Author: Xavier Larduinat

In our Digital First blog series we have extolled the virtues of a Modern Card Program, and why they’re such an important part of any digital first banking offering. As well as the challenges of building such a program. In the final part of our series – we’re focusing on perhaps the challenge that this all hinges on… the mobile banking app! 

Challenge #3: The complexity of delivering a modern mobile banking app 

When a banking app is designed well, it’s simple. Simple to navigate and use; whether that’s to order a card, manage it or use it to pay at-stores and online. 

We are all familiar with the “Physical first, digital later” model for payment cards – when ordering an EMV payment card would take days to arrive via a paper application or a trip to the bank branch. Only when in possession of such physical cards, could cardholders on-board those details into their digital wallet, such as Apple Pay, to pay at-stores using NFC tap-to-pay, or in-app merchants applications accepting such payments. 

Digital first, physical later

The future is the other way around, Digital first, physical later. Cardholders receive a new virtual card in their mobile app in a matter of seconds, which can then be pushed into digital wallets.  Cardholders can also order the physical version of their virtual card. The banking app can also let the user: set new card parameters; spending limits per card; temporarily suspend the card for online purchases; foreign expenses etc. Everything is under the control of the user, right from the screen of his/her smartphone. 

However, for developers the modern bank app is a tremendous challenge far beyond a modern mobile front-end. Where does the complexity reside? Among many words to answer, one comes out strongly: orchestration.  

Banking mobile apps are the tip of the iceberg for developers launching a modern card issuance platform.  Below sea level are huge and complex infrastructure systems that need to be orchestrated to support real time services delivered via the mobile app.  We call this IT infrastructure the card issuing stack, integrating multiple front-end and back-end systems that control the cardholder’s cards life cycle, accounts and transactions, claims and settlements. 

However, it’s not just as simple as developing a normal mobile app. A card creation request requires multiple core banking infrastructure systems that have not been designed for real time. All data exchanges are sensitive and must be secure under PCI DSS rules. To do so, a massive amount of data must be orchestrated to ultimately deliver the experience the customer wants.   

Thales D1 picks the challenges and solves them for developers 

To deliver a Modern Card Program, a modern card issuing platform need to be deployed, integrating core banking legacy systems (account management, transactions management, claims and settlement among multiple component) with modern, new and cloud-based component to deliver real-time issuance, a modern mobile and web UX and PCI DSS compliance. 

Developers could choose a hard route using a handful of partners with thousands of system level APIs, managing all the orchestration of the card issuing stack internally, as well as all regulations rules.  With Thales D1, we offer to manage all orchestration and compliance challenges via unified SDK, with simple APIs that are use-case ready in a template design approach.  The net result is time and pain savings, and significant cost reductions. 

No card issuer should focus on re-inventing what Thales D1 will bring them “out-of-the box”.  Instead, issuers should focus on launching new services to their cardholders. Thales takes care behind the scene to build those services and operate them flawlessly. All in record times and cost effectively 

Want to know more?

Read our latest articles here:

The post Deploying a Modern Card Program – Mobile Banking App appeared first on Cybersecurity Insiders.

In the first part of this blog series, we looked at the importance of Modern Card Programs.  People expect real-time, simple yet secure services to order, manage and use payments cards at-stores and online. They expect to be in control via their smartphones; using a modern banking application as fintechs and neo banks demonstrated as the new normal for mobile banking apps. The challenge is now for traditional banks to be as modern and agile as neo banks user experience-wise. In this part we’ll continue to look at the challenges of delivering a Modern Card Program by modernizing the card issuing platform, and how these challenges can be overcome by Thales D1 with tangible benefits for developers. 

