Article

EMV card issuance made safe and secure

Securely issuing EMV cards requires a multilayered approach to both validation and system management.

February 28, 2014

by Isaac Young
Business development manager, HID Global

The payments industry is rapidly adopting Europay MasterCard Visa credit and debit payment cards that provide enhanced functionality for card authentication, cardholder verification and transaction authorization.

As EMV momentum grows, now is the time to consider best practices for secure issuance including multidimensional card validation, as part of a multilayered issuance system that supports both centralized and distributed issuance capabilities using high-durability cards materials.

Securely issuing EMV cards requires that banks employ a multilayered approach to both card validation and issuance system management.

With today’s printing solutions, it is also possible to combine the high-volume reliability and advanced credentialing features of larger centralized printers with the lower cost and smaller footprint of a distributed printing model. This ensures institutions can meet instant-issuance requirements at as many as thousands of branch offices and other locations.

Multilayered card validation

Multilayered card validation combines both two- and three-dimensional personalization elements. Two-dimensional identity validation might be a simple, standard-resolution photo ID, or more sophisticated elements such as higher-resolution images, a holographic card overlaminate, or laser-engraved permanent personalization attribute.

EMV cards include the third personalization dimension of storing payment information in a secure chip. All cryptographically secure personalization is performed using issuer-specific keys so that it is virtually impossible for a counterfeit EMV card to successfully conduct an EMV payment transaction.

The best choice for printing and encoding EMV cards is high definition printing retransfer technology, which delivers higher print quality as compared to direct-to-card technology. HDP solutions also eliminate the problem of misprints that can be caused from irregularities or abnormalities on or below the card’s service, because they transfer images to a special film that is then fused smoothly to the card.

This enables them to produce crisp continuous-tone images on cards made from a variety of materials, including those with a contact chip, and contactless cards with an embedded antenna. HDP technology also can be used to print images on one or both card sides and over the edge.

A printer’s encoding capabilities are also important. With today’s inline smart card personalization processes, cards are simply inserted into a desktop printer equipped with an internal smart card encoder that handles all card personalization in a single step. HDP printing solutions can encode magnetic stripe as well as both contact and contactless smart cards, and banks also can deploy solutions for standard, DTC printer platforms, as well as point-of-sale terminals and other equipment.

This enables financial institutions to produce and encode EMV cards that can be read by a variety of PIN pads, POS terminals and other payment devices featuring compatible encoder and reader solutions.

Multilayered system security

In addition to protecting credentials and cardholders through multiple-layered visual and digital security, banks must also ensure multilayered system security.

This includes limiting unauthorized access to physical components, and using mechanical locks or lockable security housings on printers and card input, output and rejected-card hoppers. It’s also important to lock all access points to protect ribbon, film and other consumables.

Next, establish a strong electronic security layer. Use PINs to control operator access to each printer, and ensure that all print job data packets meet or exceed advanced encryption standards. Ideally, choose a printer that features an internal print server for secure network printing.

Additionally, all personal data on used print ribbon panels should automatically be eliminated. Some card printers increase security with integrated sensors that ensure only authorized printers can use custom print ribbons and holographic card over-laminates.

Instant issuance flexibility

While a centralized card issuance solution offers cost and maintenance benefits, it doesn’t enable banks to personally hand a card to a customer, or get it to the customer within a day or so. This requires a distributed issuance model. Fortunately, financial institutions no longer have to sacrifice the advantages of centralized printers in order to deploy a distributed model for instant issuance.

Today’s ruggedized desktop printer/encoder units can be pooled to handle large-volume, centralized card runs, or deployed individually for on-the-spot issuance at branch offices. A combination of the two can be deployed throughout the branch network for optimal volume scalability.

Using this approach, financial institutions can create a complete and secure instant issuance system for its many branch locations, while maintaining and controlling this issuance infrastructure via a central security center.

One last point to consider in issuance system deployment is the durability of the card materials. EMV cards will be more expensive than standard plastic mag stripe cards, so it is in the financial institution’s best interest to ensure that the cards will last in the face of rigorous daily use.

Using new and advanced materials, the latest re-transfer films for HDP solutions feature significantly greater abrasion resistance and are three times more durable than standard retransfer films.

Preparing for the transition

EMV technology is on its way, and banks must plan for secure issuance systems that can support EMV’s multidimensional card validation elements with the necessary multilayered security. Solutions also must support a distributed issuance model that meets the remote, instant-issuance requirements of as many as thousands of branch offices.