Considering the Authentication of Credit Cards in Web Settings

This is an update of a post that originally appeared on November 27, 2015.

I often write a blog post with the hope that things will change for the better at some point because there are often strategies for making things better if someone will simply implement them. I don’t know about you, but I’m buying more and more items online, which means using my credit card more often than before. That’s why articles like, How Serious a Crime Is Credit Card Theft and Fraud?, attract my attention.

One of the biggest problems is the use of static technology. For example, the Credit Verification Value (CVV), a three or four digit addition to a credit card number, is supposed to help safeguard the credit card. It doesn’t appear as part of the card data accessible through the magnetic strip or the chip. The CVV is actually printed on the card as a separate verification for venues such as web applications. The only problem is that this number is static-it remains the same for however long you own the card. Therefore, once a hacker discovers the CVV, it no longer provides any sort of security to the card owner. Interestingly enough, some sites online will sell you both credit card numbers and their associated CVV. The hackers win again.

A solution to this problem is to change the CVV periodically. Unfortunately, trying to change a printed CVV is impossible without replacing the card. One possible way to overcome this problem involves the addition of an e-paper space on the back of the card that would allow the credit card companies to change the CVV, yet keep it out of the magnetic stripe or chip. A lot of devices currently use e-paper, such as Amazon’s Kindle. The technology provides a matte paper-like appearance that reflects light similar to the way in which paper reflects it, rather than emitting light like an LED does. The difference is that e-paper is often easier to read. There is at least one company offering such a solution today as described at Gemalto Dynamic Code Card – for a more serene online shopping experience.

Oberthur (now Idemia), the inventor of the Motion Code technology used to create the updated CVV, isn’t saying too much about how the technology works. There must be an active connection between the card and a server somewhere in order to update the CVV once an hour as specified in the various articles on the topic. The only problem is in understanding how the update takes place. If the technology relies on something like a Wi-Fi or cell connection, it won’t work in rural areas where these connections aren’t available. Even so, the technology does promise to reduce the amount of fraud that currently occurs-at least, until hackers find a way to thwart it.

What is your feeling about credit card data protection? Are you a business entrusted with protecting your customers’ information? If so, maybe you should find out more here about the consulting available in this particular field of business management to ensure that you’re following the law to the letter. Does Motion Code technology actually provide a promising solution or is it another dead end? How do you deal with potential fraud when creating your applications? Send your ideas to me at [email protected].