Managing payments in real time

When using a mobile banking app, real-time, mobile centricity, simplicity and maximum security are the expected standard. When it comes to card management and digital payments, customers now expect to be able to; track orders, set up alerts and spending limits, temporarily suspend and re-activate cards, pay via instalments and many more services. The application becomes a service marketplace operating in real-time. It empowers cardholders to manage everything from their smartphone – giving them even more control over their finances. All of these services are mobile and web centric, creating new challenges for developers who need not only to develop a brand new mobile front-end, but also orchestrate the entire card issuing stack with legacy systems and modern components.  

For developers, the complexity comes from both the repetition of tasks (for example: tokenization using APIs for each payment scheme), but also the need to orchestrate multiple front-end and back-end systems from the core banking infrastructure managing accounts, transactions, authorizations, risk management, and many more structural elements participating to the user’s payment experiences . Let’s not forget the regulatory constraints that come with it; PCI DSS (Payment Card Industry Data Security Standard) and GDPR (Global Data Privacy Regulation) just to name a couple.  

Card issuing platform

Adding new digital payment services into an existing card issuing stack can rapidly turn into a very complex engineering challenge; for both time and cost. Challenger banks, such as Monzo or Revolut, have set the standard for modern User Experience. They have built their card issuing stacks from ground zero, the task for them was simpler than for existing banks with legacy systems to integrated into a modern infrastructure.  

Thales D1

Thales D1 brings UX-level APIs with use cases insights and global orchestration templates that save time and costs for developers compared with the use of thousands of system level APIs provided by a handful of technology partners with no orchestration support.  

Beyond APIs and unified SDKs, Thales D1 manages the connectivity with Payment Networks to facilitate the deployment of Digital Cards, but also the deployment of innovative payments services such as 3DS, Alerts & Controls, Click-to-Pay and Pay-by-Instalments. 

The question is no longer about the need to modernize card programs. All issuers know that the demand for the modern mobile UX is unstoppable.  The question is now only how to deliver it efficiently.  It’s a complex IT project because of the mix of legacy systems and modern components. Thales D1 makes it as easy as possible and that simplicity can be summarized in 4 key words:   Simple API , better orchestration of the infrastructure, managed connectivity with payment networks and compliance-by-design.  

Want to know more?

Read our latest articles here:

The post Deploying a Modern Card Program – Card Issuing Platform appeared first on Cybersecurity Insiders.

In our Digital First blog series we have extolled the virtues of a Modern Card Program, and why they’re such an important part of any digital first banking offering. As well as the challenges of building such a program. In the final part of our series – we’re focusing on perhaps the challenge that this all hinges on… the mobile banking app! 

Challenge #3: The complexity of delivering a modern mobile banking app 

When a banking app is designed well, it’s simple. Simple to navigate and use; whether that’s to order a card, manage it or use it to pay at-stores and online. 

We are all familiar with the “Physical first, digital later” model for payment cards – when ordering an EMV payment card would take days to arrive via a paper application or a trip to the bank branch. Only when in possession of such physical cards, could cardholders on-board those details into their digital wallet, such as Apple Pay, to pay at-stores using NFC tap-to-pay, or in-app merchants applications accepting such payments. 

Digital first, physical later

The future is the other way around, Digital first, physical later. Cardholders receive a new virtual card in their mobile app in a matter of seconds, which can then be pushed into digital wallets.  Cardholders can also order the physical version of their virtual card. The banking app can also let the user: set new card parameters; spending limits per card; temporarily suspend the card for online purchases; foreign expenses etc. Everything is under the control of the user, right from the screen of his/her smartphone. 

However, for developers the modern bank app is a tremendous challenge far beyond a modern mobile front-end. Where does the complexity reside? Among many words to answer, one comes out strongly: orchestration.  

Banking mobile apps are the tip of the iceberg for developers launching a modern card issuance platform.  Below sea level are huge and complex infrastructure systems that need to be orchestrated to support real time services delivered via the mobile app.  We call this IT infrastructure the card issuing stack, integrating multiple front-end and back-end systems that control the cardholder’s cards life cycle, accounts and transactions, claims and settlements. 

