We Keep Talking About It, When Will We Solve For Identity in the Digital Space

This morning I read an article in the Financial Times The real story behind push payments fraud.  What is disturbing, the acceptance of fraud and the focus of bankers on adding fees (like Interchange) to help cover the cost of fraud.  This article speaks to Push Payments and how liability shifts from the merchant back to the Issuer and ultimately the consumer.  It makes reference to Pull Payments and the use of debit cards where the fraud liability, unless online, is the merchants’.

To address card payment fraud in the physical world the payment schemes developed EMV.  In the digital or eCommerce realm everyone accepted allowing the merchants to not attempt to authenticate the cardholder and simply ask the consumer to provide openly available data {cardholder name, PAN the account number, expiry date, and address details}; if they, the merchant, would accept liability for any fraud.

As the world moves to embrace “Faster Payments” and Real-Time Gross Settlement ‘RTGS’, instead of focusing on assuring the identity of the sender and the recipient; we assume fraud will occur.

Why not focus on solving the problem?  Solving for Digital Identity solves for Card Not Present fraud, RTGS fraud, Faster Payment fraud, and so much more.

 

 

Where are we

Today.

How many passwords are you trying to manage!  Does your LinkedIn contact list connecting you to more than  4,000 individuals?  Does Facebook, Instagram, and other social media websites inundating you with news and stories about your friends, colleagues and interesting people?

How many cookies have your computers accumulated?  How many databases have more information about you than they need?  If we search the dark web, how valuable is your data?

Cando seeks to help you manage your data, identity, assets, and relationships.

Philip lives on Sea Island with his 93-year-old father, the Doctor.  They pursue travel and Philip keeps his head into what is happening in financial services, blockchain, authentication, digital identity, and, whatever else people seeking to understand the transformation; particularly those in the identity and payments space.

What is happening means we can unlock our hotel rooms, cars, and homes from our phones. Our security system iwill be another app we have to find on our phone.

Instead, we need an intuitive assistant seeking to simplify our lives by taking on repetitive tasks like driving, working inside a data table or simply opening up the house for the season.

Normalizing data and performing the analysis capable of earning value is the name of the game.  Management is about stimulating a team to work in the mutual interest of the organization.  Executives define the strategy and articulate the vision in a manner conducive to success.

Cando seeks to help you manage your assets and relationships.  Assets those places and things you use doing your daily life and those interactions you have with people and entities seeking to serve, sell and partner with you.

Then there are friends who we expect to be part of our lives and therefore have privileges and access capabilities.

All of this with a target of selling integration services to the top million and simply assuring each person has an identity thus serving the bottom billion.  ultimately earning $1 per year per user to simply be there when it all breaks and you wish to restore your digital life.

At the core, your digital security will be based on the use of cryptography and sophisticated matching algorithms designed to assure anyone that you are that one individual in the populatations of the universe.

What You possess, What You Are, What You Claim … Your Certificates

NCCOE NIST Multi-Factor Authentication

What you Possess — The Thing

What you Are — You

Your Relationships

Responsibilities

Authority

Advice

— Secrets

My Certificates

 

 

 

 

 

 

 

 

Seven Words

World Wide Web Consortium

FIDO Alliance

Global Platform

The Trusted Computing Group

Future interests

  • Artificial Intelligence
  • Machine Learning
  • Nature Language Interface
  • Predictive Analytics

Review of the IMF The rise of Digital Money

While reading the recent document produced by the IMF I am compelled to wonder.

What is the difference between what they call Bank Deposits and e-money.  My first question, ignoring the words bank deposit.  Both are electronic accounts of value, recorded in someone’s ledger.  These two diagrams extracted from a BIS paper offer a perspective.  

They then speak to four attributed to the “means of payment”

  1. The Type, be it a claim or an object.
  2. The value, be it fixed or variable.
  3. If it is a claim who is liable?
  4. The technology, be it centralized or decentralized


They then speak to the five ‘Means of payment”.

