As EMV is successfully implemented in the U.S. in a couple of months, what’s going to happen here is what has already happened in other countries: it will result in a substantial uptick in incidences of online, card-not-present fraud.
A solution is necessary, and Martin Ferenczi, President of Oberthur Technologies (OT) North America, thinks he might have one. But questions arose in his recent discussion with MPD CEO Karen Webster. Can any one innovative technology in the card-not-present space be adaptable by issuers, merchants and consumers alike without disrupting the payments ecosystem at large?
KW: I know this is an extraordinarily busy time for you, given the EMV liability shift that is upon us. But we’re here to talk not about offline fraud which is what EMV is going to try to tackle, but online fraud. It’s a very big problem, and one that will probably pick up as we successfully implement EMV in the U.S.
From your perspective, who is the loser when it comes to online fraud and not being able to handle it successfully?
MF: First of all, I think you’re absolutely right that, as the U.S. moves to EMV cards, a significant amount of fraud will move away from the card-present environment to the card-not-present environment.
Today, merchants are primarily responsible for card-not-present fraud. According to data from the Federal Reserve based on fraud losses in 2013, 70 percent of the cost of card-not-present fraud is borne by merchants.
KW: That’s a pretty big liability, and one that certainly — as online volume grows and as the threat of fraud increases — needs to be addressed. Let’s talk about the way that Oberthur is thinking about addressing this problem.
It’s a very creative new solution called Motion Code, and it involves a card that has a dynamic CVV on the back. Describe how it works in practice.
MF: Motion Code is a technology that is the first of its kind. Effectively, it replaces the 3-digit security code on the back of the card with a mini-screen displaying a code that automatically changes periodically.
The card construction is significantly modified to include a ultra-thin lithium battery (with a life of around 3 years) and an e-paper, 3-digit display with a code that refreshes every hour.
This technology adds an additional layer of security for online transactions — but with total transparency for the cardholder and the retailer.
The cardholder will not have to change anything in their normal buying behavior. When they’re asked for the code on the back of the card, they will just read a 3-digit number, as usual; the fact that the code happens to be changing every hour doesn’t affect them. The only visible difference to them is that it’s displayed on a mini-screen.
Likewise, the Motion Code technology creates no change for the e-retailer’s online payment acceptance system. For them, the process of using it in a transaction is just as transparent as it is for the consumer.
As for the issuer or processor, Oberthur does need to install in their facilities a specific server that is synchronized with the algorithm that is used to generate the code. That server is part of our offering; we offer both the card with a changing code as well as a server solution to the issuer or processor so that when they receive a request for acceptance of a code, they can link it to a specific card.
KW: So the issuer and the card processor are going to have to change things on their side. The merchant and consumer do nothing different — although I think I lot of consumers will notice there is something different on their card. I, for one, memorize my CVV!
MF: They will notice — and what they will notice is that we’ve added an additional layer of security. What we are able to do, here, is provide security with convenience. And that is absolutely key to the consumer experience.
KW: Oberthur is going to bring Motion Code to market in the fall. How will the cost be borne throughout the ecosystem with the implementation and deployment of this technology? Has that been worked out, or is it to be determined?
MF: It’s very much to be determined, and it’s being negotiated with our first customers.
Having said that, the initial reaction from the issuers we’re talking to — while of course the cost of the card, because of its complexity, will be higher than that of an EMV card — is that the feature is one of significant value to them, because it may very well compel consumers to make the card top-of-wallet. Issuers are going to be in a position to offer an EMV card for card-present transactions and a Motion Code card, all in one, for card-not-present transactions.
Our customers who see it are saying, “Wow — that adds a lot of a value for us as an issuer.”
KW: I can see where that would be a really interesting solution, since a lot of the concern related to the EMV card is that it works in an offline environment but not necessarily in an online one — but you’ve solved for that with Motion Code.
MF: That’s correct. But once again, the beauty is that it’s all in one. You use the same card for card-present transactions in the store that you do at home when shopping online.
KW: One more question or two, and then we’ll let you get back to the business of keeping all of our payment credentials safe around the world.
Motion Code is obviously something that’s been in development for a while, given the complexity of the card and the technology that underpins it. What was the inspiration for it, and how did it evolve?
MF: I’ll tell you what’s interesting: we have figured out that EMV cards for card-present transactions do provide good security against counterfeited cards.
The real motivation was (and is) that every country that has moved to EMV has seen significant growth in card-not-present fraud. Our team focused on dealing with that problem, and last year we acquired a small company that had the elements of what would become Motion Code. Now that is incorporated within OT and it will mark the next evolution in providing an additional layer of security to the issuing community and therefore to their customers.
KW: A quick word on the rollout; there’s going to be a pilot in the fall. Can you give us an overview of what that will entail?
MF: Our objective is to roll out a number of pilots. I’m pleased to let you know that we’ve already signed up a few of them, two of which have been made public. One is with BPCE in France, and the other is with a Polish bank called Getin.
We are developing pilots for these two institutions because they want to test the efficiency of the solution, and they want to better understand the advantages it can bring to the ecosystem.
We believe that we will have probably 10 to 15 pilots by the end of the year. There is considerable interest on every continent: in the U.S. as well as in Europe; in the Middle East; in Australia; and other countries…our rollout is going to be worldwide.