PCI and OnLine Transactions - the Elephant in the Room

While PCI 2.0 has been in place for almost 3 years, Online transactions still operate in the Stone Age

on 2018-08-07 Jim McMillan wrote

While lots of attention has been paid to PCI and the impact of chip cards at the POS registers, the fact remains that Online transactions have not kept pace with new PCI technology. Today, several years after the latest round of PCI changes were implemented, there still is no solution to the protection of a customer’s card when transacting online. And we are still doing things ‘the old way’ with respect to what the consumer enters when they tender an online transaction with their credit card. As everyone knows, Online orders are increasing exponentially year over year. This also presents an opportunity for fraud to expand (especially when the perpetrators have been thwarted at the register). Some processors are aware of this and are currently working on solutions. One of the more interesting concepts involves re-issuing chip cards with a dynamic CVV (3 or 4 digit security code). This would change each time it’s used. The CVV would be compared on the processor’s database against a list of random CVV codes. In order for the consumer to see their current CVV code, a small display would be attached to the card, showing only the active code. One of the drawbacks to this process is the cost of the cards which would rise from approximately $3-4 to $12. But the advantage of this dynamic CVV, (which makes it comparable to the dynamic PIN, which is stored on today’s chip cards) may eventually outweigh the cost, as processors continue to seek out ways to combat fraud in the marketplace.