BBVA Bancomer first to roll out dynamic CVV/CVC for mobile transactions

BBVA Bancomer first to roll out dynamic CVV/CVC for mobile transactions

Mexico's BBVA Bancomer has become the first bank to commercially implement technology that replace static three-digit security codes with a dynamic CVV/CVC that changes every 20 minutes as part of its mobile wallet app.

Designed to protect against Card Not Present fraud, Gemalto's Dynamic Code Verification solution is a new feature of BBVA Bancomer's mobile wallet. The deal also includes the provision of a validation server and associated services.

"Mobile Banking and e-commerce are expanding rapidly, but lack of trust can prevent some customers from embracing it," says Hugo Najera Alva, general director of digital banking of BBVA Bancomer. "Our long time partner, Gemalto helped us quickly implement groundbreaking dynamic CVV/CVC technology and the response thus far has been outstanding: in the first weeks of the project we already have more than 100,000 active users."

While BBVA is implementing the technology on its mobile app, the vendor's OT Motion Code technology operates in the physical world, replacing the three-figure CVV code on the rear of a card with a small screen display that automatically changes periodically. BNP Paribas is currently testing the technology in a small scale trial involving 1000 EMV display cards. The first live trials of the product were conducted last year by Banque Populaire and Caisse d’Epargne.

Comments: (2)

James Bell
James Bell - IBM UK LTD - London 27 November, 2015, 17:35Be the first to give this comment the thumbs up 0 likes

How does this work in practice?

When using a card linked to the app online the user needs to check the app to find out what the dynamic CVV is? (which the bank then validates at authorisation time)

If true presumably that means that the consumer has to have their mobile and a data connection in order to make online purchases with the card? Appreciate that the majority of the time that will be the case but I do wonder whether lost transactions when its not (e.g. phone doesnt have internet transaction) would make up for the fraud savings

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 27 November, 2015, 18:54Be the first to give this comment the thumbs up 0 likes

The headline says "mobile transactions". In that case, if mobile doesn't have Internet connectivity, neither the dynamic CVV nor the rest of the transaction would go through. So no problem. The body of the article suggests that the feature could be applicable even for desktop transactions, in which case the situation - however rare or common - under which desktop has Internet but mobile does not have Internet would cause shopping cart abandonment and failed payment.   

While on the subject, a couple of days ago, State Bank of India, India's largest bank, launched an OTP generator mobile app. This complements the traditional method of delivery of OTP via SMS. Both methods are applicable for desktop and mobile transactions. The old method caused abandonment and failed payment. Only time will tell how the app will fare.  

Indeed, lost revenues can exceed fraud loss savings. 

Mitigating Fraud Does Not Pay The Bills