Object-Based

  1. Central Bank Money (cash)
  2. Crypto-currency (non-Bank Issued)

As we think of the evolution of these object-based means of payment, we need to reflect on a new term “Central Bank Digital Currency” CBDC.

As a historian, I then wonder where things like Digi-cash and Mondex fit into the classification.  The value was originated and then distributed into a personal and secure storage device (Wallet).  Redemption or better said the guarantee, was provided by a party.  Maybe not a bank or the central bank, yet, easily embraced by such an institution.  Somehow history seems to lose sight of the origins of money and assumes the existence of a central bank.  Here in the USA, the formation of a Central bank was one of many areas of political discourse.

Claim-Based

  1. b-money (Bank issued)
  2. e-money (Privately issued)
  3. i-money (Investment funds)

The magic word behind all of these discussions is “Liquidity”.  The bottom line does the receiver of the money appreciate the value of the unit of measure and is the receiver confident they will be able to convert that money into another form, of their preference

 

 

Blockchain made simple

Let’s start at the beginning, the transaction, the distributed ledger entry. Think about the content of the transaction as the payload. Next think of the payload as the land deed, cryptocurrency value, record of ownership, journal entry, smart contract … marriage contract.  Whatever two or more people seek to exchange and record. Another way to think about all of this is as a block of data, code or other digital representation of something duplicated in every participant’s copy of the current ledger.

A governance model is required

What is essential, before anyone can do anything.

The parties seeking to exploit a distributed ledger must define how it will work.

It is what the community or parties seek to represent and manage, using distributed ledger technology, agree.

The whole process of defining the payload begins when the community agrees to and sets off to publish the processes, procedures, rules, functions, and purpose of their application. It is this act of governance we use to define how and what will be conveyed in the payload to be stored and recorded on a blockchain. Which blockchain, protocol, and cryptographic processes; obviously is a decision of the community.

We should be clear before we can do anything with the payload.  Ourselves and ultimately others will have initially and subsequently defined the mechanics and processes designed to assure the integrity of the blockchain, itself.

A Transaction is appended to the chain

There are two parties to each event recorded within these transactions. The agreed events, transactions and smart contracts are ultimately included in a block and properly extended onto the chain for everyone to see and read.  More about Confidentiality in another post.

Once governance is established
People can now interact

Each party has an address and then addresses unique to each asset e.g. coin. The address, in most cases, is simply an asymmetric cryptographic public key.

    • The individual, as is always the case with cryptography, has their own private key(s); they must retain, never lose and keep secret.

When the two parties decide to record an event; the sale or transfer of the title to a car.

    • A formal record of a property, a transaction, ledger entry is created.
    • The basic data.
      • The seller’s public key
      • the buyers public key
      • the payload
      • a hash
      • the signature created by the seller using their private key.

The transactions are broadcast to the network. The nodes or miners continuously work to assemble a defined number of transactions and create the next block.

The chain’s role is to record the providence of an asset and the immutability of all the associated transactions.

These records and blocks of data include content: of, by and following the rules of the consensus process.

    • Each active node or miner is attempting to create the next block.
    • The mathematics involved and the use of hashes to bind this new block to the existing blocks in the chain is beyond the scope of this blog.
    • Let us simply assume the mathematicians and cryptographers define as part of the original design of each chain an infallible solution to the issues of economics, security, integrity, and immutability.
    • These specifications will define the hash game and how one adds the next block to the chain retaining the immutability of the present and the past

By being the first to calculate the cryptographic nonce

The winner receives a reward.

    • Hopefully proportional to the cost of work or other discernable and agreed method of reward.
    • The other active nodes then test to see if they agree the first got it right.
    • If consensus is reached the new block is appended to the chain.
    • This all assumes 51% or more of the miners or nodes reach consensus on the winner’s answer.  And no one can control 51% or anything closer than 33%.