However, it’s not just as simple as developing a normal mobile app. A card creation request requires multiple core banking infrastructure systems that have not been designed for real time. All data exchanges are sensitive and must be secure under PCI DSS rules. To do so, a massive amount of data must be orchestrated to ultimately deliver the experience the customer wants.   

Thales D1 picks the challenges and solves them for developers 

To deliver a Modern Card Program, a modern card issuing platform need to be deployed, integrating core banking legacy systems (account management, transactions management, claims and settlement among multiple component) with modern, new and cloud-based component to deliver real-time issuance, a modern mobile and web UX and PCI DSS compliance. 

Developers could choose a hard route using a handful of partners with thousands of system level APIs, managing all the orchestration of the card issuing stack internally, as well as all regulations rules.  With Thales D1, we offer to manage all orchestration and compliance challenges via unified SDK, with simple APIs that are use-case ready in a template design approach.  The net result is time and pain savings, and significant cost reductions. 

No card issuer should focus on re-inventing what Thales D1 will bring them “out-of-the box”.  Instead, issuers should focus on launching new services to their cardholders. Thales takes care behind the scene to build those services and operate them flawlessly. All in record times and cost effectively 

Want to know more?

Read our latest articles here:

The post Deploying a Modern Card Program – Mobile Banking App appeared first on Cybersecurity Insiders.

The banking industry has undergone a huge transformation in recent years and continues to transform as we head into the realm of real-time, digital first (and physical later) banking and payment. Characterized by the need to do things more cost-effectively, sustainably, faster, and with user experience at its core – modern card program strategies are revolutionizing the sector and embracing these changes will be vital for a bank’s survival.  

To set some context, here is just a short recap of the challenges and changes currently facing the banking sector: 

Online branches growth in popularity:

Can you remember the last time you visited a bank branch in person? If not, then you’re not alone – under the lead of agile fintechs and neo banks, the capabilities of banking apps have improved so much that there are very few reasons for customers to visit in person. In fact a survey from KMPG found that one in five UK consumers haven’t visited a bank branch since before the Covid-19 pandemic – a trend we will likely see continue.  

Fintechs are challenging the status quo:

Recent years have seen digital-first challenger brands give consumers greater choice and flexibility – revolutionizing personal banking. Not burdened by decades of legacy tech to contend with – these brands have managed to quickly design products and solutions that have user experience solely front of mind, and traditional institutions are forced to do the same.  Real-time, quick services, simple yet secure is what is in the DNA of such neo stakeholders in the financial sector. 

Boom in contactless payments:

Recent data that shows that in 2020 the number of people in the UK who registered for mobile payments grew by three quarters to over 17 million. And in December 2021, contactless payments reached its highest recorded level, accounting for 69% of all debit card transactions, and 56% of all credit card transactions – a trend that is expected to continue to rise.  

A Modern Card program and strategy is about unifying and improving the customer’s banking and payment journey with real-time digital card issuance and complete control of all their payment credentials. This blog series will explore why a Modern Card Program is an essential part of this and will address the challenges of bringing it fruition.   

Challenge #1: Managing connectivity with payment schemes to successfully deploy EMV tokenization and associated card services   

The growing demand for mobile, user-centric services for card issuance is front of mind for all card issuers, processors, and wallet providers. As we’ve already discussed – the banking sector has been transformed – driven by customer expectation to be in control 24/7, via their smartphones or a modern web interface. People want to order their physical, digital or virtual card instantly, via their mobile app and/or the web, then use it to pay at stores and online.  Cardholders want to be in control of their card’s settings. These services are no longer a nice to have – but an expectation.  

However, when it comes to traditional banks that have been issuing EMV cards for years, the core banking infrastructure in place is often not optimized to support real time services, nor to deliver a rich mobile experience. Beyond tokenization for digital wallets, launching new services such as virtual card issuance and secure display, 3DS, Click-to-pay or pay-by-instalments can be extremely challenging.  

