Newly launched Tender Armor hopes its CvvPlus product can help issuers, merchants, and consumers combat the risk from fraudulent card-not-present transactions, the company announced Wednesday.
The Fort Lauderdale, Fla.-based company says CvvPlus can help stem online fraud by providing a daily card verification code that is not printed on a card and known only to the legitimate cardholder and Tender Armor.
Once an issuer has signed up to offer CvvPlus, cardholders enroll their cards via a Web site, which issuers can brand with their own logos. Then once a day, the cardholder retrieves the day’s CvvPlus security code—delivered via email, text, or online—and enters that for any online purchases instead of the three or four-digit CVV printed on the card.
As the U.S. payment card industry begins its migration to EMV chip cards, many observers have suggested criminals will turn to e-commerce to make fraudulent transactions because the chips make cloning a physical card much more difficult than cards without chips.
Payments-software firm ACI Worldwide Inc. says its data already shows an increase in online fraud following the Oct. 1 liability shift.
“Fraudsters recognize they’re not going to be able to clone cards,” says Madeline Aufseeser, Tender Armor chief executive. “They’re going to migrate to the path of least resistance. That’s in the CNP space.”
As merchants try to increase sales by enabling easier online, or telephone-based, commerce, that also may make fraud easier for criminals, Aufseeser says. “The less data [merchants] ask [for], the higher the likelihood fraudsters will try to get in,” Aufseeser tells Digital Transactions News.
Merchants need do nothing to work with the system because the service operates between Tender Armor and the issuer, she says. When the consumer enters the CvvPlus code, along with a primary account number, expiration date, and the relevant addresses, the issuer’s authorization platform flags the payment indicating the card is enrolled in CvvPlus. A verification is made to ensure the CvvPlus code for the day that the consumer entered aligns with what Tender Armor says it should be. “We never see any cardholder data,” Aufseeser says.
If okay, the transaction is authorized. If not, Tender Armor sends a message to the consumer telling her that her card is being used for a transaction and asking if she wants to have the transaction declined, Aufseeser says.
If the transaction is legitimate, the cardholder must then correctly input the CvvPlus code. A CvvPlus-enrolled card will not be authorized if the correct code is not supplied for an online transaction.
Other providers offer similar services. Chip-card makers Gemalto NV and Oberthur Technologies each offer cards that contain a display used to show a dynamic CVV. Aufseeser says that unlike the Gemalto and Oberthur products, CvvPlus does not require re-issuing cards.
Tender Armor’s primary customers are card issuers, followed by large retailers that offer their own store cards, Aufseeser says. She will not disclose the company’s pricing plans, though issuers will pay Tender Armor for the service.
“We believe the reduction in chargeoff loses and costs with managing fraud will so go so far down, our costs will be negligible in comparison,” Aufseeser says.
Initially, Tender Armor is launching in the United States—it already has one client lined up—followed by Canada and Europe in 2016, she says.