Around and around the game continues, as transactions are added and immutably recorded on the chain.

This whole process fundamentally assures history cannot be altered.

Chains split and fun things happen

If the process is not elegantly managed in full sight of all the participants.

Going Cashless

For some twenty plus years, I can remember hearing people speak of the dream of an economy without coin and paper money.  A dream, driven by the desire to promote the use of electronic payments.

Over the last months, a number of articles focus on promoting the idea of a cashless society.  They all speak to the advantages and attempt to promote the concept, arguing we can:

  • Eliminate the concern of thugs insisting at gunpoint for the cash
  • Reduce the risk of employee theft
  • Stop paying people to count all those dirty coins
  • Remove the need for an expensive safes
  • Stop paying to have a specialist truck take the money to the bank
  • Eliminate the grey market

The business case for a merchant to eliminate cash seems to be beneficial.   Many have tried and succeeded to no longer accept cash.

At the same time articles report on the new regulations; various cities and states are implementing and considering.  These regulations are intent on outlawing merchants from going cashless.  The argument often focuses on how eliminating cash disadvantage the underbanked.

Then there is a reality! As a consumer, I recently have been surprised at the need to carry cash and the unsettling pleasure of finding out I still had cash in my leather wallet.

The first wake up to this reality took place while driving from St Simons, GA to the Orlando International Airport. In the trusting hands of Google Maps, I traveled down I-95, across I-4 and was directed to the FL-417. Suddenly a road sign informed me that I was on one of the various Florida toll roads.  Above my head was a road sign indicating which lane, based on my preferred method of payment, to move into. Driving a car that was not mine and knowing it did not possess a PeachPass, my only option was cash.

Fortunately, I had cash and was able to continue my journey.

The following Friday my father and I went to The Lodge to play Sniff, a dominoes game. The game was competitive and cash was the only method to settle. With a bit of cash in my pocket, I was able to pay the few dollars I lost.

One Saturday a street vendor in front of the local Harris Teeter was selling spare ribs. When I went to pay they informed me, they only accepted cash. Once again I was fortunate, I had enough cash and was able to buy those delicious ribs for dinner.

On various Sundays, when the collection plate came around, I’ve had a check or a bit of cash and was able to leave my tithing.

On a number of occasions, the valet, tour guide or other service individual deserved a tip and I’ve had a few dollars in my wallet.

Two more events brought the reality of how society does not want cash to disappear.

One morning, I wanted to enjoy a pastry. Not having $2.75 to pay for the Danish, Sweet Mama’s, a local baker, charged me $0.50, an eighteen percent surcharge, simply to use a credit card

Finally, yesterday as a guest for lunch at the local Rotary Club, I was confronted with a series of cash only events. This time I did not have any cash and was not in a position to contribute to various worthy causes.

We dream of a cashless society. Yet churches, valets, toll booths, street vendors and the Rotary all continue to desire or require cash. Some are not even willing to accept anything but cash.

Looking at our society from two different angles, we must accept the continuing need for cash.  Be it the underbanked, unable to acquire a credit or debit card; or those who carry many credit cards, both need to use cash simply to eat or enjoy life.

Later today I will have to visit the ATM and make sure I have a bit of cash in my wallet.

 

https://www.paymentssource.com/news/target-outages-show-the-failings-of-cash-as-backup

Cash is King especially when the battery dies or the power goes off

Digital payments are growing, but consumers aren’t ready to abandon real money

Cash is king let us never forget it. Cash has always been the primary form of payment.  It was until very recently accepted everywhere.  Most likely will once again be accepted everywhere especially given the need to make sure we do not disenfranchise the unbanked and underbanked will remain the default form of payment

This said, what always amazes me is how so many authors forget Apple Pay, Google Pay and the other NFC based mobile phone based payment solutions are simply another device capable of carrying your debit and / or credit card credentials.

