Overcoming the challenges of multi-technology cards
EMV financial cards of today are most often known as “dual-interface”; this is a misnomer in most instances. They are often in-fact, triple-interface: Mag Stripe, Contact Chip, and Contactless Chip. These multi-faceted cards provide additional security and data storage options, but present a challenge in personalization: synchronizing the data across 3 formats, simultaneously. There are two common methods of card PIN personalization, one which stores a PVV (PIN Verification Value) on the card, while the other stores it on a server operated by the relevant card issuer or ISO.
PIN-on-Host/WebPIN via a “lookup table” are methods of remote PIN personalization. However, this technology lacks the ability to dynamically encode the PVV. Instead, the PIN on the Mag Stripe/Chip becomes a comparison number on a lookup table, which translates as equivalent to the original encoded card PIN. Essentially, the encrypted PIN on the Mag Stripe, and some instances the chip will never change, once it has left the card manufacturer floor. Unfortunately, this method must rely on the dependence on the integrity of worldwide network data connections for the PINPad to deliver/verify that the PIN comparison is genuine. The PIN verify must call its issuer main host’s origin for verification wherever your cardholder is transacting in the world.
PIN(PVV)-on-Card is the world’s most well known and frequent method of PIN personalization which also transacts EMV/Chip cards. With PIN-on-Card systems, it is possible for a bank to simultaneously write the personalization data (i.e. encrypted PVV) to all 3 interfaces on an EMV card. It also delivers these changes for your customer at the bank branch immediately. This method typically has one-time implementation costs, as opposed to most PIN-on-Hosts’ charge per card issue/network charge models. This is similar and an expansion to what most banks current systems will be doing now. Verifying an active PVV from the card is commonly recognized as the fastest worldwide PIN verification method. This method is not subject to round the world communication timeouts (i.e. similar to a 404 internet timeout/ATM denial of service). It also can PIN verify via Worldwide Regional Scheme Authentication centers most issuers are already using (i.e. Plus, Cirrus, etc.). Local and Regional PIN Verification centers are most important for your traveling cardholders ability. Lost card or forgotten PIN customer re-issuance typically takes place within the banks branch re-issuance security for immediate Card and PIN replacement. Most bank instant-issue card personalization solutions today also utilize this method for immediate bank card replacement in-branch.
PIN Verification & International Real-Time Communication
Data connection integrity will continue to be a growing development for improvement, as pressure on telecommunication volumes accelerates. International traveler’s accounts for most banks are their highest daily-spend volume customers, far from the comfort of local support helpdesks. It is easy to find experienced worldwide traveler’s today with 2 or more cards they “now” intentionally always carry and use to maximize positive verification experiences. We are frequently told that it is a very unpleasant experience to get an ATM denial of service message with one card, but not with the other, often attributed to some form of time-out/disconnection during initial PIN verification. Clients, often explain further, they tend to use the card which provides the best experience, and this is the one card used for the rest of their trip. Obviously, a bank wants to be sure their brand issued card is the chosen one.
MillenTech CTI Group have been specialist’s in PINNing solutions for over 20 years, with deployments worldwide. Millentech is a Session Sponsor at our upcoming Cards & Payments 2015 exhibition taking place from 22 – 23 April 2015 at Suntec Convention Centre in Singapore. Find out more about Cards & Payments Asia 2015.