There’s More to a Card Than Meets the Eye

Simple, secure instant issuance is possible

While consumers demand instantly issued cards, and bank staff want and need simplicity, it’s up to IT to ensure a highly secure solution. On the following pages, you’ll see how meeting everyone’s needs is possible when it comes to issuing ready-to-use, fully activated, totally customizable debit cards. Entrust also highlight the three things that create one total (and secure) instant card issuance solution: hardware, software, and services.

But first, what qualifies Entrust as your trusted adviser on all things instant financial issuance? For starters, Entrust is the foremost leader in this space. They pioneered the instant card issuance solution, and we continue to innovate through solution design that keeps you and your cardholders moving forward fearlessly.

Instant card issuance and the cardholder experience

Give customers what they want (new or replacement card) when they want it (now).

As securing data is critically important for financial services firms, security is often chosen over the customer or member experience. But that’s beginning to change – with in-branch issuance that provides cardholders the freedom to walk into a branch and, within minutes, walk out with a ready-to-use, fully activated debit card.

The technology for instant card issuance has existed for some time, but security improvements are making the technology more attractive to financial institutions wary of accepting the risk inherent in legacy systems and on-premises hosting.

Entrust is designing new solutions with enhanced security, like critical security technologies such as trusted platform modules (TPM) and secure boot start-up processes that better protect the end-to-end solution.

These technologies satisfy financial firms’ security requirements while causing no negative impact on the branch or cardholder experience.

Defining a secure payment card

• The card should match or be similar in look and feel to centrally issued cards.

• Instant activation is essential.

• Touchless issuance options are highly valued.

• Offering a variety of card designs meets cardholders’ diverse needs.

Providing improved hardware security for instant card issuance

Some financial institutions have gone without offering instant card issuance to customers because of hardware security concerns. However, in the last several years the tools for securing hardware physically and logically have improved by leaps and bounds.

The Entrust solution integrates proactive protection from the instant the system is turned on. Secure boot processes ensure the system has not been subject to a malware intrusion. trusted platform module, which is an international standard for a secure cryptoprocessor, securely encrypts all sensitive data that the system handles.

Protecting instant card issuance services with comprehensive software security

To pick the right provider you must evaluate the total instant issuance solution. Entrust is one of few providers that deliberately designs and builds to an integrated solution, which is more secure and easier to maintain.

Choose a vendor whose solution is built to work with your existing IT stack. Having to conform to the requirements of the provider is often harder on branch operators and end-users.

Next, ensure that the most important individual technologies or components of a secure solution are in place.

  • A hardware security module (HSM) safeguards and manages digital keys, performs encryption and decryption functions for digital signatures, enables trusted authentication, and serves as the cryptographic engine to all communication to and from the issuance device. A cloud-hosted solution would manage the HSM on your behalf; for on-premises deployments, the HSM would be installed in the issuer’s data centre.
  • Trusted Endpoint (TEP) technology ensures that the cloud services to support card issuance are communicating with a device verified to be secure and is not propagating malware either upstream or downstream.
  • Key management systems (KMSs) provide comprehensive protection and security in the key delivery and use process.

Securing the issuance platform requires the ability to holistically manage all aspects of the deployment, ensuring necessary security tools are in place and working effectively.

Comprehensive services create seamless instant issuance operations

Whatever instant financial issuance solution you select must be easy for your branch staff to use. If the process for instant issuance is problematic, frustrating, and unreliable, the negative impact on branch staff and cardholders will be substantial. Therefore, best-in-class services are essential.

When devices fail, it’s inconvenient for customers and branch staff. Your IFI partner’s process for maintenance and service must be fast and simple. They should also take care of supplies management so that supplies are available and securely managed.

Remember, bank and credit union employees are not IT, cybersecurity, or device management experts. They are experts in building meaningful relationships with your customers or members. The company that builds your IFI solution is best suited to keep it running. A partner invested in a large and well-trained staff shows a serious commitment to service.

 

Article Credit – https://www.entrust.com/-/media/documentation/ebook/instant-financial-issuance-security-eb.pdf