EMV and Payment Card Issuance:
Hardware security and comprehensive key management underpin the issuance process for payment cards and the personalization of applications on mobile devices. A summary of the role of Thales HSMs in the card issuance and mobile provisioning ecosystem can be found below.
Click image to see full ecosystem
Credit and debit cards are changing—and so are the processes for issuing them. In an effort to increase security and expand the ways cards can be used, Mastercard, and Visa jointly developed the EMV standard for chip-based payment cards. These cards bring a dramatic increase in security and functionality. They can be thought of as containing a system-on-a-card that protects cardholder data, payment credentials and card based applications—making it virtually impossible to extract information and create counterfeit cards, which is one of the greatest sources of fraud with traditional magnetic stripe cards. When the card is presented at a POS terminal or ATM machine and a PIN is entered, both card and cardholder can be securely authenticated and transactions approved. The adoption of EMV cards is almost complete in certain parts of Europe and is well underway in most other regions of the world. The US is still lagging behind but with new deadlines rapidly approaching, U.S. card issuers are finally facing up to the challenge and rolling out these new cards.
But beyond EMV cards, issuers and personalization bureaus will confront a broader set of questions—how will payment credentials be handled in the future, and where will they reside? In a card? Or on platforms that the issuer doesn’t necessarily control, such as a customer’s mobile phone or a cloud-based application? And as the provisioning of payments credentials becomes more dynamic and potentially aggregated and federated in the form of wallets, who will be responsible for security and where will liability ultimately lie? As credentialing and payments processes evolve, card issuers must evolve nimble processes if they are to continue to profit from this increasingly interconnected ecosystem.
Today’s card issuers are challenged to:
- Ensure that card issuing processes, whether performed internally or outsourced, are secure, flexible, and compliant with industry mandates.
- Adapt to the more computationally intensive requirements for issuing EMV-based cards, credentials and applications.
- Revoke payment credentials and applications appropriately when they are bound to consumer devices such as smartphones or other forms of token rather than expendable plastic cards.
- Develop processes that can scale to meet growing demand and that handle the diversity of payment vehicles that will emerge.
- Build new business relationships or even create whole new business models to address the needs of a broader ecosystem.
Risks Associated with EMV and Payment Card Issuance
- Adapting too slowly to new standards such as EMV and markets such as mobile can hurt your competitive position.
- Customer and account information can be stolen if card issuing processes are not secure.
- Payment credentials and applications that are not properly revoked increase the risk of fraud.
- Inadequate conformance to compliance obligations can result in fines and reputational risk, damaging your position in an increasingly competitive market.
- Processes that are inflexible or overreliance on legacy systems could create operational silos that drive up costs and business risk.
EMV and Payment Card Solutions: Thales e-Security Solutions
Products and services from Thales e-Security can help you ensure safe, compliant card issuing processes as you strive to navigate ongoing evolution, and in some cases revolution, within today’s payment card industry. With Thales products in place, you will be better prepared to take full advantage of emerging opportunities. Combining proven products with deep expertise and experience in payment card and application issuance, payments-related regulations, and the full range of data protection challenges, Thales can help you execute the transition to EMV cards, expansion of EMV-based applications, and adoption of other payment vehicles while maintaining a high assurance infrastructure that is fully compliant with industry mandates and standards of due care.
- Minimize deployment risk by taking advantage of Thales’ unequaled track record and market-leading support for EMV standards.
- Accelerate deployments; Thales products offer proven integration and certification with products and solutions from leading commercial card issuance, personalization, and credential management vendors.
- Stay flexible and reduce costs by selecting the performance levels and system capabilities that fit your needs today and then evolving your issuing infrastructure as your needs change over time.
- Support your broader compliance goals by integrating payment issuance within a broader data protection and compliance context.