Card issuers can find plenty of technology partners to implement new mobile-centric card services. For digital card for instance, major Payment Schemes provide access to their EMV Tokenization services. However, beyond APIs, managing connectivity with such network services is a real project on its own.  Frequent API updates and rapid innovation rollouts require a very close relationship with payment networks: a relationship that goes beyond the usual scope of work for developers.  

Success for such modern card programs relies heavily on the deployment of modern card issuing platforms, implementing a brand new mobile and web front end but also orchestrating the entire core banking systems involved in the card issuing stack and the card life cycle management (systems managing accounts, transactions, claims and settlement, among many more). 

EMV tokenization alone represent the lion share of such modern card programs services and require deep use case knowledge that can only be acquired by developing a close relationship with the token service providers.  Thales D1 has a unique role of the EMV tokenization market with a preferred partnership with leading payment networks, removing the complexity for developer to re-invent uses cases from scratch, using system APIs with no orchestration across the card payment stack 

By somewhat “tokenizing their relationship” with token services, provided via Thales and the D1 platform, developers can focus on rolling out innovative services for their cardholders while Thales deliver the tool to execute development in record time and cost. 

Want to know more?

Read our latest articles here:

The post Deploying a Modern Card Program – Digital First Banking appeared first on Cybersecurity Insiders.

In the past decade, the banking sector has undergone a massive transformation – putting speed, security, environmental considerations and user experience at its core. This blog post will be looking at how Digital PIN – a modern way to set, deliver or recover an EMV Card PIN code – is part of the modern card program strategy   

The PIN Code as a Card Verification Method for EMV Payment Cards 

The 4 digit PIN Code is a technology that has come to be part of everyday life and was introduced as a Card Verification Method (CVM) in the EMV standard to perform user authentication.  

PIN code verification can be performed online or offline.  The EMV standards allows two additional forms of CVM:  signature and “nothing” for low-amount contactless payments. 

What is a Digital PIN vs Current EMV card PIN code as we know it? 

Currently, when a customer registers for a new EMV card, it will typically be shipped to them in the post. This will be followed by another letter containing the 4-digit pin number that’s been assigned to them.  

Digital PIN refers to a new “digital delivery and management” mechanism: instead of a PIN code being sent in the post, it is delivered via an app (or secure SMS) enabling customers to use their card with seconds of it arriving.  

This virtual PIN delivery looks set to replace paper mailing delivery.  Users can create their preferred 4 digit PIN code right from the app.  Later on they can recover their PIN code when lost, or change the current code for a new one. All these happen instantaneously and give the user more ‘real-time’ control than ever. But that’s not the only way users are gaining more control over their banking. 

Modern card issuance  

A new approach to the payment card lifecycle is becoming more common. It puts the user in control to order, manage and use banking cards, right from the bank’s mobile app 

The PIN code delivery method using a paper mailer was appropriate in a physical first, digital later era when getting a new card took a few days. Switching to a digital PIN delivery solution meets three crucial new trends: 

  • First, digital delivery is instantaneous and therefore more in-line with consumer expectations.  Cards can be activated and used right away, leading to higher transaction rates.  The customer controls both card issuance and PIN management 24/7 from their app. 
  • Second, digital delivery for the PIN code is more environmentally-friendly as it cuts the need for paper mailers.  Given the billions of EMV payment cards delivered worldwide every year, this is a significant environmental win as you can see in this Infographic. 
  • Third, as we move to the people are using more digital cards. The rise of digital wallets and online payments is changing the proportion of physical/digital cards that each individual cardholders uses every day and consequently the need for a digital PIN delivery.    

Mobile banking

This is part of the new, global card experience.  Fintechs have led the way and demonstrated the look and feel of modern mobile banking apps; now the entire market is following suit. Digital PIN delivery is no longer “nice to have”, but critical to the modern card user experience. 

