http://www.switched.com/2008/11/16/new-visa-card-features-keypad-generates-random-security-codes/

If this should catch on and make it's way to the US, it could have some very interesting implications for cross sells. If the security code changes with every transaction, or even by merchant, cross sells would be over.

Of course the scarier part is if it is per transaction, this could also end rebills.

I agree with the author, "...let some other folks try it first, and then have them tell us how it works out."

I like the idea of preventing cross sales, but there are way too many recurring transactions in mainstream for this to be widely implemented if it also causes rebills to fail.

I agree with the author, "...let some other folks try it first, and then have them tell us how it works out."

I like the idea of preventing cross sales, but there are way too many recurring transactions in mainstream for this to be widely implemented if it also causes rebills to fail.

the consumer friendly answer is give the consumer the choice at the time he creates the security code to make it recurring enabled or "single use".

This shouldn't affect rebills at all, nor cross sells which are done properly.
The cvv2 code cannot be used for rebills because it's not allowed to be
stored anywhere. Actually that's the whole point of the security code in
the first place - if you present that code with the transaction, that proves
that the card is there because unlike the card number, the cvv2 cannot
be stolen from any database. It can't be stolen because it can't be PUT
in you or your processor's database to begin with.

A merchant or processor may pay a little bit higher fee to Visa for rebills
for this reason. Whether or not you have the cvv2 is one consideration
for whether Visa charges the lower fee for "qualified" or the higher non-qualified
fee. Other factors include whether you have the billing address and if so
how much of it matches. For example some gas pumps ask for your zip code
when you pay by card.

With the new technology, the security code which be different each time, so
it would simply serve to enforce the existing rule against storing the cvv2 -
a stored one wouldn't be valid anyway. Rebills would just be processed the
same way the are supposed to be processed today - without the code.

Similarly with cross sells. If you could do the cross sell at the same time,
you could bundle them into one transaction. If not, you'd just process the
cross sell without the cvv2. We do both of these types of cross sells and
rebills with Strongbox, Throttlebox, and Clonebox. The Strongbox order
form let's you choose to add Throttlebox to your order at a discount,
or you can add it later, and Clonebox rebills like hosting does. If you
buy Strongbox and Throttlebox together we use your cvv2 for the combined
transaction. If you add Throttlebox later or get rebilled for Clonebox we
run it without the cvv2 and pay a higher fee.

If rebills end, there will be many problems for many people.