Bank of America is testing a new card feature where the CVV number changes automatically every 4 hours. The idea behind a CVV number is that it’s a verification tool that merchants are not supposed to store, in case of a data breach the rest of the card details will be accessible but attackers will not have access to the CVV number. I know a number of other countries have tried dynamic verification codes, for example I think the practice is widespread in the Netherlands.
Hat tip to reddit
This feature is called Motion Code. Idemia is the company producing the plastic. BoA isn’t the first one.
https://www.prnewswire.com/news-releases/pnc-treasury-management-pilots-idemias-motion-code-dynamic-cvv2-technology-for-commercial-card-clients-300745655.html
Thanks for the link, but I fail to see how this is any better than generating those one-use virtual credit card numbers that B of A has offered for decades.
You mean HAD offered for decades. https://www.doctorofcredit.com/bank-of-america-discontinues-shopsafe-virtual-credit-card-numbers/
This feature is widely used in China, but only for money transfer and other serious businesses. The bank assigns you a separate device that you don’t have to carry all the time. Use it on credit card? Good luck with that. Going to be a lot of hassle.
So I need to enter PIN each time I place an order online on Amazon or other retailers? That is going to be inconvenient as I dont carry all of my cards with me all the time but place orders based on offer many time when “m not at home in reach of the cards.
Poor you. 🙁 Need a hug?
Risk of burns using dynamic CVV codes? O_o
Will stick with a spreadsheet with static CVV codes.
This might be interesting feature, if I used debit cards other than at ATMs a few times a year.
Yes, some high interest accounts require 8-12 Comcast/Amazon reloads with a debit card as pre-req, so it might be peace of mind if they offer a dynamic CVV –
I think that it would be far easier to have the banking app generate a dynamic CVV.
I am curious how this would work with reoccurring payments
I assume the same way as if your card expires and you get a new one. The number is already pre authorized with that merchant and in my experience continues to work.
Businesses aren’t actually required to have the CVV when they process payments, it’s optional.
They can request it to protect themselves from fraud, but if they don’t ask for it they can still process charges, they just have to eat the cost of extra fraud and chargebacks.
If you notice when you shop on Amazon they never ask for your card CVV. Just name, address, card #, and expiration date. They choose to ignore to reduce friction at checkout.
Presumably recurring payments would work the same as they always have. Merchants are not allowed to store CVV anyway per their agreements, so any recurring payments you’re making now are already processing without cvv.
I get the purpose, but it would be a pain to have to have the actual card when you are ordering something or paying a bill.
Just use Apple Pay and you don’t have to worry about any of the numbers…
It’s amazing to me that banks in the US are willing to run a pretty expensive and high-tech undertaking such as this due to security concerns, but aren’t willing to implement an actual, simple PIN for credit card transactions, like everywhere else in the world, which wouldn’t cost them nearly as much (they’re already using the chip technology anyways) and would be way more secure, because unlike the CVV the code wouldn’t be freakin printed on the card!! 🙂 So would prevent not only hackers stealing data from stores, but also the physical card getting stolen. Pretty unbelievable.
That probably has to do with interchange fees.
No PIN: to reduce friction and speed up the process at checkout. It’s a risk to reward equation. Implementing the dynamic CVV is almost like TFA. May be a pain for recurring monthly subscriptions but not sure.
Entering a PIN doesn’t take longer than signing, and is usually even faster.
You won’t forget your signature, though. They fear that if you don’t have your PIN handy, you’ll just use another card.
All of the card networks have eliminated the signature requirement in the US, so it’s either old terminal software that is still prompting or a merchant that does it for record-keeping.
Many doc readers are lol/24. Its hard to remember lol pin numbers for lol cards. Lol.
Wait, you aren’t using 1234 as the PIN on all your cards? Am I the only one?
Interesting, that’s the first four digits of the combination to my luggage.
Ahh, a Man of culture.
That’s odd because that’s the code to unlock my phone.
The first card I got with a PIN the PIN was provided to me and I liked it. I’ve since set every other card on which I can use a PIN (only the MCs I might use overseas, basically) to the same PIN as that first card had. And, no it’s not 1234. 🙂
For sure, US card companies do not implement chip & pin because Americans carry so many cards, NOT because they think entering a pin takes too long.
Are you using that PIN to make orders online? The changing CVV is to prevent card-not-present fraud, which tends to be more prevalent than any other since the advent of EMV.
This is purely a change on the bank’s side. Switching to PIN would require every physical card reader at every store to be updated, and since stores aren’t financially responsible for fraud, they have no incentive to buy new card readers. On the other hand, banks are responsible for fraud so they try new things like this to try and fight it.
now I need to charge battery for my phone, watch, laptop, car, earbuds, and credit cards.
Nah, it’ll be a high-capacity battery where one charge will last until the card expiration date, and/or until card battery start a fire in your wallet (or sock drawer), whichever comes first!
Isn’t that all we need, exploding batteries in our wallets and sock drawers?
stolen from reddit post
We clearly give credit to that reddit post
Lol