As the payments industry continues its transition to Europay Mastercard Visa (EMV) chip card technology for credit and debit payments, it is important to ensure high security for contact and/or contactless cards while enabling instant issuance at a large number of branch offices and other locations. There are a number of important best practices to consider, writes Craig Sandness, VP of Product Marketing for Secure Issuance with HID Global.
The first requirement is a multi-layered approach for both card validation and overall issuance system management to ensure optimal security. Financial institutions will need card personalisation solutions that combine the high-volume reliability and advanced credentialing features of larger centralised printers with the lower cost and smaller footprint required for an instant-issuance, distributed printing model.
Multi-layered security
Multi-layered card validation is ensured through both two- and three-dimensional personalisation elements. Two-dimensional elements including standard-resolution photos as well as more secure high-resolution photos, holographic card over-laminates and laser-engraved attributes. The third security dimension is storing all payment information in a secure chip. All cryptographically secure personalisation must be performed using issuer-specific keys, so that it is virtually impossible to create a counterfeit card that can be used to successfully conduct an EMV payment transaction.
One of the challenges of EMV cards is how to employ multi-layered personalisation techniques on cards with embedded electronics. High definition printing (HDP) retransfer technology solves this problem by printing images to a special film that is then fused smoothly to the card, sealing the image under the film for increased durability and fraud protection. HDP produces crisp, high-definition, continuous-tone images on technology cards made from a variety of materials, without the fear of misprints from irregularities or abnormalities on or below the card’s surface. HDP also allows images to be printed on one or both sides and over the card edge, and offers print quality with vibrant colours and sharp text and graphics that replicate the look of pre-printed cards. It can be used to produce cards carrying a contact chip, or contactless cards with an embedded antenna.
Another requirement is to protect the integrity of the overall issuance. This is done through a multi-layered security approach. First, use mechanical locks on printers and hoppers to limit access by unauthorised users, and place physical locks on all access points to protect consumables such as ribbon and film. Second, employ personal identification numbers (PINs) to control operator access to each printer, and ensure that print job data packets meet or exceed advanced encryption standards. Finally, ensure automatic elimination of personal data on used print ribbon panels, and/or employ printers with integrated sensors that only permit the use of custom print ribbons and holographic card over-laminates in authorised printers.
Distributed issuance
Financial institutions don’t have to sacrifice the benefits of centralised printers in order to adopt a distributed issuance model. Today’s ruggedised desktop printer-encoder units can be pooled to handle large-volume, centralised card runs, or deployed individually for on-the-spot card issuance at branch offices. Institutions can also use both printing approaches throughout the branch network and scale volume capabilities up or down when needed.
Choose high-duty-cycle printing solutions that decrease operational and service costs and maximise credential output with any combination of physical, electronic or visual personalisation. Multiple printer-encoder units can be networked in a single location to produce moderate to increasingly larger volumes in continuous batch runs. Or, geographically dispersed, securely networked printer-encoders can share one or more common or centrally-managed databases, ensuring redundancy if one unit malfunctions. A third option is to combine the two approaches using multiple geographically dispersed printer-encoder groups, which delivers the added benefit of site redundancy.
Make sure the secure issuance solution uses a single connection for all printing and encoding functions. Many printer-encoders feature one interface for the printer functionality and second for the smart card encoder functionality inside the box. This requires multiple cables and workstations, and can be difficult to manage. The optimal approach is to remotely manage all printing and encoding functions within the solution via a single-wire Ethernet connection, for easier installation and management.
Other key printer-encoder selection criteria include system reliability and performance, as well as operational convenience and system scalability. To optimise the versatility and flexibility of distributed card issuance systems, it is important that field-upgradeable modules are available to meet current or future specialised credential needs.
As EMV grows in adoption, financial institutions must deploy instant issuance solutions that combine security with convenience, operational efficiency and reliability. Key solution ingredients include re-transfer technology to support EMV’s multi-dimensional card validation elements, multi-layered security management to protect issuance system integrity, and a distributed model that combines the reliability and credentialing features of centralised printer-encoders with the low cost and small footprint of desktop units featuring single-wire connectivity.
