Credit and debit cards are changing – as are the processes for issuing them. In an effort to increase security and expand the ways cards can be used, Mastercard and Visa jointly developed the EMV standard for chip-based payment cards. They can be thought of as containing a system-on-a-card that protects cardholder data, payment credentials and card-based applications – making it virtually impossible to extract information and create counterfeit cards, which is one of the greatest sources of fraud with traditional magnetic stripe cards. When the card is presented at a POS terminal or ATM and a PIN is entered, both card and cardholder can be securely authenticated and transactions approved.
Beyond EMV cards, issuers and personalisation bureaus will confront a broader set of questions – how will payment credentials be handled in the future and where will they reside? In a card? Or on platforms that the issuer doesn’t necessarily control, such as a customer’s mobile phone or a cloud-based application? And as the provisioning of payments credentials becomes more dynamic and potentially aggregated and federated in the form of wallets, who will be responsible for security and where will liability ultimately lie? As credentialing and payments processes evolve, card issuers must evolve nimble processes if they are to continue to profit from this increasingly interconnected ecosystem.