BBVA Bancomer first to roll out dynamic CVV/CVC for mobile transactions

Mexico's BBVA Bancomer has become the first bank to commercially implement technology that replace static three-digit security codes with a dynamic CVV/CVC that changes every 20 minutes as part of its mobile wallet app.

2 comments

BBVA Bancomer first to roll out dynamic CVV/CVC for mobile transactions

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

Designed to protect against Card Not Present fraud, Gemalto's Dynamic Code Verification solution is a new feature of BBVA Bancomer's mobile wallet. The deal also includes the provision of a validation server and associated services.

"Mobile Banking and e-commerce are expanding rapidly, but lack of trust can prevent some customers from embracing it," says Hugo Najera Alva, general director of digital banking of BBVA Bancomer. "Our long time partner, Gemalto helped us quickly implement groundbreaking dynamic CVV/CVC technology and the response thus far has been outstanding: in the first weeks of the project we already have more than 100,000 active users."

While BBVA is implementing the technology on its mobile app, the vendor's OT Motion Code technology operates in the physical world, replacing the three-figure CVV code on the rear of a card with a small screen display that automatically changes periodically. BNP Paribas is currently testing the technology in a small scale trial involving 1000 EMV display cards. The first live trials of the product were conducted last year by Banque Populaire and Caisse d’Epargne.

Sponsored [Webinar] Automated Testing: The road to Evergreen Compliance

Comments: (2)

James Bell

James Bell Consultant at IBM UK LTD

How does this work in practice?

When using a card linked to the app online the user needs to check the app to find out what the dynamic CVV is? (which the bank then validates at authorisation time)

If true presumably that means that the consumer has to have their mobile and a data connection in order to make online purchases with the card? Appreciate that the majority of the time that will be the case but I do wonder whether lost transactions when its not (e.g. phone doesnt have internet transaction) would make up for the fraud savings

Ketharaman Swaminathan

Ketharaman Swaminathan Founder and CEO at GTM360 Marketing Solutions

The headline says "mobile transactions". In that case, if mobile doesn't have Internet connectivity, neither the dynamic CVV nor the rest of the transaction would go through. So no problem. The body of the article suggests that the feature could be applicable even for desktop transactions, in which case the situation - however rare or common - under which desktop has Internet but mobile does not have Internet would cause shopping cart abandonment and failed payment.   

While on the subject, a couple of days ago, State Bank of India, India's largest bank, launched an OTP generator mobile app. This complements the traditional method of delivery of OTP via SMS. Both methods are applicable for desktop and mobile transactions. The old method caused abandonment and failed payment. Only time will tell how the app will fare.  

Indeed, lost revenues can exceed fraud loss savings. 

Mitigating Fraud Does Not Pay The Bills

[Webinar] Automated Testing: The road to Evergreen ComplianceFinextra Promoted[Webinar] Automated Testing: The road to Evergreen Compliance