Three of the ‘Big Four’ Australian banks have turned to dynamic card verification value (CVV) functionality to combat online payment fraud and boost digital consumer protections.
The CVC or CVV is traditionally a static, three-digit number found on the back of a physical debit or credit card that acts as an additional layer of verification or security when a customer is transacting online.
The advent of digital payment cards means new dynamic verification options are now possible.
NAB, ANZ and Westpac have all introduced dynamic CVV, also known as dynamic card verification code (CVC), which sees the three verification digits of a digital payment card routinely change for greater online security.
Westpac most recently spoke about its own dynamic card verification code (CVC), stating it has seen an 80 percent reduction in fraud compared with customers who use only a static CVC.
Westpac head of fraud and financial crime insights Ben Young said in a Westpac Wire post the digital CVC changes every 24 hours.
The bank began rolling out the feature in 2020. It is currently used by over 10,000 Westpac customers each day.
“Most card fraud comes from merchant shopping carts that have been compromised,” Young said.
Fraudsters extract card numbers from online shopping carts before selling those card numbers on the dark web.
“In that time, in the case of people who have shopped using the dynamic CVC, it will have long since changed many times over so the subsequent attempt to make purchases with those [stolen payment] credentials will fail,” Young said.
NAB recently introduced its own dynamic CVV through its buy now, pay later app, Nab Now Pay Later, which showcased its “miniapp” development capabilities, according to CIO for personal banking and digital Anastasia (Ana) Cammaroto.
Meanwhile, the product owner for ANZ Plus cards, Jon Levin, told iTnews its dynamic CVV implementation feature was built by “the ANZx Cards team in our bespoke cloud native banking platform called Fabric” and in partnership with Visa “using new APIs they have recently developed”. The dynamic CVV changes every 12 hours.
Levin added “the new innovation for ANZ was in simplifying our integration into Visa.”
“In the past to deliver a project like this, it would have been highly complex with over a dozen teams and systems involved,” he said.
“Our new Fabric technology and simplified ANZx structure has allowed us to connect to Visa directly, and unlock new technology like this quickly and simply, it has also set us up to continue to launch future functionality in the same way.”
CBA is the only remaining ‘Big Four’ bank that is yet to introduce a version of a dynamic CVV.
A CBA spokesperson told iTnews that it “invests heavily in security as the protection of our customers’ data is paramount.”
“Whilst [we have] no immediate plans to introduce dynamic CVV, we continue to investigate technologies and capabilities that will benefit our customers with a focus on minimising friction in the customer experience,” the spokesperson said.
The latest statistics from the self-regulatory body for the Australian payments industry, AusPayNet, reveal payment fraud via card transactions reached $490.1 million in the 12 months to June 30, 2021.
CEO AusPayNet Andy White told iTnews that “financial institutions use a variety of techniques to protect their customers from online fraud and [to] maintain trust and confidence in payments.”
“Most of those techniques involve strong customer authentication, including dynamic CVV, one-time passwords distributed through mobile banking apps, and/or the use of biometrics (face/fingerprint etc),” White said.
He added AusPayNet’s combating card not present fraud framework supports the use of such techniques.