This week's release:
Global | Employee Discounts | Removing CVV from the SmartSpending™ app
In the next update of the SmartSpending™ app, we’ll be removing the CVV entry from the mobile app checkout flow when you purchase again on the same device. This mirrors the web flow we introduced in 2020. This is a great usability and security improvement for employees!
We’re able to do this because we get a card ‘fingerprint’ back from our payment provider. This fingerprint is unique to each card but does not reveal anything about the card itself to us. We can use this with our own device ‘fingerprint’ to build a matching set of cards to devices. If we see a mismatch, we’ll prompt for the full details again.
What does this mean for employees using the app?
If employees are purchasing with a new or saved card, on a new device, they'll need to enter the full details for their first purchase. If they are using a saved card, on an existing device, they'll be able to make a purchase with no extra information.
Because they can only pay on an existing card on an existing device to avoid entering full details, it means that anyone trying to defraud them would have to get access to existing devices. And even then, we have the following protections in place:
- PIN-entry or biometric checks to access the app
- We wipe the app details after five failed attempts for these checks and have anti-tampering measures in place
- We still take every transaction through the Verified by Visa or MasterCard Secure Code authorization process with the cardholder’s bank, as required
All of these security measures mean we are able to remove the need for CVV input for payment on existing devices, with existing cards - as we have on the web - without compromising security. In fact it enhances the employee's security because it means we reduce the amount of data we need from the credit card each time.
This security improvement is just one example of how we are continually working with our payment partner, anti-fraud solution provider, and others to identify trends and actively stop fraud.
UK | Cycle to Work Plus | Streamlining the invoicing process
Up until now, Reward Gateway Cycle to Work Plus clients have been invoiced directly by Halfords Cycle2Work. This has meant many clients had to set up Halfords as a new supplier for their payment processes, which can create an administrative burden for their teams.
Based on this feedback, we have agreed with Halfords that all invoicing for Cycle To Work Plus programmes will come directly from Reward Gateway from now on. This means clients will not need to process individual payments to Halfords. Instead, they will be able to access their invoice details in SmartPay, just as they can with other salary sacrifice products from Reward Gateway.