Enable Generation of Dynamic CVV2 Codes
Enable generation of dynamic CVV2 codes on request via an issuer’s mobile banking application.
Visa dCVV2 Generate enables issuers to request dynamic CVV2 codes (up to 24 per call) for cardholders to use when processing Card Not Present transactions. Codes will then be stored and used for validation as transactions are authorized.
Available for use by
Regional Availability
Global
Reduce the possibility of eCommerce fraud with dynamic CVV2
Usage of CVV2 is increasing globally. However, there is an ever growing risk of static CVV2 values being stored and compromised. To address this, Visa has developed the means of generating dynamic CVV2 (dCVV2) codes which the issuer can send to the cardholder. The dCVV2 is then used by the cardholder in the same way as a CVV2.
For more details, refer to Dynamic CVV2 Generate and Authenticate.
Dynamic Codes Usage Scenario
Fatima is an avid online shopper and, based on KYC data, the issuer displays an offer for Fatima to help increase security with the use of dynamic security codes during her online shopping. Later, while shopping for her cousin’s wedding, Fatima remembers the offer and accesses her issuer’s banking application and requests the “Dynamic Security Code” for her credit card. The code is delivered to Fatima, and at checkout she uses the dCVV2 value she has been issued. The next day, she is shopping online for her nephew’s graduation, and she again uses the issuer’s mobile app to request a dCVV2. The issuer had requested multiple codes from Visa with Fatima’s original request the previous day, so simply forwards her the current valid value – without making another call to the Visa API. Fatima uses this new value while checking out to complete a successful Card Not Present transaction.
Use Online Banking Application
Fatima uses her online banking application to review recent purchases made with her credit card.
Issuer Displays an Offer
Based on MCC, the issuer displays an offer next to her online purchase transactions for “enhanced security with a Dynamic Security Code.”
Request Dynamic Codes
Enhanced security is important to Fatima, so later, while shopping online, she uses the issuer’s mobile app to request a dCVV2 code.
Issuer Initiates the dCVV2 Generate API Call
Issuer initiates the dCVV2 Generate API call, requesting 24 codes to account for current and future transactions.
Issuer Notifies the Cardholder of the Codes
The issuer then notifies the cardholder of the codes that have been issued, with the timelines for which each code is valid.
Cardholder Requests a CVV2/Security Code
The next day, Fatima is shopping online again, and during checkout her CVV2/Security Code is requested. Fatima logs into the issuer’s mobile banking app and requests a dCVV2 code.
Issuer Forwards the Current Code
The issuer, having stored the codes from Fatima’s request the previous day, forwards her the current code – without another call to the Visa API.
Transaction Successful
Fatima enters this new code into the merchant’s checkout page, and again completes a successful Card Not Present transaction.
Key Benefits for Issuers
Provides ability to include dynamic data in the authorization message to help mitigate fraud.
Cost-effective method for introducing dCVV2 – no need to issue expensive display cards.
Implementation generally does not require back-end processing modifications (if using Visa OBO services in conjunction with dCVV2 Generate).
Can remove need to re-issue cards compromised in data breaches.
Key Benefits for Cardholders
Can provide additional security in a method similar to those being used for step-up authentication today.
API Included
dCVV2 Generate Request API
This API is used to request between 1 and 24 dCVV2 values and have those values returned.
Additional Resources
Fidelity Bank (Bahamas) Case Study
Focusing on Fidelity Bank (Bahamas) Limited, an LAC-based client whose implementation of Dynamic CVV2 (dCVV2) was highly successful in reducing occurrences of card-not-present (CNP) transactions.