Enable Generation of Dynamic CVV2 Codes

Enable generation of dynamic CVV2 codes on request via an issuer’s mobile banking application.

Visa dCVV2 Generate enables issuers to request dynamic CVV2 codes (up to 24 per call) for cardholders to use when processing Card Not Present transactions. Codes will then be stored and used for validation as transactions are authorized.

Available for use by

Issuer Banks

Regional Availability


Reduce the possibility of eCommerce fraud with dynamic CVV2

Usage of CVV2 is increasing globally. However, there is an ever growing risk of static CVV2 values being stored and compromised. To address this, Visa has developed the means of generating dynamic CVV2 (dCVV2) codes which the issuer can send to the cardholder. The dCVV2 is then used by the cardholder in the same way as a CVV2.

For more details, refer to Dynamic CVV2 Generate and Authenticate.

Dynamic Codes Usage Scenario

Fatima is an avid online shopper and, based on KYC data, the issuer displays an offer for Fatima to help increase security with the use of dynamic security codes during her online shopping.  Later, while shopping for her cousin’s wedding, Fatima remembers the offer and accesses her issuer’s banking application and requests the “Dynamic Security Code” for her credit card. The code is delivered to Fatima, and at checkout she uses the dCVV2 value she has been issued. The next day, she is shopping online for her nephew’s graduation, and she again uses the issuer’s mobile app to request a dCVV2. The issuer had requested multiple codes from Visa with Fatima’s original request the previous day, so simply forwards her the current valid value – without making another call to the Visa API.  Fatima uses this new value while checking out to complete a successful Card Not Present transaction.

step 1

Use Online Banking Application

Fatima uses her online banking application to review recent purchases made with her credit card.

step 2

Issuer Displays an Offer

Based on MCC, the issuer displays an offer next to her online purchase transactions for “enhanced security with a Dynamic Security Code.”

step 3

Request Dynamic Codes

Enhanced security is important to Fatima, so later, while shopping online, she uses the issuer’s mobile app to request a dCVV2 code.

step 4

Issuer Initiates the dCVV2 Generate API Call

Issuer initiates the dCVV2 Generate API call, requesting 24 codes to account for current and future transactions.

step 4

Issuer Notifies the Cardholder of the Codes

The issuer then notifies the cardholder of the codes that have been issued, with the timelines for which each code is valid.

step 6

Cardholder Requests a CVV2/Security Code

The next day, Fatima is shopping online again, and during checkout her CVV2/Security Code is requested. Fatima logs into the issuer’s mobile banking app and requests a dCVV2 code.

step 6

Issuer Forwards the Current Code

The issuer, having stored the codes from Fatima’s request the previous day, forwards her the current code – without another call to the Visa API.

step 8

Transaction Successful

Fatima enters this new code into the merchant’s checkout page, and again completes a successful Card Not Present transaction.

Key Benefits for Issuers

Mitigate fraud

Provides ability to include dynamic data in the authorization message to help mitigate fraud.

Cost effective methods

Cost-effective method for introducing dCVV2 – no need to issue expensive display cards.

No back-end processing

Implementation generally does not require back-end processing modifications (if using Visa OBO services in conjunction with dCVV2 Generate).

No reissuing of cards

Can remove need to re-issue cards compromised in data breaches.

Key Benefits for Cardholders

Additional security

Can provide additional security in a method similar to those being used for step-up authentication today.

API Included

dCVV2 Generate Request API

This API is used to request between 1 and 24 dCVV2 values and have those values returned.

Learn more about Visa dCVV2 Generate and Authenticate

Ready to start a project with these APIs?