As we are now heading into a digital first, physical later approach to payment credentials, Thales helps financial services players implement modern card programmes with the Thales D1 issuing platform.  This brings simple, UX level APIs that orchestrate the entire issuing stack. It manages both the mobile front end to implement features such as Digital PIN but also orchestrate all the core banking infrastructure to build the three following use cases:   

  1. Set a preferred PIN code 
  1. Securely display the PIN code in the app in accordance to PCI DSS regulations  
  1. Allow fast PIN code recovery in-app  

The bank mobile app is going through a revolution and Digital PIN is a visible part of it.   

Want to know more?

Read our latest articles here:

The post Digital PIN – The Next Step in Digital First Banking appeared first on Cybersecurity Insiders.

In the first part of this blog series, we looked at the importance of Modern Card Programs.  People expect real-time, simple yet secure services to order, manage and use payments cards at-stores and online. They expect to be in control via their smartphones; using a modern banking application as fintechs and neo banks demonstrated as the new normal for mobile banking apps. The challenge is now for traditional banks to be as modern and agile as neo banks user experience-wise. In this part we’ll continue to look at the challenges of delivering a Modern Card Program by modernizing the card issuing platform, and how these challenges can be overcome by Thales D1 with tangible benefits for developers. 

Managing payments in real time

When using a mobile banking app, real-time, mobile centricity, simplicity and maximum security are the expected standard. When it comes to card management and digital payments, customers now expect to be able to; track orders, set up alerts and spending limits, temporarily suspend and re-activate cards, pay via instalments and many more services. The application becomes a service marketplace operating in real-time. It empowers cardholders to manage everything from their smartphone – giving them even more control over their finances. All of these services are mobile and web centric, creating new challenges for developers who need not only to develop a brand new mobile front-end, but also orchestrate the entire card issuing stack with legacy systems and modern components.  

For developers, the complexity comes from both the repetition of tasks (for example: tokenization using APIs for each payment scheme), but also the need to orchestrate multiple front-end and back-end systems from the core banking infrastructure managing accounts, transactions, authorizations, risk management, and many more structural elements participating to the user’s payment experiences . Let’s not forget the regulatory constraints that come with it; PCI DSS (Payment Card Industry Data Security Standard) and GDPR (Global Data Privacy Regulation) just to name a couple.  

Card issuing platform

Adding new digital payment services into an existing card issuing stack can rapidly turn into a very complex engineering challenge; for both time and cost. Challenger banks, such as Monzo or Revolut, have set the standard for modern User Experience. They have built their card issuing stacks from ground zero, the task for them was simpler than for existing banks with legacy systems to integrated into a modern infrastructure.  

Thales D1

Thales D1 brings UX-level APIs with use cases insights and global orchestration templates that save time and costs for developers compared with the use of thousands of system level APIs provided by a handful of technology partners with no orchestration support.  

Beyond APIs and unified SDKs, Thales D1 manages the connectivity with Payment Networks to facilitate the deployment of Digital Cards, but also the deployment of innovative payments services such as 3DS, Alerts & Controls, Click-to-Pay and Pay-by-Instalments. 

The question is no longer about the need to modernize card programs. All issuers know that the demand for the modern mobile UX is unstoppable.  The question is now only how to deliver it efficiently.  It’s a complex IT project because of the mix of legacy systems and modern components. Thales D1 makes it as easy as possible and that simplicity can be summarized in 4 key words:   Simple API , better orchestration of the infrastructure, managed connectivity with payment networks and compliance-by-design.  

Want to know more?

Read our latest articles here:

The post Deploying a Modern Card Program – Card Issuing Platform appeared first on Cybersecurity Insiders.

The banking industry has undergone a huge transformation in recent years and continues to transform as we head into the realm of real-time, digital first (and physical later) banking and payment. Characterized by the need to do things more cost-effectively, sustainably, faster, and with user experience at its core – modern card program strategies are revolutionizing the sector and embracing these changes will be vital for a bank’s survival.  

