As Chip technology becomes more prevalent globally, fraudsters are targeting card-absent transactions more often. The use of dynamic Card Verification Value 2 (dCVV2) is one tool issuers may consider to reduce fraud risk in this environment.
On a standard card, the 3-digit CVV2 value is printed on the back. Because the value is static, it could be reused for fraudulent transactions following compromise during a data breach. By contrast, the dCVV2 value is not static and updates periodically. This greatly reduces the opportunity for reuse because, once the value is updated, issuers can identify older or expired values and decline transactions accordingly. Compromised accounts may not automatically require card reissuance, saving on the costs of card production and distribution, customer service, fraud investigation, and attrition.
The Visa dCVV2 Authenticate service checks the dCVV2 code during authorization processing, and forwards the result (pass/fail) to the issuer, or responds to the acquirer on the issuer’s behalf. Visa dCVV2 Generate provides a cost effective way for issuers to make dCVV2 codes available to their cardholders via a mobile banking, SMS, or standalone mobile app.