As the U.S. payments industry continues its transition to EMV chip-card technology for credit and debit payments, card issuers can continue to enable instant issuance at a large number of branch offices and other locations by taking several steps to ensure a multilayered approach for card validation and overall issuance system management that ensures optimal security.
As the move to EMV continues, financial institutions will need card personalization technologies that combine the high-volume reliability and advanced credentialing features of larger centralized printers with the lower cost and smaller footprint required for an instant-issuance, distributed printing model.
Multilayered card validation is ensured through both two- and three-dimensional personalization elements. Two-dimensional elements including standard-resolution photos as well as more secure high-resolution photos, holographic card over-laminates and laser-engraved attributes.
The third security dimension is storing all payment information in a secure chip. All cryptographically secure personalization must be performed using issuer-specific keys, so that it is virtually impossible to create a counterfeit card that can be used to successfully conduct an EMV payment transaction.
One of the challenges of EMV card technology is how to employ multilayered personalization techniques on cards with embedded electronics. High definition printing, or HDP, retransfer technology solves this problem by printing images to a special film that is then fused smoothly onto the card, sealing the image under the film for increased durability and fraud protection.
HDP technology produces crisp, high-definition, continuous-tone images on technology cards made from a variety of materials, without the fear of misprints from irregularities or abnormalities on or below the cards surface. HDP technology also allows images to be printed on one or both sides and over the card edge, and offers high print quality with vibrant colors and sharp text and graphics that replicate the look of preprinted cards. It can be used to produce cards carrying a contact chip, or contactless cards with an embedded antenna.
Another critical requirement to onsite card issuance is protecting the integrity of the overall issuance system. This is done through a multilayered security approach. First, use mechanical locks on printers and hoppers to limit access by unauthorized users, and place physical locks on all access points to protect consumables such as ribbon and film. Second, employ personal identification numbers to control operator access to each printer and ensure that print job data packets meet or exceed advanced encryption standards.
Finally, ensure automatic elimination of personal data on used print ribbon panels, and/or employ printers with integrated sensors that only permit the use of custom print ribbons and holographic card over-laminates in authorized printers.
Financial institutions dont have to sacrifice the benefits of centralized printers in order to adopt a distributed issuance model. Todays ruggedized desktop printer/encoder units can be pooled to handle large-volume, centralized card runs, or deployed individually for on-the-spot card issuance at branch offices. Institutions can also use both printing approaches throughout the branch network and scale volume capabilities up or down when needed.
Choose high-duty-cycle printing systems that decrease operational and service costs and maximize credential output with any combination of physical, electronic or visual personalization. Multiple printer/encoder units can be networked at a single location to produce moderate to increasingly larger volumes in continuous batch runs.
Or, geographically dispersed, securely networked printer/encoders can share one or more common or centrally-managed databases, ensuring redundancy if one unit malfunctions. A third option is to combine the two approaches using multiple geographically dispersed printer/encoder groups, which delivers the added benefit of site redundancy.
Make sure the secure issuance system uses a single connection for all printing and encoding functions. Many printer/encoder technologies feature one interface for the printer functionality and second for the smart card encoder functionality inside the box. This requires multiple cables and workstations, and can be difficult to manage. The optimal approach is to remotely manage all printing and encoding functions within the system via a single-wire Ethernet connection, for easier installation and management.
Other key printer/encoder selection criteria include system reliability and performance, as well as operational convenience and system scalability. To optimize the versatility and flexibility of distributed card issuance systems, it is important that field-upgradeable modules are available to meet current or future specialized credential needs.
As EMV technology grows in adoption, financial institutions must deploy instant issuance systems that combine security with convenience, operational efficiency and reliability. Key ingredients include retransfer technology to support EMVs multidimensional card validation elements, multilayered security management to protect issuance system integrity and a distributed model that combines the reliability and advanced credentialing features of centralized printer/encoder systems with the low cost and small footprint of desktop units featuring single-wire connectivity capabilities.
Craig Sandness is the vice president of product marketing for secure issuance at HID Global.