Privately held security startup Tender Armor today is exiting stealth mode with the announcement of its CvvPlus credit card fraud prevention technology.
On the back of almost every major credit card there is a Card Verification Value (CVV), which is a three-digit number that is used by banks and payment processors to verify payments when the physical credit card is not present—for example, with online transactions. (American Express cards have a four-digit number on the front of the card.) The CVV is a static number on a consumer’s printed credit card and as such is at risk when a credit card itself is stolen. The goal with Tender Armor’s CvvPlus technology is to provide another layer of authentication via a randomly generated CVV number that is sent to the credit card holder, much like a two-factor authentication token for common types of Web access.
“We built the system from scratch and have filed for patents on it,” Tender Armor CEO Madeline Aufseeser told eWEEK.
When a customer uses a point-of-sale (PoS) terminal, the authorization process for a credit card occurs within seconds, Aufseeser said. The authorization process verifies that cardholders are who they say they are, the card is in good standing and there are funds to approve the transaction. What Tender Armor is doing, she said, is adding another element, such that a bank can check for the CvvPlus code that is coming in to determine the validity of a given credit card.
“We communicate with the authorization platform with batch files in an asynchronous manner to give them the CvvPlus codes that we produce in our system,” Aufseeser said.
The CvvPlus system provides consumers with a code that is updated on a daily basis. Even though those codes can have a life of up to one day, Aufseeser is confident that users will be secure.
“Since CvvPlus is a dual-factor, out-of-band authentication method, a hacker would not only have to get the code, they would also have to get the card number associated with the code,” Aufseeser said. “So even if a crook was to steal a consumer’s credit card, they’d also have to steal the consumer’s phone [and] they’d have to know that the customer is using CvvPlus and where on the phone the code is found.”
Users can choose from a number of mechanisms to get the CvvPlus code. Codes can be delivered via a text message or an email. Tender Armor is in the process of also building a stand-alone mobile app, Aufseeser said.
“What we have also planned is that in the future users will be able to request up to seven days’ worth of codes,” she said.
Currently, Tender Armor is selling the CvvPlus technology directly to bank and credit card processors. Consumers will be able to opt in to CvvPlus technology security from the banks and credit card issuers that offer the platform.
“We suspect that most entities will give the CvvPlus service away for free to cardholders,” Aufseeser said. “This is a huge opportunity for banks to save money on chargeback losses and card replacement costs.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.