What many of these authors are starting to  remember is how much it costs a merchant to accept these alternate forms of payment.  I wonder when they will also begin to appreciate how many if not all of these alternate forms of payment only work when the power is on.  Our always on society assumes power never goes off.  We dream of everything in our mobile phone and forget when we last could not use our phone because the battery was empty.  Or the store clerk who could read your card because the power went down.

This is one of the redemining facts about cash.  Cash exists without power and can be used whenever.

Are we in Need of Faster Payments – a question of speed and instant gratification

When I started to read this article, https://www.pymnts.com/news/b2b-payments/2019/wespay-corporate-faster-payment-adoption/ , my first thought, why would anyone in accounts payable want to pay a bill sooner than it is due.  Clearly someone in accounts receivable, the CFO and the treasurer, is in need of a strong cash position.  Therefore  therefore, wants to bring cash in as fast as possible.  This classic struggle between the buyer (accounts receivable) and the seller (accounts payable) begs the question – Who gains from faster payments and who loses?

Clearly the financial institutions are stuck in the middle.

    • On one side their clients want moneys to flow into their accounts, oh so fast.
    • While on the other hand those same companies would prefer moneys moved out of their accounts at a snail’s pace.

If the competition offers the service, then, the financial institution simply must decide if faster Payments creates a competitive disadvantage.
The question is not if – it is when.

Do we the consumer care?  Today we have credit and debit cards which allow us to pace the movement of money.  In the case of debit – today.  In the case of Credit – some number of days after we get the bill.  We can set up autopay facilities for those every month payments.  We can schedule money transfers to occur on the day we desire.

From a business and technical perspective the movement of funds immediately upon instruction, makes good sense.  We the receiver are assured those funds are good funds.  We the sender know the moneys have been sent and received.  Therefore, whatever subsequent result can be expected, now!

365/7/24 seems to be what instant gratification is all about.  We want everything now and have lost the excitement of expectation.

All this said, there are risks we must consider when deciding to employ faster payments.  There is no recourse.  Once the moneys have been authorized the moneys are in the hands of the party you transferred them to.  Only if they so desire, will you be able to recover from a mistake.

Worse still, if someone is able to assume your identity then an even greater risk exists.  The funds are gone. The party receiving them will have no interest in addressing your lose.

Therefore Strong Authentication is the essential requirement.

 

Smart Cards with Fingerprint Scanners

Over the last couple of years the reality of fingerprint cards is a hot topic in conversation, white papers and press articles.  It led me to think about the challenges and opportunities associated with this intriguing convergence of technologies.

My purpose is not to determine which solution is best or which companies are developing and selling them.  My goal is simply to explore.

The first consideration begins when the card is constructed.  Here we must ask the mechanical question relative to how the electronics are integrated into the strata of an ID-1 card.  This then begs the question of making sure this new card conforms to the specifications dictated by Payment, Networks, Governments or other bodies who define the use of these branded cards.  If we continue to think about the card manufacturing process we need to think about electronics and the use of heat in the typical lamination process or the inclusion of metallic materials used to create a particular look.  One needs to think about the method of connecting the various internal components to the other electronic elements  as the fingerprint scanner, antenna(s)m LEDs, batteries, the EMV chip or contact plate on the face of the card.

The second set of concerns must be related to the personalization of the card.  First question is where will it be personalized? in a branch or within a bureau?  How will it be personalized? With a thermal printer, laser engraver or embossing machine?  Will any of the  personalization processes adversely affect the electronic?. Similarly it will be appropriate to confirm whether any of the various card transport mechanisms will disrupt or damage the sensor and related electronics.

At some point in the processes the consumer must register their fingerprint and the resulting template must be instantiated into the card.  How will this be done?  Some speak of an in branch process.  Others talk about some type of first time cardholder activation process performed when they receive the card in the mail.

Clearly there are a lot more questions the issuer, card manufacturer and personalization provider need to address.  Let alone the method of making sure the cardholder knows how to use the card at the point of sale or ATM

The key question is the cost of the card, is it worth it?

