Identity verification methods related to authenticating and/or verifying users for access to secured systems are well known. One such method involves assigning a password to a user. When the user desires access to the secured system, the user inputs his or her ID and password to the system. The system confirms that the input password corresponds to the stored user ID and enables user access to the system. An enhanced version of this security technology is known as one-time password (OTP) authentication. OTP authentication uses a password that is transitory and only valid for a single use such that once used, the OTP is not valid for later access. The OTP may be time-based or event-based. Thus, even if the OTP is obtained by misappropriation, the possibility that it can be used to gain access to a system is very limited. The OTP is typically generated by a token possessed by the user and is input to an authentication system. The input OTP is compared to an OTP generated by the system using the same information and encryption algorithm as is used by the token. If the input OTP matches the OTP generated at by the system, the user is allowed access to the system.
The banking industry has developed a type of “password” for use with credit and debit cards. This password takes the form of an authentication code and is commonly referred to in the industry as a “card verification value” or “CVV.” The CVV is formatted and used according to accepted industry standards. Initially, the CVV was an extra numeric string encoded on the magnetic stripe of credit and debit cards. More recently, an additional three-digit code has been printed on the backs of credit and debit cards. This printed code is commonly referred within the banking industry to as a “CVV2” code and the magnetically stored code is commonly referred to as a “CVV1” code. The printed code can be requested and verified by merchants in transactions where the merchant has no other way of actually verifying that the customer has possession of the physical card. For example, in on-line shopping transactions, the consumer can be prompted to enter the CVV2 code from the back of his or her card. The CVV2 code can provide some assurance that the consumer has possession of the physical credit or debit card. A printed CVV code is often referred to by consumers and on-line vendors as a “3-digit security code”, “security code” or as “check digits.”