The payments industry is quickly moving toward worldwide adoption of credit and debit payment cards using Europay Mastercard Visa (EMV) chip card technology. Securely issuing these cards requires that banks employ a multilayered approach to both card validation and issuance system management.
Solutions also must combine the high-volume reliability and advanced credentialing features of larger centralized printers with the lower cost and smaller footprint of a distributed printing model in order to meet instant-issuance requirements at as many as thousands of branch offices and other locations.
Multilayered card validation
Multilayered card validation combines both two- and three-dimensional personalization elements.
Two-dimensional identity validation compares the person presenting credentials with identifying data that is displayed on the card (i.e., a simple, standard-resolution photo ID, or more sophisticated elements such as higher-resolution images, a holographic card overlaminate, or laser-engraved permanent personalization attribute). EMV cards go beyond these elements to include a third dimension: storing payment information in a secure chip. All cryptographically secure personalization is performed using issuer-specific keys so that it is virtually impossible for a counterfeit EMV card to successfully conduct an EMV payment transaction.
The best EMV printer/encoder choice is high definition printing (HDP) retransfer technology, which produces crisp continuous-tone images on cards made from a variety of materials. Unlike direct-to-card (DTC) print technology, HDP printers transfer images to a special film that is fused smoothly to the card, improving card durability and fraud protection while eliminating misprints from irregularities or abnormalities on or below the card's surface. HDP technology can be used to print images on one or both card sides and over the edge, and offers higher print quality than DTC technology. It can be used to produce cards with a contact chip, as well as contactless cards with an embedded antenna.
A printer's encoding capabilities are also important. Proper identity validation management requires routine synchronization of personalization data with preprogrammed data on the card's electronics.
With today's inline smart card personalization processes, cards are simply inserted into a desktop printer equipped with an internal smart card encoder that handles all card personalization, inside and out.
Nearly all major card printer manufacturers optionally build card readers/encoders into their machines, and offer card issuance software that is compatible with the integrated system. Card printers also can generally be upgraded with an encoder in the field. HDP printing solutions can encode magnetic stripe as well as both contact and contactless smart cards, and banks also can deploy solutions for standard, DTC printer platforms, as well as point of sale (POS) terminals and other equipment. This enables financial institutions to produce and encode EMV cards that can be read by a variety of PIN pads, POS terminals, and other payment devices featuring compatible encoder and reader solutions.
Multilayered system security
In addition to protecting credentials and cardholders through multiple-layered visual and digital security, banks must also ensure multilayered system security. Start by limiting unauthorized access to physical components. Use mechanical locks or lockable security housings on printers and card input, output, and rejected-card hoppers, and lock all access points to protect ribbon, film, and other consumables.
Next, establish a strong electronic security layer. Use personal identification numbers (PINs) to control operator access to each printer, and ensure that all print job data packets meet or exceed advanced encryption standards. Ideally, choose a printer that features an internal print server for secure network printing.
Finally, ensure that personal data on used print ribbon panels is automatically eliminated. Some card printers increase security with integrated sensors that ensure only authorized printers can use custom-print ribbons and holographic card overlaminates.
Instant issuance flexibility
While a centralized card issuance solution offers cost and maintenance benefits, it doesn't enable banks to personally hand a card to a customer, or at least get it to the customer within a day or so. This capability is important for customer service and loyalty, and requires a distributed issuance model.
Fortunately, financial institutions no longer have to sacrifice the advantages of centralized printers in order to deploy a distributed model for instant issuance.
Today's ruggedized desktop printer/encoder units can be pooled to handle large-volume, centralized card runs, or deployed individually for on-the-spot issuance at branch offices. A combination of the two can be deployed throughout the branch network for optimal volume scalability. Using this approach, financial institutions can create a complete and secure instant issuance system for its many branch locations, while maintaining and controlling this issuance infrastructure via a central security center.
The most effective distributed issuance solutions use high-duty-cycle printers that are easily scalable, decrease operational and service costs, and maximize credential output with any combination of physical, electronic, or visual personalization. Multiple units in a single location can be networked to produce moderate to increasingly larger volumes in continuous batch runs. Alternatively, banks can implement a geographically dispersed, securely networked configuration, in which the printer/encoder infrastructure shares one or more common or centrally-managed databases and ensures redundancy if one printer malfunctions and must be repaired. A third option is a hybrid that combines geographically dispersed groups of printer/encoder units.
Distributed issuance requires a single connection for all printing and encoding functions. Many printer/encoder solutions feature one interface for the printer functionality and another for the smartcard encoder functionality inside the box. This involves multiple, difficult-to-manage cables and workstations. It's better to manage all of the solution's printing and encoding functions via a single-wire ethernet connection. Each printer can be connected to the network and remotely managed via this single ethernet link for easier installation and management.
Other key printer/encoder selection criteria for distributed issuance include system reliability and performance, as well as operational convenience and system scalability. To optimize the versatility and flexibility of distributed card issuance systems, it is important that field-upgradeable modules are available to meet current or future specialized credential needs.
EMV technology is on its way to the United States. To support its multidimensional card validation elements, banks need secure issuance solutions that use multilayered validation and system security. They also must support both centralized and distributed printing to accommodate the remote, instant-issuance requirements of as many as thousands of branch offices, so that banks have the option to personally hand customers their new EMV cards.
By Alan Fontanella, vice president of Product Marketing for Secure Issuance HID Global