cancel
Showing results for 
Search instead for 
Did you mean: 

New card with a rotating CCV code

tag
Anonymous
Not applicable

New card with a rotating CCV code

This is interesting. A French company is coming out with a new card that has a rotating CCV code that changes hourly.

 

THE MEMO - This high-tech card is being rolled out by French banks to eliminate fraud

 

Message 1 of 8
7 REPLIES 7
pipeguy
Senior Contributor

Re: New card with a rotating CCV code

Very interesting, works like a RSA Secure ID that creates a new code every minute for secure VPN network access - don't know how well it'll work on online transactions that are not automated, and I'm sure it'll add to the cost of a card production (battery and chip), but I think it's a great solution. Also concerns as to the durability since cards get pretty beat up at times, but I suspose they are aware of that factor - maybe all future cardswill be thicker and stronger (perhaps not metal tho).

 

Thanks for posting the story, very interesting. 

Message 2 of 8
Anonymous
Not applicable

Re: New card with a rotating CCV code


@pipeguy wrote:

Very interesting, works like a RSA Secure ID that creates a new code every minute for secure VPN network access - don't know how well it'll work on online transactions that are not automated, and I'm sure it'll add to the cost of a card production (battery and chip), but I think it's a great solution. Also concerns as to the durability since cards get pretty beat up at times, but I suspose they are aware of that factor - maybe all future cardswill be thicker and stronger (perhaps not metal tho).

 

Thanks for posting the story, very interesting. 


Yep, reminds me of my RSA keychain, probably works on a similar principle.

 

As far as the durability, this is what the author says: You can bend, drop, even put it through the wash no problem.

Message 3 of 8
Anonymous
Not applicable

Re: New card with a rotating CCV code


@pipeguy wrote:

Very interesting, works like a RSA Secure ID that creates a new code every minute for secure VPN network access - don't know how well it'll work on online transactions that are not automated, and I'm sure it'll add to the cost of a card production (battery and chip), but I think it's a great solution. Also concerns as to the durability since cards get pretty beat up at times, but I suspose they are aware of that factor - maybe all future cardswill be thicker and stronger (perhaps not metal tho).

 

Thanks for posting the story, very interesting. 


That sounds like a PCI compliance nightmare waiting to happen.

 

Anyway, I think a big part in getting this adopted is the cost. Coin had a similar e-ink display in its cards and charged $50-100 for them, which I don't see banks paying even if it did eliminate all online fraud. Oh, also, they'll actually need to require the CVV in the first place--a lot of online stores don't ask for it (Amazon for example).

Message 4 of 8
iv
Valued Contributor

Re: New card with a rotating CCV code


@Anonymous wrote:

@pipeguy wrote:

 don't know how well it'll work on online transactions that are not automated,


That sounds like a PCI compliance nightmare waiting to happen.


Yeah, no kidding.

 

Quite a few years ago, in a prior job, I was doing a security audit and ran across a setup doing that... major coffee retailer had a "secure" ordering site (SSL, etc...) that handled card orders with an old copy of formmail.pl that just emailed the card/shipping/order info to a shared email account.  They then manually typed the card numbers into a terminal, same as they did for phone orders.

 

That was ...fun to write up.

 

I wouldn't be surprised if there's still some nonsense like that going on today with some vendors, unfortunately.

 

 


@Anonymous wrote:

Anyway, I think a big part in getting this adopted is the cost. Coin had a similar e-ink display in its cards and charged $50-100 for them, which I don't see banks paying even if it did eliminate all online fraud. Oh, also, they'll actually need to require the CVV in the first place--a lot of online stores don't ask for it (Amazon for example).


Oh, cards with embedded OTP e-ink displays aren't anywhere near $50-$100.

 

Only slightly more expensive than existing EMV cards. (Although even $1 per card can add up...)

EQ8:850 TU8:850 EX8:850
EQ9:847 TU9:847 EX9:839
EQ5:797 TU4:807 EX2:813 - 2021-06-06
Message 5 of 8
Anonymous
Not applicable

Re: New card with a rotating CCV code


@iv wrote:


@Anonymous wrote:

Anyway, I think a big part in getting this adopted is the cost. Coin had a similar e-ink display in its cards and charged $50-100 for them, which I don't see banks paying even if it did eliminate all online fraud. Oh, also, they'll actually need to require the CVV in the first place--a lot of online stores don't ask for it (Amazon for example).


Oh, cards with embedded OTP e-ink displays aren't anywhere near $50-$100.

 

Only slightly more expensive than existing EMV cards. (Although even $1 per card can add up...)


Heh, another reason why Coin was such a badly run company. Though to be fair, the cards also had that dynamic magstripe thing too.

Message 6 of 8
Anonymous
Not applicable

Re: New card with a rotating CCV code

this is an interesting product. I imagine the bank would also have to offer a backup method to generate a CCV code in the event the battery dies or the chip fails, may be the CC company will allow the card holder to call the bank and get a temp CCV code until the chip card is fixed 

Message 7 of 8
iv
Valued Contributor

Re: New card with a rotating CCV code


@Anonymous wrote:

this is an interesting product. I imagine the bank would also have to offer a backup method to generate a CCV code in the event the battery dies or the chip fails, may be the CC company will allow the card holder to call the bank and get a temp CCV code until the chip card is fixed 


The battery in this type of card outlasts a normal card expiration (five years is a normal battery lifetime...)

 

It's possible, although rare, for the display or PRNG chip to fail.  But that wouldn't directly affect the EMV chip (or the magstripe) for card-present transactions, and only some card-not-present transactions require CVV anyway.

 

I suspect that overnighting a replacement card would be the default issuer action, rather than a temp CVV.

EQ8:850 TU8:850 EX8:850
EQ9:847 TU9:847 EX9:839
EQ5:797 TU4:807 EX2:813 - 2021-06-06
Message 8 of 8
Advertiser Disclosure: The offers that appear on this site are from third party advertisers from whom FICO receives compensation.