A card not present transaction (CNP) is a payment card transaction made where the cardholder does not or cannot physically present the card for a merchant's visual examination at the time that an order is given and payment effected. It is most commonly used for payments made over Internet.
Card not present transactions are a major route for credit card fraud, because it is difficult for a merchant to verify that the actual cardholder is indeed authorizing a purchase.
The card secure code (CVV in most case) system has been set up to reduce the CNP fraud, however it is still insecure to rely on a static 3(or 4) digit number to protect cardholder’s property.
In this case, a solution of constant change CVV code will greatly improve the protection against CNP.
The DCVV (or DCSC) card is a credit card with a screen to show an time based one time password. Unlike normal OTP token/card are using OATH standard, the DCVV is following VISA/MasterCard/UnionPay Dynamic CVV requirements.
To bring a DCVV solution into the market, require 3 key parts:
1) Physical card
The physical DCVV card is a security device with standard ID-1 card form, which contains:
- A smart card chip to download the financial applets;
- The complete card surface printing (without the embossment fonts);
- The hologram and signature panel;
- A flexible circuit board with battery and screen to show the DCVV value;
- The card will requires cold lamination process for the manufacture part.
We can do the whole manufacturing process and provide the physical card.
Normally, all credit cards requires personalization before final issuing. In this stage, the bank will find an personalization provider, who will download the sensitive data into the card.
In normal credit card case, this process will download the credit card applet with the cardholder info into the card, and do the embossment etc. In DCVV card case, there will also be requirements about download the dynamic CVV info into the card, including the secret key and the time.
Since the card is using special communication protocol, in this part, we will provide devices and guidance to help the personlization provider to interact with the card.
3) Authentication System
There will be a back-end server required for the authentication of the DCVV, normally it will be a extra authentication compare to the standard credit card transaction.
The bank server will send the related info to the authentication server and wait for the reply once it received the payment requirement. The Authentication system is our modified OTP server which supports the DCVV’s algorithm.
We will help the bank to deploy the authentication system, and provide guidance for the possible customization on the bank’s existing system.