As methods and devices for engaging in financial transactions have increased, old problems such as fraud and counterfeiting persist.
One of the primary sources of fraud, which is prevalent in the credit card industry, is skimming. Skimming refers to the electronic copying of a card's magnetic stripe data to create counterfeit cards.
Skimming is predominantly a phenomenon afflicting static magnetic stripe based transactions. This is because the magnetic stripe, which is placed on the back of a transaction card and stores a variety of data on three separate tracks, is a passive medium. In other words, the digital content of the magnetic stripe can be perfectly copied, without any difference between the copy and the original.
One of the primary means by which skimming can be prevented is for the consumer to closely monitor the whereabouts of his transaction card. This may allow the consumer to prevent the card from being swiped through inappropriate devices. However, as contactless cards evolve, the classic skimming problem comes along with it when using static data. In fact, in a wireless environment, the opportunity to skim magnetic stripe data is more prevalent. In a wireless environment, a potential skimmer need not physically possess the card to be skimmed nor have access to any of the physical equipment (e.g. POS terminal, communication lines, etc.) which is required for skimming in a wire-based environment. A skimmer can, without the knowledge of the consumer or merchant, intercept the wireless transaction and copy the data being transmitted from the card to POS terminal.
To address the above problems, a dCVV or a dynamic card verification value can be used. For example, various systems and methods for generating dCVVs are discussed in U.S. patent application Ser. No. 10/642,878 entitled “Method and System for Generating a Dynamic Verification Value” filed on Aug. 18, 2003, and in U.S. patent application Ser. No. 11/764,376 entitled “On-Line Payment Transactions” filed on Jan. 29, 2008. Both of these applications are hereby incorporated in their entirety for all purposes.
In addition to generating a dCVV, a dCVV can be more effective for preventing fraud when it is securely received by a consumer. However, securely receiving and using a dCVV cannot overly interfere with a consumer's experience conducting a transaction. A consumer might not use the dCVV or a consumer might conduct fewer transactions if the inconvenience of receiving and using a dCVV is too great.
Embodiments of the invention address the above problems, and other problems, individually and collectively.