In the last few years, the EMV payment card has become increasingly popular and familiar to us all. This is, in part, due to innovations such as contactless communications, different card bodies (such as metal or repurposed ocean plastic) and biometric fingerprint authentication. Today around 3 billion cards are issued every year and the total number of cards in use exceeds seven billion. For every 100 payments in store, 45 were made using a card in 2019, and that figure is expected to grow to 49 by 2023.
As a result of the EMV (Europay MasterCard Visa) standard, payment cards have achieved worldwide acceptance.
No matter where you go, no matter which issuing bank you have, you will be able to pay with your card, in store and online, as long as they are EMV compliant. The EMV standard has made efficient progress over time: they have introduced innovations without dropping older functionalities – which means greater acceptance and versatility for the end user.
Given the rise of the smartphone as the personal digital bank branch, it’s probable that we’re moving towards a future where cards and mobiles will coexist rather than compete. The first likely evolution could very well be the proliferation of ‘numberless cards.’
The case for removing numbers on banking cards
The printed cardholder name, the PAN (Personal Account Number), the card expiration date, and the CVV/CVK (Card Verification Value or Key) are used today to fill payment checkout forms on ecommerce websites. If all this data was available within the cardholder’s bank mobile app, it could be removed from the card body without truly changing the cardholder experience.
Besides the cardholder’s name that the standard mandates, all other data on cards can, in theory, be removed. Usually, the business motivation for the issuer is to make sure all online cardholder transactions are performed by that card are ‘top of wallet’. That is why nearly all cards come with the complete data set printed or embossed for old carbon copy credit cards machines – just in case some cardholders did not have access to the mobile app.
Combining card and mobile services
One solution for the issuer could be a digital copy of the card body information within the bank mobile app. In a very near future, mobile banking will become sufficiently widespread so that consumers know where to find the card data within the app.
Today banks can provide the PAN, expiration date and CVV of an issued card in the cardholder mobile app. According to the PCI DSS (Payment Card Industry Data Security Standard) rules, only the first five digits and the last four can be displayed. One possible method to cope with the PCI DSS rule is to allow all digits to be displayed in the app if the cardholder performs a strong (re)authentication on their mobile when the data display is requested. This new mobile app function allows the card to essentially be numberless, protecting the sensitive data in case the card is lost or stolen.
A seamless duo
Soon the acceptance of Mobile Banking and Mobile Payments will be so widespread that the printed security data on the EMV card body can be removed. We’re already seeing this today with high-end financial service providers who offer metal cards, where text and numbers are often removed for aesthetic reasons. The Apple Card for example is a duo Apple Wallet + Titanium card. The physical card has a minimum number of printed elements on the card body; the ISO dimensions and chip placement are of course standard, the magnetic stripe is present – especially since US merchants POS are not all yet 100% EMV ready . The cardholder’s name is laser-printed, and the scheme and the BIN sponsor logos are displayed. The result is a very elegant design with titanium as a material to express quality and excellence. The last four digits of the PAN are available within the mobile wallet.
With this pairing of mobile wallet and card, contactless payments in-store use Apple Pay, while online purchases use Apple Pay in-app and in-web wherever available. The Titanium card is used for in-store payments wherever Apple Pay NFC tap is not available yet, and the card data, available in the mobile wallet, is for online purchases wherever Apple Pay in-app and in-web are not available yet.
So, in effect, this combination of card and mobile wallet cover all transaction scenarios.
Taking a digital-first approach
Neobanks are already taking a digital first approach to new customer acquisitions. Within a few minutes of a new sign-up, they give the user a solution for in-store and online payments through the instant generation of a PAN and issuance of an EMV token for the newly created EMV wallet. This allows a virtual card to be delivered to the mobile app to allow the customer to start making online purchases straight away.
All such mobile-centric, user-managed and instantaneous services are known as ‘Digital First’ by leading payment schemes in the EMV ecosystem. Within this philosophy, physical and digital cards issuance is made seamless, as is the setting of certain parameters for cards such as the PIN, spending limits, temporary activation/de-activation and more.
The physical card requires an activation procedure upon receiving the card, meaning that it must get all the way to the genuine cardholder’s hands. This type of activation is simply not necessary for the digital issuance channel as the mobile app’s strong authentication enables instant issuance and availability of the digital cards.
Until now, the physical card issuance was a prerequisite for subsequent digital card issuance. Digital First creates a direct, instantaneous digital channel, independent from the physical card issuance process. The end result is a more seamless and secure user journey, higher rates of satisfaction for the customer, and a heavily reduced chance of the new user leaving the banking service shortly after joining.
The post ‘Numberless’ bank cards could be the future: here’s why appeared first on Cybersecurity Insiders.
September 02, 2021 at 09:10AM
0 comments:
Post a Comment