(Adam Kendrew) #1

Saw this article earlier today. Basically the CSV number on the back keeps changing every hour. So if your card details are stolen then they would only be usable for up to an hour. A pretty cool concept, interested to see how it pans out in France. I guess with Monzo we have the ability of seeing our data in real-time which means we will be alerted to it quicker anyway.

Static CVV numbers are so last decade
(Andy) #2

This looks like a built in RSA token, as the number would have to sync up with the bank’s internal system.

Must admit is a cool use of 2 factor authentication technology.

(Alex Mayo) #3

Considering Monzo allows you to freeze your card within a few seconds, I find this pretty redundant, unless you were unaware that your card had been stolen.

The pros to having a static CVV is that it is memorable so can be used to confirm online payments without having to find your wallet and search among the used till receipts from 7 months ago for the right card. :stuck_out_tongue_winking_eye:


How would online recurring payments work? I have a few services that have my security code saved for automatic billing and quick checkouts. Seems like a usability nightmare.

Also, since we can freeze cards, isn’t it a redundant security feature anyways?

(Terry) #5

I disagree that this is a redundant feature, I had money spent on my card due to my card being cloned. The person was able to get all of the details from the card and then spent money on it while I had my card in my possession… Yes with Monzo I would get a near instant notification, but the money would have already been spent and I know there is protection from the banks in case this happens but it’s a lot of hassle going through forms and reporting it all to the police. If the 3 digit code at the back changed then I would have not had this issue.

However, in terms of reoccurring payments, I don’t know how that would be handled.


How about if payments on the old code worked if it was a “trusted” merchant or a merchant that had taken payments before. Maybe some other kind of authorisation code even? How does that other bank in the OP handle it?

(Tommy Long) #7

I don’t think it would be that much hassle with Monzo. When I had my card cloned in the past I just rang up Lloyds, picked out the fraudulent transactions and they refunded it immediately and handled the rest. I didn’t have to ring the Police or anything.

I assume Monzo’s approach to this would be to try and make their Machine Learning good enough to prevent the fraudulent transactions in the first place.

An alternative to MotionCode would be for Monzo to remove the CSV from the back and to simply present it through the app, with the ability to change it.

(James Billingham) #8

When a merchant saves your card onto their systems for long-term use (i.e. for recurring payments), they provide the card’s security code to the payment network.

If the various parties are happy for the merchant to proceed, the merchant (or more likely their payment processor) is given a “continuous payment authority”.

After the card details have been processed, the card’s security code must be discarded - failing to do so would be a breach of PCI regs.

Thus it wouldn’t matter if the security code changed - existing merchants weren’t using it anyway.

(Francesco) #9

Precisely as @billinghamj said.
CVV codes must never be stored according to PCI.
A changing number is a good feature in my opinion.