CNP (card-not-present) transactions also hold a huge potential for credit card fraud.
In 2020, 38% of all recorded scams around the world were online shopping scams, up from 24% before the COVID-19 outbreak. Even though the numbers lowered a bit since the pandemic, security breaches hit the industry and all its participants (merchants, credit card processing companies, and others) pretty hard. In 2022, online payment scams cost more than $40 billion. Because of this, the market for eCommerce fraud detection and protection is expected to grow over $100 billion, or more than two times as fast compared to now.
How CVVs Work In Fraud Prevention
To prevent and avoid fraud from happening altogether, CVVs have become a necessity for processors providing merchant services for credit card processing and merchants themselves. The CVVs are provided beside the cardholder’s CID (card identification number) during checkout.
The process is simple – when a customer places a purchase order with the merchant, they are required to provide standard information, such as name, billing address, card number, and CVV. The security code is then sent through credit card processing services to the issuing entity for authorization and checked for validity. The issuer next sends either an authorization or a decline back to the merchant.
The whole process helps reduce the potential for fraud, however, as CVVs can be stolen along with other personal cardholder information. It can happen when someone copies the card info for later usage or the malware on the virtual payment system skims the details before they are encrypted.
How dCVVs Prevent Fraud
A dynamic CVV sends customers a one-time usable code to either a phone or through email. After that, the customer will need to enter that code to be able to finish the purchase. The code is usually made by the card issuer’s scam prevention system and is only good for a certain amount of time. Because the window is so small, thieves and credit card fraudsters will have a harder time getting the information.
This type of technology is still emerging, but it holds great potential for enhancing security, especially since online credit card fraud continues to rise. Dynamic CVV approach could become increasingly important as the payment industry evolves, especially following the widespread adoption of the EMV standard for in-store transactions.
How Are Security Codes Used?
Generally, these security numbers can be used for authorization of many types of transactions. It’s also important to remember that CVVs aren’t always required. For instance, it’s not required in cases where a PIN number is used, like when shopping in a brick-and-mortar store or at an ATM. However, we will look at the cases where it’s a necessity.
Online Shopping
When a customer wants to make an online purchase, they are usually asked to provide their card’s 15- or 16-digit number, expiration date, CVV number, full name, and billing address. The security code (CVV) helps confirm that they physically have the card. This lowers the risk that someone is using stolen card information.
Telephone Shopping
When a customer is making a purchase over the phone, they are often asked to provide the security code. This is because the merchant can’t verify the identity through sight, signature, or by entering the card’s PIN. This code helps confirm that the customer is a legitimate cardholder.
Recurring Payments
Most online services we use, such as Spotify, Netflix, or YouTube Premium, are paid for through recurring monthly payments. It’s often required to provide a CVV, and in most cases, a dynamic CVV is set temporarily to establish these monthly payments.
Digital Wallets
Many of us have turned to the convenience of a mobile payment device or a digital wallet such as Square’s Cash App. When we use this convenient purchase option, we are usually required to use a status or dynamic CVV to complete the payment.
How to Locate CVVs on Physical Cards
When handling physical cards, the CVVs are usually found on the back of the card. For most cards, such as those issued by Mastercard and Visa, the CVV is a three-digit number printed on the right-hand side of the signature panel. In contrast, American Express cards have a four-digit CVV, which is located on the front of the card. The exact placement and number of digits may vary depending on the card issuer.
Accessing dCVVs for Virtual Cards
Virtual or digital cards that use dynamic CVV technology, operate differently from physical cards. Since the CVV changes at regular intervals, customers can only access the latest code through their online banking system. This dynamic CVV is distinct from any code printed on a physical card, so customers should always use the most up-to-date number for processing transactions.
The Difference Between CVV vs. Dynamic CVV vs. Pin
To be clear, your CVV code is not the same as your PIN. They both help keep you safe from scams, but there are some important differences. It might seem like a good idea to use the same number for both online and in-person purchases, but it’s not safe to do so.
Unlike a standard CVV, a dynamic CVV changes periodically, typically every hour or at another set interval. This makes it much harder for fraudsters to use stolen card information. Let’s compare the differences between the three.
| Aspect | CVV | Dynamic CVV | PIN |
|---|---|---|---|
| Length | 3 or 4 digits | 3 or 4 digits | Typically 4 digits |
| Who Sets It | Set by the bank or card provider | Set by the bank or card provider | Set by the user |
| Ability to Change | Cannot be changed on physical cards | Changes automatically at set intervals | Can be changed by the user |
| Location | Printed on physical cards | Displayed on a digital screen or app | Not printed on cards |
| Usage | Used for online or over-the-phone purchases | Used for online or over-the-phone purchases | Used for ATM withdrawals and most in-store transactions |
| Security Level | Standard | Higher security due to frequent changes | Standard, with the ability to enhance security by regularly changing the PIN |
The Revolution of Credit Card Usage
Besides dynamic CVVs, biometric cards are also an important factor in the transformation of payment security. This technology uses advanced fingerprint and voice recognition technology, and it could become a key driver in the industry.
These cards simplify payments by storing the cardholder’s fingerprint data directly on the card. With an integrated fingerprint reader, there’s no need for a PIN because when the fingerprint matches the stored data, the payment is approved. This card also includes a secure element that contains EMV-compliant payment applications, similar to traditional payment cards.
One significant advantage of biometric payment cards is that they remove transaction limits. Since PIN verification is no longer needed, there’s no cap on payment amounts.
Secure Transactions With Our Credit Card Processing Company
Dynamic CVV technology is a game changer for eCommerce and credit card processing, as it offers significant enhancements in security, PCI compliance, and customer trust. This technology makes it much harder for fraudsters to misuse stolen card information, so the risk of unauthorized transactions is minimized.
At Merchant Chimp, we are dedicated to providing small and medium-sized merchants with the latest in payment security solutions. If you partner with us, you can get services such as our discount program and the best merchant service rates. On top of that, we will equip your business with advanced technologies, and help you stay ahead in the fight against fraud. Contact us today to learn more about how we can support your business with secure and reliable services.
