In countries where online card payments are subject to two factor authentication (e.g. India), card number + expiry date + CVV serves as the first factor. Mobile OTP is the most well understood second factor but it’s not the only one: Verified by Visa (VbV) / MasterCard Secure Code (MSC) password can also be used as the second factor of authentication.
VbV and MSC are both static passwords – the cardholder sets it once and keeps using the same password for all online card payments. That’s unlike Mobile OTP, which is different from one transaction to another.
Did you know that you can enter your static VbV / MSC password instead of the dynamic Mobile OTP to authenticate an online credit card / debit card payment? This is especially useful when OTP doesn't reach you due to weak signal. #VerifiedbyVisa #MasterCardSecureCode #2FA pic.twitter.com/TrCxPydd9S
— GTM360 (@GTM360) September 25, 2019
A dynamic password like Mobile OTP surely provides more security for the transaction but it also adds friction and a point of failure. If mobile network signal is weak where the user is attempting the payment, the user won’t receive the Mobile OTP and the transaction can’t be completed. VbV / MSC provide an alternative way to complete the transaction.