Single-use CVV codes provide a simple and effective way to increase the level of security for customers when they shop online.

We contact the bank’s authorization server a few seconds before checkout and provide EMV data to prove the card is present. 

Card issuers can eliminate false declines by processing Chip Shield transactions using “card present” fraud rules.

No changes are required to the merchant site and authorization is processed normally through the payment gateway.

How It Works – EMV to Single-Use CVV

The image above gives an overview of the CVV generation and authorization process.  This requires that the card issuing bank or its core provider integrates the validation into their existing CVV processing.

Step 1 – The Chip Shield Reader interacts with the card EMV chip to generate an EMV Cryptogram.   This information is encrypted in the Chip Shield reader and passed to the browser extension.

Step 2 – The EMV Cryptogram is sent from the browser to the issuing bank’s CVV authorization server in encrypted format.

Step 3 – The authorization server validates the EMV data and generates a single-use CVV code for the transaction.

Step 4 – The standard primary account number and the single-use CVV are passed to the merchant site.

Step 5 – The merchant requests authorization of the payment and passes it to the card network.

Step 6 – The issuing bank verifies the card information and makes sure the CVV matches the newly generated one.

The bank knows that the card was present for the transaction and can loosen it’s authorization rules to prevent a false decline.

This process is transparent to the customer and the online merchant and only takes a couple of seconds to complete.

Single-Use CVV Mobile Support

For mobile apps, customers typically set up payments when they first download an app and save their card on file (e.g. saving your card in the Uber app).

The customer can launch the Chip Shield app to request a Single-Use CVV code and then enter the code into the payment form.

The Chip Shield reader connects to the phone over the audio jack and the EMV Cryptogram is sent with the mobile CVV request.

Since the CVV is only requested when storing a card on file, there is no need for customers to carry the Chip Shield reader to make purchases.