Static CVV numbers are so last decade


(Skippy) #1

http://www.thememo.com/2016/09/27/oberthur-technologies-societe-generale-groupe-bpce-bank-this-high-tech-card-is-being-rolled-out-by-french-banks-to-eliminate-fraud/

This looks like some thing that would be awesomely just right for Monzo


Regenerating 3 digit CVV / security code
Scraping off the 3 numbers on the back of the card
(Josh Bray) #2

I think this was discussed somewhere. But due to the added cost to implement it’s just not suitable


(Alex Sherwood) #3

They are but the same article was posted in this thread.

MotionCode


(Kieran McCann ) #4

Wouldn’t the thieves just wait until the card displayed a new code then spend your money anyway? I’m sure it would take over an hour for most to notice their card was even missing anyway.


(Josh Bray) #5

I think this was more solving the issue of card cloning really.


(Adam Hawkins) #6

You could have the CVV appear in the app? It would be less convenient, but could be an option.


(Richard Bairwell) #7

I would much prefer an option in the app to “Generate online card number and CVV for [X] usages/up to [X] amount” - so you can give each merchant a unique card number and CVV and limit how much it can be used. I know about a decade ago, some (particularly US based) banks were trailing (see https://www.bankofamerica.com/privacy/accounts-cards/shopsafe.go and and appears to be the same idea as https://getfinal.com/ ). Then any unauthorised usage is very very easy to track down and it is a lot more secure.

The disadvantages are that Monzo would need a lot of “spare numbering capacity” and if a merchant asks you to confirm the last 4 digits or the CVV number on future purchases (such as the National Lottery does online), you’ll have to have a way of finding/looking up which card combination was used.


Online Virtual Cards
(Alex Sherwood) #8

Tom’s a fan of this concept too

I work for a card issuer who enables business customers (so high volumes) to create & use a different card for every transaction they make so numbering capacity actually isn’t an issue, it’s very doable.


Two factor authentication with card not present transactions
(Saveen) #9

The BBC has also covered this story:

Presumably, this technology can be applied to debit cards as well, which could help with @endoftheQ’s concerns:


(Tom) #10

How about this working similar to the Google authenticator or the gaming ones battlenet/steam etc … so you just need your phone with you. Although this function may be more useful for the follow up security some payment cards ask for, although could generate CVV’S too.


(Skippy) #11

I think I would prefer not needing my phone to be alive


(Rika Raybould) #12

Extending CVVs to be rolling tokens doesn’t seem like the right solution to me. This specific implementation would add cost and complexity to the card while having it anywhere else would be confusing to consumers as merchants specifically point to that area of the card as being where the CVV can be found.

We have tokenized payments (though not yet with Monzo) in the form of Apple Pay and Android Pay. These offer a significantly better user experience and are far more secure.

We also have 3DS, while implemented by a limited number of merchants and has historially been not great from other banks, I see some areas where Monzo could improve the experience (“Enter the code sent to you in a push notification or on in your feed”, “Unlock the app to verify this payment”, etc).

Merchant specific card numbers still sound to me like a horrible hack around crappy merchants, acquirers and a broken card system where merchants save card numbers and are permitted to pull whatever they want, practically whenever they want.


(Ben Trigg) #13

Having changing CVV numbers would actually make me less likely to use my card.
I remember my numbers off by heart, and having to open my phone, or open my wallet to finish off a payment is a pain for me - can it be an optional feature?


(Alastair Johnson) #14

I would be prepared to pay a one off charge for a bank card with rotating numbers.

I work in IT and all our systems now use “one time passwords” (rotating numbers). This is to the point that without one time passwords we wouldnt deploy a system.

I scrape the 3 numbers off the back of all my cards as a standard procedure but then have the irritation of having to remember them. Also They can still be used fraudulently by someone i chose to give them to such as a website or telephone ordering line.

Very outdated system.


(james_e_bell) #15

I agree - changing CVV would add friction - Apple Pay is a good solution that increases security and decreases friction. From working in payments before, anything that adds friction to payment is dangerous - its very easy for your decrease in conversion to actually outweigh the benefits of fraud loss.