To set some context, here is just a short recap of the challenges and changes currently facing the banking sector: 

Online branches growth in popularity:

Can you remember the last time you visited a bank branch in person? If not, then you’re not alone – under the lead of agile fintechs and neo banks, the capabilities of banking apps have improved so much that there are very few reasons for customers to visit in person. In fact a survey from KMPG found that one in five UK consumers haven’t visited a bank branch since before the Covid-19 pandemic – a trend we will likely see continue.  

Fintechs are challenging the status quo:

Recent years have seen digital-first challenger brands give consumers greater choice and flexibility – revolutionizing personal banking. Not burdened by decades of legacy tech to contend with – these brands have managed to quickly design products and solutions that have user experience solely front of mind, and traditional institutions are forced to do the same.  Real-time, quick services, simple yet secure is what is in the DNA of such neo stakeholders in the financial sector. 

Boom in contactless payments:

Recent data that shows that in 2020 the number of people in the UK who registered for mobile payments grew by three quarters to over 17 million. And in December 2021, contactless payments reached its highest recorded level, accounting for 69% of all debit card transactions, and 56% of all credit card transactions – a trend that is expected to continue to rise.  

A Modern Card program and strategy is about unifying and improving the customer’s banking and payment journey with real-time digital card issuance and complete control of all their payment credentials. This blog series will explore why a Modern Card Program is an essential part of this and will address the challenges of bringing it fruition.   

 

Challenge #1: Managing connectivity with payment schemes to successfully deploy EMV tokenization and associated card services   

The growing demand for mobile, user-centric services for card issuance is front of mind for all card issuers, processors, and wallet providers. As we’ve already discussed – the banking sector has been transformed – driven by customer expectation to be in control 24/7, via their smartphones or a modern web interface. People want to order their physical, digital or virtual card instantly, via their mobile app and/or the web, then use it to pay at stores and online.  Cardholders want to be in control of their card’s settings. These services are no longer a nice to have – but an expectation.  

However, when it comes to traditional banks that have been issuing EMV cards for years, the core banking infrastructure in place is often not optimized to support real time services, nor to deliver a rich mobile experience. Beyond tokenization for digital wallets, launching new services such as virtual card issuance and secure display, 3DS, Click-to-pay or pay-by-instalments can be extremely challenging.  

Card issuers can find plenty of technology partners to implement new mobile-centric card services. For digital card for instance, major Payment Schemes provide access to their EMV Tokenization services. However, beyond APIs, managing connectivity with such network services is a real project on its own.  Frequent API updates and rapid innovation rollouts require a very close relationship with payment networks: a relationship that goes beyond the usual scope of work for developers.  

Success for such modern card programs relies heavily on the deployment of modern card issuing platforms, implementing a brand new mobile and web front end but also orchestrating the entire core banking systems involved in the card issuing stack and the card life cycle management (systems managing accounts, transactions, claims and settlement, among many more). 

EMV tokenization alone represent the lion share of such modern card programs services and require deep use case knowledge that can only be acquired by developing a close relationship with the token service providers.  Thales D1 has a unique role of the EMV tokenization market with a preferred partnership with leading payment networks, removing the complexity for developer to re-invent uses cases from scratch, using system APIs with no orchestration across the card payment stack 

By somewhat “tokenizing their relationship” with token services, provided via Thales and the D1 platform, developers can focus on rolling out innovative services for their cardholders while Thales deliver the tool to execute development in record time and cost. 

The post Deploying a Modern Bank Card Program: Part One appeared first on Cybersecurity Insiders.

In the past decade, the banking sector has undergone a massive transformation – putting speed, security, environmental considerations and user experience at its core. This blog post will be looking at how Digital PIN – a modern way to set, deliver or recover an EMV Card PIN code – is part of the modern card program strategy   

The PIN Code as a Card Verification Method for EMV Payment Cards 

The 4 digit PIN Code is a technology that has come to be part of everyday life and was introduced as a Card Verification Method (CVM) in the EMV standard to perform user authentication.  

