A Finextra member 20 May, 2015, 11:01 0 likes

Laudable initiative from Banque Populaire and Caisse D'Epagne ! Credit to Oberthur for developing the technology. But it is unclear how the actual validation is proposed to be done (replacing the 3-digit CVV, as earlier).

A Finextra member 20 May, 2015, 11:24 0 likes

I cant see how this will stop fraud on Cards. Yes it will work if the card has been subject to "phishing" but if someone steals your physical card then they have the credentials anyway.

Riten Gohil - Sphonic - London 20 May, 2015, 11:54 0 likes

Interesting development though the first use of display cards with Dynamic CVV was with ICC-Cal in Israel. At the time it was an exciting innovation (circa 2008) however the costs were prohibitive - given all the players in the card manufacturing eco-system. However with Oberthur buying Nagra ID, and recently investing in component manufacturing in China there is scope to industrialise this beyond 'cool pilots' if the costs can be viable.

The other aspect is the interplay of authentication with Dynamic CVV, and then 3D Secure if appropriate - in France this is certainly the case. Double-authentication can be cumbersome to the consumer.

A Finextra member 20 May, 2015, 12:04 0 likes

Carl raises a valid point about card theft. That compromises the Dynamic CVV feature. 

Couble authentication will probably be a step in the right direction, though cumbersome to the customer/payee. Will request Riten to share details about the ICC-Cal innovation. 

Riten Gohil - Sphonic - London 20 May, 2015, 12:16 0 likes

@shoumit I was trying to dig this information out about CAL - it solved the issue Carl raises about card theft - as it had a keypad for you to enter a PIN. Don't underestimate the issue of customer authentication friction, it can be a bigger risk to business than fraud itself. Security measures are clearly critical to the eco-system but they need to be balanced with the fact that genuine consumers needs to be able to transact effectively in the fast moving digital payments world.

A Finextra member 20 May, 2015, 12:22 0 likes

A solution to the dynamic CVV would be to couple it with a 2 Channel Authentication system. When the card is used in an online transaction have it "Ping" your phones Banking App (or something else linked to the card) then you either enter a pin to verify the transaction or decline the transaction on the phone! 

A Finextra member 20 May, 2015, 12:25 1 like

Thanks for your inputs, @riten and @carl.

Riten Gohil - Sphonic - London 20 May, 2015, 12:37 0 likes

Carl - I think you are on the right track but the answer in that regard is - why do you need an electronic card? The mobile has the capbility to do all of the above (and more) today without navigating through a complex manufacturing process.

A Finextra member 20 May, 2015, 12:40 0 likes

Agree Riten, This solution can be impleminted now without the need for the complex manufacturing process. That was my argunment at the start, the card should be made irrelevent in the online space!

A Finextra member 20 May, 2015, 13:42 0 likes

They would have been better off enhancing their mobile application to secure Customer Not Present transactions by using 2FA - this implementation just adds to the cost of issuance, and has already been observed, does not prevent fraud if the card is lost/stolen.

A Finextra member 21 May, 2015, 06:31 0 likes

Generally everything enhancing the customers protection against fraud is more than welcomed. But if the targeted market is the online one then I agree with Riten and think the job could be done without a card. A smartphone plus 2FA is OK.

Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 21 May, 2015, 09:57 0 likes

@RitenG + 1: "Don't underestimate the issue of customer authentication friction, it can be a bigger risk to business than fraud itself."  

For over 2 years now, CNP transactions in India have been requiring 2FA via (static) VbV password or (dynamic) Mobile OTP. This improves security and virtually eliminates the potential for fraud. Alongside that, it causes a lot of authentication friction and failed transactions. Personally, I've largely given up on card use online because of the friction and gone back to cash. 

Why I Went From Card To COD

Yes, cash, even for ecommerce. Even flights can be bought on Cash on Delivery in India. Even UBER has started piloting cash in India last week.

Actual loss of revenue due to authentication friction is so high that some startups have shifted out of India to escape the 2FA regulation. Unexposed to the diametrically opposite views expressed by many on Finextra, some of these startup founders have even gone on record saying the US payment system - no chip, no CVV, no VbV - is 10 years ahead of the Indian one!

For a more impersonal and objective coverage of the impact of 2FA / Mobile OTP, see my other blog post:

Mobile OTP: Cyanide Or Caffeine For Online Payments?