August 24, 2016
Tender Armor, a Florida-based startup focused on authentication solutions for card-not-present payment providers, last week launched its first product, a dynamic CVV solution that adds a layer of security to online, call-center and other CNP transactions. CvvPlus generates a new CVV code every day. The three- or four-digit number that does not appear as part of the data on a magstripe or chip, when used in a CNP transaction, is a security feature that increases the likelihood that a person making a purchase in a non-face-to-face environment is the cardholder and not using information stolen in a data breach. CvvPlus sends a text or email to cardholders when they are making remote purchases, which they use when the merchant requires a CVV to complete the purchase.
While the jury remains out on whether the introduction of EMV in the U.S. will cause the skyrocketing rates of CNP fraud it did in other countries, e-commerce and m-commerce transactions are growing rapidly and—EMV or not—more fraud will follow.
“Tender Armor addresses the heightened risk of online e-commerce and over-the-phone purchases, by offering cardholders, FIs, and merchants the security needed to stave off CNP fraud,” said Madeline Aufseeser, CEO and co-founder of Tender Armor. “We offer a simple and secure transaction experience, which can be deployed on every card currently in consumer wallets.”
Dynamic CVV is not a new solution, but the idea has usually been executed using a display window on a physical card. The cards are expensive and have not seen much adoption by issuers. Tender Armor is leveraging the mobile device so that users who sign up for the service can receive a text or email with a unique CVV code when a card-not-present merchant requires the information. CvvPlus is the second solution launched in as many months that includes the capability to send the intermittently-changing CVV digitally. Dutch digital security technology provider Gemalto launched a dynamic CVV solution that includes delivery to a mobile device (along with a traditional display card) in October and announced its first issuing-bank client, Mexico’s BBVA Bancomer, two weeks ago .
Aufseeser noted, however, that CvvPlus changes the CVV code daily, rather than every 20 minutes. A code that changes too quickly might not work for phone orders where there is often “latency” in the process, she said. If there is a long enough delay and the code has changed before the order is processed, the authorization could be declined. She also noted CvvPlus is card-type agnostic, which means a card holder using a debit card and a credit card to make separate CNP transactions could use the same CVV, as they could with credit cards issued by separate banks if both issuers were part of Tender Armor’s platform.