PIN code verification can be performed online or offline.  The EMV standards allows two additional forms of CVM:  signature and “nothing” for low-amount contactless payments. 

What is a Digital PIN vs Current EMV card PIN code as we know it? 

Currently, when a customer registers for a new EMV card, it will typically be shipped to them in the post. This will be followed by another letter containing the 4-digit pin number that’s been assigned to them.  

Digital PIN refers to a new “digital delivery and management” mechanism: instead of a PIN code being sent in the post, it is delivered via an app (or secure SMS) enabling customers to use their card with seconds of it arriving.  

This virtual PIN delivery looks set to replace paper mailing delivery.  Users can create their preferred 4 digit PIN code right from the app.  Later on they can recover their PIN code when lost, or change the current code for a new one. All these happen instantaneously and give the user more ‘real-time’ control than ever. But that’s not the only way users are gaining more control over their banking. 

Modern card issuance  

A new approach to the payment card lifecycle is becoming more common. It puts the user in control to order, manage and use banking cards, right from the bank’s mobile app 

The PIN code delivery method using a paper mailer was appropriate in a physical first, digital later era when getting a new card took a few days. Switching to a digital PIN delivery solution meets three crucial new trends: 

  • First, digital delivery is instantaneous and therefore more in-line with consumer expectations.  Cards can be activated and used right away, leading to higher transaction rates.  The customer controls both card issuance and PIN management 24/7 from their app. 
  • Second, digital delivery for the PIN code is more environmentally-friendly as it cuts the need for paper mailers.  Given the billions of EMV payment cards delivered worldwide every year, this is a significant environmental win as you can see in this Infographic. 
  • Third, as we move to the people are using more digital cards. The rise of digital wallets and online payments is changing the proportion of physical/digital cards that each individual cardholders uses every day and consequently the need for a digital PIN delivery.    

Mobile banking

This is part of the new, global card experience.  Fintechs have led the way and demonstrated the look and feel of modern mobile banking apps; now the entire market is following suit. Digital PIN delivery is no longer “nice to have”, but critical to the modern card user experience. 

As we are now heading into a digital first, physical later approach to payment credentials, Thales helps financial services players implement modern card programmes with the Thales D1 issuing platform.  This brings simple, UX level APIs that orchestrate the entire issuing stack. It manages both the mobile front end to implement features such as Digital PIN but also orchestrate all the core banking infrastructure to build the three following use cases:   

  1. Set a preferred PIN code 
  1. Securely display the PIN code in the app in accordance to PCI DSS regulations  
  1. Allow fast PIN code recovery in-app  

The bank mobile app is going through a revolution and Digital PIN is a visible part of it.   

The post Digital PIN – The Next Step in Digital First Banking appeared first on Cybersecurity Insiders.

In the first part of this blog series, we looked at the importance of Modern Card Programs.  People expect real-time, simple yet secure services to order, manage and use payments cards at-stores and online. They expect to be in control via their smartphones, using a modern banking application as fintechs and neo banks demonstrated as the new normal for mobile banking apps. The challenge is now for traditional regalian banks to be as modern and as agile as those neo banks user experience-wise 

In this part we’ll continue to look at the challenges of delivering a Modern Card Program by modernizing the card issuing platform, and how these challenges can be overcome by Thales D1 with tangible benefits for developers. 

When using a mobile banking app, real-time, mobile centricity, simplicity and maximum security are the expected standard. When it comes to card management and digital payments, customers now expect to be able to track orders, set up alerts and spending limits, temporarily suspend and re-activate cards, pay via instalments and many more services. The application becomes a service marketplace operating in real-time, empowering cardholders to manage everything from their smartphone – giving them even more control over their finances. All of these services are mobile and web centric, creating new challenges for developers who need not only to develop a brand new mobile front-end, but also orchestrate the entire card issuing stack with legacy systems and modern components.  

