Is the Ellipse EVC All-In-One Solution the Key to Unlocking the Dynamic CVV Opportunity

By Sam Gazeley | 4Q 2023 | IN-7146

Registered users can unlock up to five pieces of premium content each month.

Log in or register to unlock this Insight.

STMicroelectronics announced in October 2023 that it would act as the supplier for energy harvesting secure microcontrollers to Ellipse for a new metal payment card solution with Ellipse having developed a micromodule that extends the protection of Europay, Mastercard, Visa (EMV) to e-commerce and that is agnostic to the battery solution. The metal payment card body, supplied by CompoSecure, leverages the technology to refresh the Card Verification Value (CVV) code on the back of the card every time it is tapped or dipped at a Point of Sale (POS) terminal, Automated Teller Machine (ATM), or mobile app.

The battery-free Dynamic CVV (dCVV) offering was created to pivot around the ST31N600 secure microcontroller developed by STMicroelectronics, as one of the main pillars of the Ellipse Verification Code (EVC) All-In-One dCVV micromodule. This EMV micromodule supports payment cards with a CVV display found on the back of the module that displays a shifting code each time the payment card is used at an ATM or physical POS terminal, with a further option to change the code as needed through the mobile form factor. The new CVV code is then used for online or Card Not Present (CNP) transactions, lowering the risk of false declines and malicious CNP activity.

As it relates to market growth for dCVV, it is clear that previously expected growth has not materialized in the wider market over the last few years. Historically, the vast majority of dCVV payment cards currently circulating in the market include a battery for the E-Ink screen to function. However, several issues exist both with the incorporation of a battery in a payment card and challenges from competitive solutions:

• Higher Card ASP: Payment cards reliant on the inclusion of a battery will command a higher price point, resulting from the increased manufacturing and distribution requirements over that of a traditional payment card.
• Restricted Card Life Span: Introducing any electronic component into a card will create additional manufacturing requirements; the dCVV card is no different, as battery-powered cards typically have a shorter operational duration compared to traditional cards.
• Impact on Sustainability: In a market with a clear focus on sustainability, a battery in a payment card would contribute to electronic waste and provide a challenge to proper disposal and/or recycling.
• Dependability: The payment card market has pivoted away from batteries and is looking to alternative forms of power in order to enable dCVV functionality, including power harvesting from the terminal side, a strategy also adopted by biometric payment cards.
• Hardware Security Module (HSM) Infrastructure: Previously, it was the case that issuers had to invest in specific and dedicated HSM infrastructure to support a dCVV solution.
• Three-Dimensional (3D) Secure: By authenticating the cardholder in real time directly from the issuer during an e-commerce transaction, 3DS already supports myriad authentication methods, including One-Time Passwords (OTPs), static passwords, online banking credentials, EMV readers, and biometrics. This can be considered an indirect competitive solution to dCVV, allowing flexibility for authentication options and risk management.

The world has seen the role of the smartphone grow rapidly and converge with payments since the launch of Original Equipment Manufacturer (OEM) wallets, derived cards and credentials, and the growth of Near Field Communication (NFC) technologies in handsets. Furthermore, the convergence of the mobile handset into the payment market has been rapid, accelerated through COVID-19 as the market leaned away from physical touchpoints and toward digitized payment solutions, meaning that the smartphone has become synonymous with payment security. With consumers favoring digitized banking and payment solutions through app-based platforms, dCVV is available to be created as needed via the mobile form factor, already leveraging biometrics on the mobile platform. However, mobile dCVV is not a silver bullet solution, as it causes an additional time-consuming step to reach the point of transaction. This may turn away potential users who prioritize convenient and fast payment, with a potentially increased rate of checkout abandonment. In such a scenario, a dCVV card, not reliant on a battery, could prove to be a superior solution.

The solution from Ellipse, STMicro, and CompoSecure will serve to provide a breath of fresh air in the dynamic CVV card market. It demonstrates that the major obstacles of needing a battery and a proprietary dedicated verification server need no longer be factors to hold the market back. If dCVV is to secure a mainstream place in the payment card technologies market, it will need to be adopted by vendors and financial institutions alike to achieve significant volume orders, which are critical to achieving economies of scale. One such solution to introduce dCVV into a wider market is to include it within next-generation payment cards such as metal, positioning dCVV as a security feature alongside the look and feel of a luxury payment card. Combining dCVV with metal is a guaranteed way to increase the prestige of the card in a solution that is already expected to carry a greater Average Selling Price (ASP).

Additionally, in order to reduce the risk of card-interception fraud, the Ellipse solution can be shipped with the dCVV display in a blank mode to ensure that this critical information cannot be obtained through illicit means. Upon card activation, the dCVV screen then populates, changing each time a transaction is made (through power-harvesting from a POS terminal) or changed through a mobile app using NFC.

Finally, from an issuer's perspective, the Ellipse solution provides a significant advantage, in that it does not require a change in back end infrastructure, running from the same HSM back end as the traditional payment card (with a minor script change to support the dCVV code). Any issuer with an EMV-compliant back end is not required to overhaul card management infrastructure to support the solution.

The Ellipse EVC All-In-One module has the potential to be a pivotal solution in the dCVV payment card market, solving issues around battery inclusion, security, and cost to implement, while retaining the flexibility to be able to integrate into an existing portfolio with very minor changes.