While the credit card industry has made some significant advances in terms of reducing fraud using smart cards that rely on embedded chips, there are still billions of dollars in transactions that occur without the physical credit card actually being present. In fact, as credit card companies move to make in-store transactions more secure, there is an argument to be made that criminals will simply shift their focus to what are known as “card-not-present” transactions.
To help better secure those transactions, Tender Armor today unveiled CvvPlus, an authentication service that enables banks to change the security code associated with any given credit card on a daily basis. Tender Armor CEO Madeline Aufseeser says via text, for mobile applications, financial institutions can use CvvPlus to send out a new digital security code to their customer every day. Those customers would then plug that code into every online transaction they make. The best part, says Aufseeser, is that the service masks the complexity of that process from the merchant. As far as the merchant will know, each transaction will be associated with the security code originally imprinted on the credit card because CvvPlus confirms the association between the new and old security codes.
Aufseeser says this approach means that the merchants themselves never have to store any credit card numbers and their associated security codes. That means, from a security perspective, the merchants are no longer a target because they literally have no credit card data worth stealing.
Aufseeser says that connections back to the financial institutions are made via a lightweight application programming interface (API) that gets deployed by the financial services company that issues the credit card. That approach enables the credit card company to maintain control of the overall process on an end-to-end basis, says Aufseeser.
Credit card fraud costs financial services organizations billions of dollars a year. The people that perpetrate those crimes are not going away simply because the credit card companies have come up with a chip that is embedded in what is known as a Europay, MasterCard, Visa (EMV) card. What they will do is focus their energies on finding new and interesting ways to compromise digital transactions in ways that could ultimately sabotage the confidence end users have today in online commerce.