Visa pilots card-not-present security app with Michigan State University FCU
Visa has partnered with Keyno to pilot a mobile app-enabled dynamic card security system at Michigan State University Federal Credit Union.
The pilot leverages Keyno’s CVVkey technology that uses a dynamic card verification value 2 (CVV2) code to provide a higher level of security against fraud for online and mobile in-app card not present transactions. A CVV2 is normally a static code printed on the back of a payment card for card-not-present authentication.
MSUFCU credit cardholders will be able to obtain a dynamic CVV2 code by downloading a separate white label app from Keyno. The dynamic CVV2 is automatically updated every six hours.
“We see this as an exciting opportunity for both our employees and members to be part of a payments innovation,” said Ben Maxim, assistant vice president of digital strategy and innovation at MSUFCU. “We try to be on the front-end of technology. We see this as the same for online transactions as EMV chips are for in-store transactions. It’s important for us to be ahead of the game when it comes to fighting fraud. Every dollar lost to fraud means a dollar less that we can spend on improving our programs and helping our members.”
The pilot has been made available to approximately 950 MSUFCU employees and will expand next week to include up to 1,000 credit union members. The pilot will last approximately three months and seeks to measure the impact of fraud reduction as a result of the new technology. Maxim noted that MSUFCU will add more members to the pilot in order to get statistical relevance to the impact.
“This is the first commercial application of our technology,” said Robert Steinman, CEO at Keyno. “We provide a turnkey system to the issuer where they can use our white label app or an SDK integrated into their mobile banking app. The dynamic CVV2 can be changed between every one to 18 hours. Six hours is the sweet spot because it gives merchants the flexibility they need and issuers the stronger protection they desire than a static CVV2.”
Maxim noted that currently, MSUFCU is using the separate mobile app provided by Keyno, but that the integration of an SDK may be in the product roadmap. One of the things being tested during the pilot is if members will prefer the separate app or want it integrated into their mobile banking app.
“Our goal is to eventually roll out this technology to our 300,000 members,” added Maxim. “The mobile app solution is cheaper than having a dynamic CVV2 built-in to the card and it’s much more flexible.”
In the past, card issuers and card manufacturers have attempted to roll out dynamic CVV2 generators built into cards or have separate tokens consumers could use. Due to high cost and impracticality, many of these solutions never caught on.
“The main impetus behind CVV2 is to protect card not present transactions,” said Tom Rapkoch, director of seller solutions at Visa. “EMV knocked down card-present fraud as its adoption has grown. Fraudsters found that moving to CNP fraud has been a lucrative opportunity. What interested us in Keyno’s solution was that using a mobile app to create a dynamic CVV2 is much less expensive than adding that capability to the card. We felt MSUFCU was the right fit for the pilot because they are very innovative.”
Maxim noted that last year, MSUFCU worked with Visa and its innovation center to identify a chat bot partner. “We are very excited to be the first to use this technology since it fits with our focus on innovation,” said Maxim.
According to a Federal Reserve study, since the introduction of EMV chips in October 2015, in-store card transaction volume has largely shifted in favor of EMV-enabled chip transactions. Starting from $100 billion in chip-enabled payment volume, or about 3% of the total card payment volume in 2015, EMV adoption has quickly grown to $2.15 trillion in chip-enabled volume or about 65% of total card volume in 2018.