How It Works – EMV to Single-Use CVV
The image above gives an overview of the CVV generation and authorization process. This requires that the card issuing bank or its core provider integrates the validation into their existing CVV processing.
Step 1 – The Chip Shield Reader interacts with the card EMV chip to generate an EMV Cryptogram. This information is encrypted in the Chip Shield reader and passed to the browser extension.
Step 2 – The EMV Cryptogram is sent from the browser to the issuing bank’s CVV authorization server in encrypted format.
Step 3 – The authorization server validates the EMV data and generates a single-use CVV code for the transaction.
Step 4 – The standard primary account number and the single-use CVV are passed to the merchant site.
Step 5 – The merchant requests authorization of the payment and passes it to the card network.
Step 6 – The issuing bank verifies the card information and makes sure the CVV matches the newly generated one.
The bank knows that the card was present for the transaction and can loosen it’s authorization rules to prevent a false decline.
This process is transparent to the customer and the online merchant and only takes a couple of seconds to complete.