The rising trend of digitization in commerce and the increased occurrence of card-not-present fraud were not created by the COVID-19 pandemic. Instead, it would be more accurate to note that those macro trend lines were both already on the move quite notably, and then the coronavirus came along and rapidly intensified the situation. That’s one of the takeaways from a recent PYMNTS panel discussion with Visa’s Director of Global Chip Product Tom Rapkoch, Keyno CEO Robert Steinman and Assistant Vice President of Digital Strategy and Innovation at Michigan State University Federal Credit Union Ben Maxim.
What has changed, Steinman said, is the reality of the pandemic and the radical digital life shifts it has engendered. Those dynamics have made the dangers of fraud far less abstract to consumers. Fraud, he said, is occurring at an unprecedented rate and scale and it was far from a small issue before.
“There’s a lot of people that are financially hurting these days, and fraud is a big deal for them,” Steinman said. “Not having the use of their card for a period of time or access to their credit limits or access to their money — it’s a big deal. Fraud is more than just an inconvenience for cardholders at this moment. And card issuers need to be able to quickly adopt a solution that can help in a big way.”
It is just such a solution that the MSUFCU is announcing it is piloting today (Nov. 17). Powered by Visa’s dynamic card verification value 2 (dCVV2) technology and powered by Keyno’s turnkey implementation technology, the credit union is looking to pioneer a simple security upgrade that it believes will help reverse the onslaught from CNP fraudsters coming at them. It is replacing the static three-digit security code that has become a verification standard for online transactions with a digital CVV that changes periodically.
How It Will Work
While dCVV2 was designed to be used in a variety of contexts such around authenticating and validating digital CVV service in remote commerce contexts, the use case that MSUFCU and Keyno are exploring is the “generate function” within dCVV2 that essentially replaces the old static CVV code that is forever wedded to a credit card and replaces it with a digital CVV Visa will generate occasionally.
To gain access to that code, consumers will no longer look at the back of their cards, but instead log into a mobile app to get their digital CVV to enter in during an online transaction. That number will function in exactly the same way as its static counterpart. The mobile app, incidentally, can be a standalone app dedicated to that single purpose or the dCVV2 generator can be built directly into an issuer’s mobile app for its card — Keyno’s integration leaves it up to the issuer which way they want to do it.
According to their early consumer surveys so far, MSUFCU’s Ben Maxim said, consumers are showing a slight early preference for the service within a dedicated mobile app. However, he notes that is an area they will be watching closely over the course of the three-month pilot currently underway to understand where and how the service should ultimately be deployed.
But beyond those details, Visa’s Tom Rapkoch said, what the ever-shifting dCVV2 code does is strengthen the security inherent in using the CVV code as an authentication mechanism.
“What we can see with just the advent of dynamic data over static data is an opportunity to really ameliorate fraud,” Rapkoch said. “We think that [is] definitely going to be at play here. It is fairly early in this so we don’t have numbers that we can give yet, but we do see evidence that this is something that can help really start to mitigate fraud.”
What Comes Next
Dynamic CVV2 can ameliorate fraud, but is not a silver bullet meant to replace any part of the fraud architecture. If the world has learned anything in the last half-year or so, the panelists agree, it is the absolute necessity of offering layered responses to fraud in an attempt to weave a dense enough web to catch the vast majority of fraudsters in their many various attempts. But dCVV2, they believe, will have the capacity to be an important element of a layered system that will be able to spot fraud before it gets off the ground — in a way that requires minimal change from the consumers, ease of implementation for the issuer and ease of use for the merchant. It is why, Steinman said, MSUFCU is their first rollout of dCVV2 going forward, but far from its last as they will be announcing with several financial institutions as 2021 is getting off the ground.
Because, as Maxim said, for financial institutions (FIs) in general and credit unions in particular, the goal is to serve the members better in terms of keeping them safe, but in a way that isn’t filled with complexity for that customer. Making sure the member is secure in their financial life is absolutely critical — there is more to managing a member relationship than simply securing it. But by securing it, Maxim said they can ultimately pursue other aspects of the customer experience.
“As a credit union, we’re responsible for taking care of our members and their finances and our finances as an institution. And for every dollar we can save on fraud loss we can invest in somewhere else, either in our members, in our services [or] the innovations that we’re trying to come up with. So we’re looking at this as a solution that will help us put less money in that fraud loss category and more into the other things more beneficial to our members directly.”