One in a series
Too much screen time can be a bad thing — except when it involves credit cards.
Just ask Pittsburgh-based PNC Bank, which is piloting a new technology that uses tiny electronic screens embedded in credit cards with the aim of making online shopping more secure.
The technology, known as dynamic card verification, works by replacing a card’s static three- or four-digit card verification value, or CVV, with an electronic ink display screen that generates a new CVV number at regular intervals throughout the day.
The idea behind the system is that by the time a crook tries to use stolen card numbers online, the transaction will be denied because the CVV code will have already changed.
This technology is designed to battle what’s known as card-not-present fraud.
Taking risk is necessary for growth. This series profiles the region's entrepreneurs, policymakers, scientists and others who have embraced challenges and incorporated new ideas – sometimes the kind that seem a little crazy – into their plans. It’s a kind of fraud that has been on the upswing in recent years as online transactions have increased and as more thieves — hindered in efforts to make counterfeit cards since the rollout of chip cards in the U.S., replacing less-secure magnetic stripe cards — have moved to the internet to look for opportunity.
Fraud using counterfeit cards has plunged 80 percent at merchants that accept chip-enabled smart cards, according to the U.S. Payments Forum, a trade group based in New Jersey.
Overall, counterfeit card fraud declined 55 percent from $4 billion in 2015 to a projected $1.8 billion this year, according to the Boston-based research and consulting firm Aite Group. At the same time, card-not-present fraud jumped 38 percent from $3.2 billion to a projected $4.4 billion.
PNC launched its test pilot last month with motion-code enabled corporate credit cards — developed by smart card maker Idemia — at a handful of unidentified large- and medium-sized companies, according to Christopher Ward, executive vice president and head of product management for PNC’s treasury management unit.
The same type of anti-fraud technology is being tested and deployed by various card issuers around the world.
PNC’s trial is set to last 90 days. If all goes well, the bank expects to be in “full launch mode” for its corporate cards by the end of the first quarter, Mr. Ward said. He couldn’t say when the bank might extend the technology to its consumer cards.
“We’re constantly looking for ways to reduce fraud,” he said. “It’s harder for [crooks] to make counterfeit cards now because of chips … so fraud has moved to the card-not-present space.”
In PNC’s case, the motion-code application is hosted on a Visa server synchronized with the dynamic CVV cards. During the authorization process, the server is able to verify the correct CVV code because it knows the algorithm used to produce the numbers.
PNC and other card issuers can set the cards to refresh at custom intervals — every 30 or 60-minutes, for example.
“We picked a particular interval, but can’t disclose it,” Mr. Ward said.
Setting the optimal frequency can be tricky. If the cards are set to refresh too often, say every 10 minutes, there’s a risk that customers won’t have time to complete their legitimate online transactions before the code automatically changes.
Because the cards are powered by tiny lithium batteries, refreshing them too often also reduces their lifespan. For example, cards set to refresh every 60 minutes might last four years before needing to be replaced, while cards that refresh every 30 minutes might last only three years.
Another downside is that motion cards are more expensive than regular chip cards to produce. Prices vary, but according to one estimate, they cost about $15 compared with around $2 to $4 for a regular chip card.
Mr. Ward said the difference in cost wasn’t that wide, but that in any case, PNC expects to more than offset the higher expense by reducing fraud.
“Fraud is like a balloon. You squeeze it somewhere” and it bulges somewhere else, he said.
“This is a way to squeeze the balloon more in the card-not-present” side.
Patricia Sabatini: PSabatini@post-gazette.com; 412-263-3066.
First Published: December 26, 2018, 6:26 p.m.
