It would seem to me that having a consumer use the internet or better, the phone, to enter a secure number that would replace the CVV2 code would be better for all online transactions. Since the CVV2 code can be photo-copied, the secure code could not. I think that issuers need to think this out a little more and come up with a system that is easy to use and secure for all types of transactions. None of the systems so far appear to have been thought out well and fall by the wayside as soon as someone finds a flaw. These security system need to be given thought that allow the holder to secure transactions, yet also would foil any fraudulent transactions from unathorized users and allow more safety to merchants accepting these transactions. It is like the internet, build a secure firewall and keep checking for intruders. These codes should also be able to be changed at ATM machines or at any bank similar to PIN numbers. There will always be some flaw in these designs, but if they are given more thought prior to implementation, they stand a better chance of working.

I agree that nothing is perfect and flaws are inevitable in complex systems such as SecureCode and 3D-Secure. However, payment security is all about risk management which means these systems won't get scrapped unless a fundamental flaw against which scalable attack can be made is discovered.