Where are we going

Each morning I read trade articles on Blockchain, Faster Payments, Mobile Wallets, Authentication, Identity and other alerts & subjects of interest. Each day the writers leave me thinking about the future of society, howbwe will address cyber security, what we can do to funally eliminate fraud and which solutions will help us to mitigate risk. These then drives concern about where we will end up, as we drive to define effective means of identity and authentication, capable of supporting the individual desire for convenience and gratification.

Facial recognition deployed to speed up entry and exit to and from countries and through airports are here. The surveillance state is emerging at alarming speed. These same cabilities could potentially deliver a safer environment. Which will it be?

Physical and behavioral biometrics many feel should become the primary means of authentication. Yet, false acceptance and more importantly false rejection will result in inconvenience some expect the consumer to tolerate while other remember friction typically ends up with the consumer abandoning the journey.

The cost of payments, the escalating concern of the retail sector, remund us thatnpayments are sourcesnof revenue for some and friction for others.

Identity theft and the ability to create synthetic identifies are the fears of many. Consumers whose identity is stolen struggle to regain their standing.

In the end all we seek is:

  • Pay for something
  • Identify ourselves
  • Protect our hard earned money
  • Live a safe and productive life
  • Be assured you are you and not someone else

A world between yeaterday and tomorrow

The week of March 25, 2019 I had the opportunity to visit with a room full of community banks with assets in the 100 million to billion range. Organization with 25 to maybe 300 staff.

The presentations taught me more about the difference between what large International Organizations worry about and what these small community banks need to learn. Faster Payments, Zelle, same day ACH all new services these organizations must integrate into their organization, both technically and procedurally.

Things I have been exposed to are new challenges for these small town banks.

Words like liquidity risk clearly top of mind. Yet, as we move from over night settlement to real time settlement.

Phone fraud, risk mitigation all greater challenges not necessarily appreciated yet alone understood.

In the end what is clear these community banks exist because of the small towns they understand and work within. Do those of us exposed to a larger world understand what drives these communities banks, at least not I.

Account TakeOver should be the Bankers concern

FASTER PAYMENTS, FASTER FRAUDSTERS

Another article published by PYMNTS.COM causes me to reflect on a discussion I had last we at the Payment Summit organized by the Secure Technology Alliance.  When the US Faster Payments work groups where stood up on e of the working groups focuses on security, yet no particular drive exists to protect the consumer of the corporate treasure from their account being hacked into by some phishing, vishing or other criminal act.  Account takeover will become a much more interesting attack vector.  Moneys will irrevocably flow out of the hacked account and to whatever account the criminal so directs them.

Key word real time gross settlement and faster payments depend on the irrefutability of the funds.  once executed they instantaneously transfer to the receiving party.  What is required is a concerted effort to implement strong multi-factor authentication, at least at the time the transaction is authorized by the sending party.  Some will say the risk is no greater than what exists today when a consumer or treasurer executes a Wire Transfer or any form of transfer between two financial institutions.  This maybe true.  the availability and assumed convenience will as the article described lead to heightened risk.

As I have written in other blogs we need to embrace strong Multi-Factor Authentication.  The standards exist, the security of the device in many case is present.  Relaying parties need to decide security is worth the investment.  They need to recognize the value of  satisfying the consumers’ need to have access to their funds properly protected.

Multi-Factor Authentication – Faster Payments and the Immutability of a Transaction

Distributed Ledger and Things

As I sat to write, I was drawn to the Wikipedia’ Bitcoin article. As I read the story of how it all happened memories and concerns once again flowed through the neurons of my mind. Silk Road and their involvement and the evolution of the value of a Bitcoin, struck me as a magical mystery tour through a world of mathematicians, anarchists, profiteers and speculators.

