Apple’s latest Apple Card security enhancement is designed to reduce card fraud by automatically rotating the card’s CVV security code. While the feature adds another layer of protection, it also raises questions about usability and whether shifting more responsibility to consumers is the most effective approach. As fraud prevention technology evolves, the challenge for issuers is balancing stronger security with a frictionless payment experience that doesn’t require cardholders to change their behavior.
I wonder how many Apple Card cardholders always use Safari and Apple Wallet when making payments on their Apple Card. Cardholders that memorize the card data for use over the phone or use Google Chrome may find this new security feature frustrating.
There are several solution providers that have attempted to implement CVV codes that change on a regular basis. While I check my card transactions regularly (and most of my accounts send me notifications when the transaction occurs) I still feel that security is the problem for issuers and card networks since they have given me Zero Liability.
A much better approach that Apple should adopt would not require consumer effort. Utilize device fingerprinting and behavioral biometrics to consolidate account access with card user authentication techniques. This would also eliminate risk for low value and transactions performed directly on the iPhone. If the risk of the transaction is too high, then require step-up authentication using Face ID.
I thought Apple was a technology leader:
“Called Advanced Fraud Protection, the new feature automatically rotates Apple Card’s three-digit security code after users view the number in Wallet or it is auto-filled in Safari, according to an Apple support document.
As noted by Apple, Advanced Fraud Protection can be used without risking interruptions to streaming services and other memberships because merchants typically use credit card security codes only to authorize an initial payment.
Unlike other credit cards, Apple Card’s security code is stored in the Wallet app, not on the physical card. This allows Apple to rotate the number on its backend and digitally present the freshly generated digits to users.
While the feature increases security, cardholders should be aware that they will need to check the Wallet app for the latest code whenever making a purchase. For some, the minor inconvenience will be a small concession for added peace of mind.
Advanced Fraud Protection can be accessed on iPhone by navigating to the Wallet app, selecting Apple Card, tapping on the card number icon and authenticating with Face ID, Touch ID, or your passcode. On iPad, the option is in the Settings app under Wallet & Apple Pay.
Apple notes that the feature can be deactivated without impacting Apple Card transactions or recurring monthly subscriptions.”
Rotating security codes can help limit certain types of card-not-present fraud, but it may also create friction for consumers who frequently use their card outside Apple’s ecosystem. More advanced approaches, such as device fingerprinting, behavioral biometrics, and risk-based authentication, can provide stronger protection without requiring additional effort from cardholders. As digital payments continue to evolve, the most successful security solutions will likely be those that operate seamlessly in the background, intervening only when transaction risk warrants additional verification.
Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group








