A new type of bank card features a CVV that changes frequently to prevent fraud.
In order to buy anything online using a bank card, purchasers must enter the card’s verification value (CVV) number. This process was introduced in order to reduce credit card fraud. However, fraudsters can steal CVV data by using a web-based keylogger. This is a Trojan that can either capture passwords stored in the users’ browser, or by ‘form grabbing’ — capturing data entered into a form field in the browser before it is encrypted in the online checkout process. Now, PNC Bank is testing out a solution to this problem. They have developed a card whose CVV changes every 30 to 60 minutes.
The technology that powers the dynamic CVV is called motion code, and it was originally developed in 2016 by tech company Idemia. The new cards have a small screen, powered by a lithium battery, which displays a three-digit number in e-ink. An algorithm determines when to change the code on display. The cards are currently undergoing a pilot in order to determine the ideal refresh rate. This is important because if the CVV refreshes too often, users won’t have time to complete online purchases. However, if the code refreshes too slowly, the card might still allow fraud.
A rapid refresh rate can also shorten battery life. A 60-minute CVV refresh rate gives the card a four-year lifespan, but higher refresh rates will make that lifespan shorter. Another downside is that the e-ink cards are expensive to produce. Prices for the cards are about USD 15 each, compared with around USD 2 to USD 4 for a regular chip card. PNC plans to make the cards widely available in 2019.