I then remember reading

an element of a report from the Bank of International Settlement on crypto currency. The picture above is intriguing for those of us who appreciate the complexity of payments. The article gets ever so intriguing when one continues to read and finds this interesting illustration of

the difference between what we all are familiar with and what those who understand DLT and Bitcoin appreciate. The central focus of this new technology is to address one and only one concern. Trust in the intermediary.

I must admit this particular article is not the one I originally intended to speak to. I do though recommend reading it.

The article I had intended to reflect on is Central Bank Cryptocurrencies. In this document they speak to the possibility of the banks issuing a stablecoin. The recent announcement of JPMorgan Chase is one example of such.

This then causes me to reflect on the various use cases and conversations with people about the potential of DLT. I wonder why, at least here in the USA with our judicial and regulatory framework and the rule of law; we would seek to replace the existing intermediaries with a permissionless distributed ledger and the associated consensus mechanisms of a public ledger. There is enormous and growing cost in consensus built on “Proof of Work” and massive duplication of the ledger or as most call it the chain. Be it the electrical cost, the cost of a data center or the specialized computers necessary. The people and companies, the nodes and miners, will expect a reward for their effort.

Which is cheaper, if a reasonable level of trust exists?

Where are we going from here

This is the question. There are those that believe Block-chain and all of the other distributed ledger technologies are the answer to everything. I would suggest one much consider:

    • The level of trust the various parties have in each other.
    • The cost of multiple copies of the distributed ledger.
    • The cost of the consensus mechanism versus a trusted intermediary.
    • The governance required to maintain security, software and specifications.
    • The value and ethical issues of anonymity.

This then begs the question of a permissioned or a permissionless ledger. Which then begs the question of governance and who is responsible to establish the rules.

It is clear there is value in the idea of a distributed ledger. I would suggest caution in deciding if it makes sense for your use case.

      • What are the goals and objectives of the solution?
      • What are the economics of the various approaches?
      • Who are the stakeholders?
      • Who determines the rules and manages change?
      • Can the participants trust an intermediary?
      • Does everyone fear what another could do?

Helping you to understand the answers to these questions is what we do.

Multi-Factor Authentication – Faster Payments and the Immutability of a Transaction

Karen Webster
CEO, Market Platform Dynamics
President, PYMNTS.com

Karen,

Last week in your publication I read the article Deep Dive: Security In The Time Of Faster Payments and I had to offer the following thoughts:

The concept of Multi-Factor Authentication is based on the idea of layering multiple authentication techniques on top of each other.

We typically speak of three factors “What You Have”, “What You Know” and “What You Are”.

When we think of “What You Have” we think of a “Thing”.  An object that cannot be replicated or cannot be counterfeited.

An object “a secure computer” that can be upgraded and made more secure as threats like Quantum emerge.
A unique object with a False Reject Rate FRR and a False Accept Rate FAR approaching zero.

In the physical world “the thing” is a card or passport.  You will remember our first discussion, we came to agree the “secure computer” embedded inside provides a future proof mechanism.  In the digital world, we depend on Cryptography.  This Thing, inside our computers, mobile phones and other technologies; many refer to as a ROE “Restricted Operating Environment”.  Technology people may call it a Secure Element, a SIM, an eSIM, a TPM, a TEE, an eUICC or even Security in Chip.  Companies like ARM specialize in creating the design of these things and silicon manufacturers embrace and license their designs.

Today these connected devices (be they: personal computers, identity & payment cards, FOBs, mobiles phones, bracelets, watches and hopefully every IoT device) need to be secured.  This array of cheap ~$1 security circuitry provides a place to create and/or store private keys & secrets keys, perform cryptographic functions and assure the integrity of the BIOS and software being loaded or currently running in these computers.

Think Bitcoin for a second.  The key to its architecture is the Private Key associated with your store of coins.  Lose it and they are lost.  Many people store these in hardware, based on the use of a ROE.

The second factor is all about proving that you are present.  Behavior, location, PIN, fingerprint or passwords are second or even third factors, be they something you know or something you are.

