Worldpay Inc. is adding another tool for financial institutions in their efforts to curtail the pricey and nuisance-laden aftereffects of rampant data breaches. The company’s solution comes in the form of credit and debit cards that use a dynamic card-verification value.
Cincinnati-based Worldpay is testing the Motion Code-enabled credit and debit cards with two undisclosed credit unions and a bank before broader availability, expected later this year. The hope is to make online shopping more secure.
Developed by smart card maker Oberthur Technologies, now known as Idemia, Motion Code technology replaces the static printed CVV on the back of a payment card with a dynamic one viewable on a small screen. The frequency of code changes is based on the issuer’s specification. A dynamic CVV means a criminal may obtain the card number, but will be unable to verify the CVV because it will have changed.
In addition to the conventional EMV and contactless features of a standard payment card, these new cards contain an electronic ink display on the back, in place of the static CVV. The CVV is always visible and cardholders do not need to press a button to activate it.
A transaction made with a Motion Code-enabled card works like any other for the consumer and the merchant. But the process changes after the transaction data flows to the issuer for authorization. The CVV is checked against a server Worldpay hosts to ensure its veracity. The issuer still makes the final decision about the transaction authorization. No merchant integration is needed.
As a processor for approximately 1,100 financial institutions—mostly in the United States—Worldpay is keenly aware of the fraud-related issues they face, Kelly Gauvey, Worldpay director of debit card services, tells Digital Transactions News. “CNP fraud is huge,” Gauvey says.
While there are various measures to counteract fraud, such as EMV 3-D Secure and its upcoming second version, issuers need options, she says. Gauvey adds that payment cards need extra protection. “It was time we focused on the cards. They’re not going away,” she says.
The fact that consumers are not widely adopting mobile wallets in lieu of cards is another factor. Because of this, issuers need something that consumers use, she says.
Still, issuers may want to educate their cardholders, especially those who have memorized their CVVs and are used to them not changing, Gauvey says. It’s not changing what cardholders are used to, except for the online shopping aspect, she says.
Issuers will need reassurance, too, that because the form factor is familiar to cardholders they are not likely to change their daily spending habits because of it, she says.
Motion Code-enabled cards are not cheap, ranging between $15 and $17, Gauvey says, compared to the $2 average cost for an EMV card. The idea is that the dynamic CVV will prevent the issuer’s cards from being snared in a breach, yielding a return on investment. For example, Gauvey says reissuing costs per card may be as much as $30 to $40, which includes the replacement cards and case analysis.
Then there is the actual fraud prevented. In tests by Idemia of more than 600,000 cards that made more than 4 million authorized transactions in 10 international locations, there were no reported instances of card-not-present fraud.
“My ultimate goal is to provide a complete picture of the cost of the card versus the fraud instances that would be avoided,” Gauvey says.
The contactless feature is a big change, too. The idea is to give consumers every possible payment option, Gauvey says. It makes sense because most point-of-sale terminals are contactless-capable, she says. “If the terminal is out there, we want to give the cardholder the complete solution,” she says.