Abstract: A cardholder enters (305) payment information and a freely-selected transaction CVV in a merchant system (20). A payment system (30) receives (400) a request from the merchant system including the transaction CVV and transaction information, and sends (405) a transaction authorization request to a cardholder device (13). The transaction information are displayed (310) on the cardholder device and invites the cardholder to enter the transaction CVV for confirmation purpose. In response, the cardholder enters (315) a confirmation CVV. The payment system approves (240, 415) the transaction when the transaction and confirmation CVVs are the same. As a result, the CVV can have a short life and be changed at each transaction, thereby increasing the security of the transactions. Also, PCI certification constraints on servers are reduced since no issuer master key is required for the CVVs. Lastly, the cardholder has more control on the transaction validation.

Abstract: A cardholder enters (305) payment information and a freely-selected transaction CVV in a merchant system (20). A payment system (30) receives (400) a request from the merchant system including the transaction CVV and transaction information, and sends (405) a transaction authorization request to a cardholder device (13). The transaction information are displayed (310) on the cardholder device and invites the cardholder to enter the transaction CVV for confirmation purpose. In response, the cardholder enters (315) a confirmation CVV. The payment system approves (240, 415) the transaction when the transaction and confirmation CVVs are the same. As a result, the CVV can have a short life and be changed at each transaction, thereby increasing the security of the transactions. Also, PCI certification constraints on servers are reduced since no issuer master key is required for the CVVs. Lastly, the cardholder has more control on the transaction validation.