This is what FIDO and what WebAuthN is all about.  Especially since they introducing the security certification regime. This is what the Apple Secure Enclave is and Samsung and others embed into their devices.  This is what we put into payment cards, government identity cards and the Yubico keys we see various enterprises embracing.  This is what Bill Gates started talking about in 2002.  BILL GATES: TRUSTWORTHY COMPUTING

As we move to Faster Payments we must move to Secure payments.  Immutability and irrefutably become key requirements.  To achieve this goal I suggest we need to understand one fundamental security principle.

The First Factor
is Something(s) You Have
My Thing(s)

The Second and Third factors
Prove You Are Present

Storing Biometrics in the Cloud
Creates a Honey Pot
And, begs questions of Privacy

Let me identify myself to My Thing.

Then let My Thing
Authentication my presence to
The Relying Party (Bank or Credit Union)

Disruption or the Reality of Legacy

Often times people speak of disruption as this traumatic thing being imposed upon them, their industry or society. Yet, if we look under the covers disruption more than likely is all about a competitor, not locked into a legacy approach, approaching the market with different tools.

The world of payments, as so many others, have implemented technology then gone on to enhance or update multiple times. Each time, someone or some group of people, had to adapt therefore invest to keep up. More often than not, a community would decide to hold on to what they built, sometime ago, hoping no one tried to disrupt the status quo.

With payment the need to embrace more effective approaches parallels the robustness and frequency of transactions. It also parallels the desire of sellers to do business with anonymous buyers. A lack of trust and a need to reduce the amount of cash we carry drove, markets to promissory notes. These promissory notes further evolved, as trusted intermediaries entered the market and created more efficient methods of providing that guarantee of payment.

Not wanting to duplicate what is already written about the history of money and payments we can jump forward through the paper phase to where we are in North America: Cash, cards, some checks and electronic debits & credits.

If we look inside the evolution of legacy.  We find what we have, is a stumbling block, holding innovation back.  We need to decide to adapt what exists or remove and replace.

Dual Interface Construction

When we think about the migration to contactless or Dual Interface cards it is important to have a general understanding of what goes into creating the card and the constraints one has to think about, as they work with their marketing teams to design these cards.

The design of a payment card involves assembling multiple of PVC into a sandwich that will be bonded and then punched out to form the card body.

  • On the face of the card: a clear laminate to protect the surface
  • On the back a clear laminate with the magnetic stripe affixed to it

In the middle two printed sheets

  • The front
  • The back

In the middle of the card body, your manufacturer will need to insert an antenna.   The antenna is typically provided to the card manufacturer as an inlay, as seen on the left.  The inlay is a sheet of plastic with the copper antenna, sometimes aluminum embedded within.  The card manufacture will add this inlay into the middle of sandwich.

On the right is an example of a six layer card construction including one element as an example, a metal foil.  This has been included given it has an impact on the effectiveness of the radio signal.  More about this a little later.  Using pressure and heat, the layers of the sandwich are bonded together in a process called lamination.  The bonded sandwich is then run through a series of additional processes designed to create an ID-1 card as specified in the ISO 7810 specifications supplemented by the additional payment network requires, such as the signature panel and the hologram.

After quality inspection the next step is to mill and embedded chip into the card body and simultaneously assure a connection between the contacts on the back of the chip and the antenna.  There are various means of connecting the chip to the antenna.  These different methodologies for connecting the chip to the antenna is a specific skill and is the responsibility of your card manufacturer.  Look to your manufacturers to propose, construct and certify your card to your requirements and employing their unique processes, techniques and technologies.

One thing you will need to be aware of is how the use of the antenna affects the certification process.  It is important to understand that the combination of ink, materials and methods of construct means; each construction will need to go through a unique certification.  This need for certification is a result of the use of radio frequency to communicate between the card and the terminal.  Think of your cell phone when your inside a big building or within an elevator and how the conversation maybe disrupted.  It is this possibility of the radio signal to be disruption based on the materials employed and the method of construction.

When metal elements like metallic foils and layers are used in card construction, the challenge increases.  Eddy currents are emitted by the metal and will interfere with the level of power and quality of communications emanated by the antenna and radio in the POS  received by the antenna and the computer in the card.

So far we have spoken only of the hardware.  The chip in the card is a computer and needs an operating environment, application and data in-order to function.  The introduction of the contactless interface alters the operating environment, the payment applications and the data which is loaded into the card.  All of this impacts the card manufacturing and card personalization process.

 

Will the US truly embrace dual interface cards or is our phone the future

When the US decided to migrate to EMV, it took the safe course

When it was time to migrate to EMV here in the USA, both issuers and acquirers focused on addressing the market and the required technology, one step at a time.  They recognized the confusion created by the Durbin Amendment, the reality of the competitive US debit market, the complexity of the merchant environment and the legacy infrastructure underneath the American card payment system.  Unfortunately unlike in other parts of the world the American merchants tended to migration to  EMV in the following order credit & debit, Common AID, contactless (MSD mode), Mobile Pays and finally contactless (EMV mode).  This journey is still a long way from complete with less than 25% of the terminal base contactless enabled, let alone in EMV contactless mode.

The larger and most invested merchants also worried about the impact of sharing data with the likes of Amazon, Google and Apple.  The “honor all card” rule is also the “honor all wallet” requirement.  Wal-Mart, Target and Home Depot were clear, they did not intend to expose the NFC antenna to the various NFC Mobile Wallets.  Instead they are implementing solutions, post MCX, based on their mobile apps using QR codes and often times enabled to support frictionless payment.

We are now looking at the second wave of card issuance and Issuers are wondering what merchants will finally do about enabling contactless.    As the Issuers prepare to issue their cardholders with their second EMV enabled card they must also think about the future of the card in the context of the future of mobile payments.

Are the payment credentials carried in the mobile wallet the companion of the card
o
r
Is the card the companion (fallback) for the payment credential carried in mobile wallet / device

Or
Are we on a journey to a new paradigm

Where facial recognition, loyalty, geolocation
Enabled by the always connected devices

We surround ourselves with
Help merchants to focus on
the shopping experience

And
Turn the Payment into

A frictionless “thank you”

 

What Happens When the Lights Go Out

Since 1984, when I was told I needed to carry this mobile phone with me, there has been that nagging issue of needing to make sure it had enough life to get me to the next charge point.  My first phone was luck if it could last a half a day so they gave me two, one was always being charged while the other hung on my shoulder.  In 1993 while working on the development of the EMV Specifications we focused on the ability to authorize a transaction when the Point of Sale POS device was unwilling or unable to reach the issuer.  In 2013 I listened to Visa representatives explain how 100% of all payment transactions could be executed online.  Then I ponder getting a Tesla Model 3 and learn it is only capable of traveling a maximum of 310 miles, it make me wonder; how do I finish the last 19 miles to my fathers home.

Today, I was reading an article emanating from the Money 2020 event when IDEMIA spoke of the idea of the mobile drivers license and that nagging feeling emerged.  What happens when the power goes off after the hurricane hit and someone asks me for my drivers license.  Its locked securely inside my dead mobile phone.  I then saw that their competitor Gemalto and even NIST are working on this concept of the mDL.

We live in a world where electricity is becoming as essential as water and food.  Yet, we hear of power outages that last weeks and even months.

It is like with Mobile Payments, if the phone is dead and in order to pay it must, then what?  The card remains the essential element of a successful payment transaction.

I dream of the day when I can merge my leather wallet and my mobile device into one.  Yet, I appreciate there are technical challenges like the need for electricity.  Until we lead with these technical challenges and not simply the dream.  Exciting concepts and ideas will go where so many have gone before.