For developers, the complexity comes from both the repetition of tasks (for example: tokenization using APIs for each payment scheme), but also the need to orchestrate multiple front-end and back-end systems from the core banking infrastructure managing accounts, transactions, authorizations, risk management, and many more structural elements participating to the user’s payment experiences . Let’s not forget the regulatory constraints that come with it; PCI DSS (Payment Card Industry Data Security Standard) and GDPR (Global Data Privacy Regulation) just to name a couple.  

Adding new digital payment services into an existing card issuing stack can rapidly turn into a very complex engineering challenge – for both time and cost. Challenger banks, such as Monzo or Revolut, have set the standard for modern User Experience. They have built their card issuing stacks from ground zero, the task for them was simpler than for existing banks with legacy systems to integrated into a modern infrastructure.  

Thales D1 brings UX-level APIs with use cases insights and global orchestration templates that save time and costs for developers compared with the use of thousands of system level APIs provided by a handful of technology partners with no orchestration support.  

Beyond APIs and unified SDKs, Thales D1 manages the connectivity with Payment Networks to facilitate the deployment of Digital Cards, but also the deployment of innovative payments services such as 3DS, Alerts & Controls, Click-to-Pay and Pay-by-Instalments. 

The question is no longer about the need to modernize card programs. All issuers know that the demand for the modern mobile UX is unstoppable.  The question is now only how to deliver it efficiently.  It’s a complex IT project because of the mix of legacy systems and modern components. Thales D1 makes it as easy as possible and that simplicity can be summarized in 4 key words:   Simple API , better orchestration of the infrastructure, managed connectivity with payment networks and compliance-by-design.  

The post Deploying a Modern Bank Card Program: Part Two appeared first on Cybersecurity Insiders.

In the past decade, the banking sector has undergone a massive transformation – putting speed, security, environmental considerations and user experience at its core. This blog post will be looking at how Digital PIN – a modern way to set, deliver or recover an EMV Card PIN code – is part of the modern card program strategy   

The PIN Code as a Card Verification Method for EMV Payment Cards 

The 4 digit PIN Code is a technology that has come to be part of everyday life and was introduced as a Card Verification Method (CVM) in the EMV standard to perform user authentication.  

PIN code verification can be performed online or offline.  The EMV standards allows two additional forms of CVM:  signature and “nothing” for low-amount contactless payments. 

What is a Digital PIN vs Current EMV card PIN code as we know it? 

Currently, when a customer registers for a new EMV card, it will typically be shipped to them in the post. This will be followed by another letter containing the 4-digit pin number that’s been assigned to them.  

Digital PIN refers to a new “digital delivery and management” mechanism: instead of a PIN code being sent in the post, it is delivered via an app (or secure SMS) enabling customers to use their card with seconds of it arriving.  

This virtual PIN delivery looks set to replace paper mailing delivery.  Users can create their preferred 4 digit PIN code right from the app.  Later on they can recover their PIN code when lost, or change the current code for a new one. All these happen instantaneously and give the user more ‘real-time’ control than ever. But that’s not the only way users are gaining more control over their banking. 

Modern card issuance 

A new approach to the payment card lifecycle is becoming more common. It puts the user in control to order, manage and use banking cards, right from the bank’s mobile app 

The PIN code delivery method using a paper mailer was appropriate in a physical first, digital later era when getting a new card took a few days. Switching to a digital PIN delivery solution meets three crucial new trends: 

  • First, digital delivery is instantaneous and therefore more in-line with consumer expectations.  Cards can be activated and used right away, leading to higher transaction rates.  The customer controls both card issuance and PIN management 24/7 from their app. 
  • Second, digital delivery for the PIN code is more environmentally-friendly as it cuts the need for paper mailers.  Given the billions of EMV payment cards delivered worldwide every year, this is a significant environmental win as you can see in this Infographic. 
  • Third, as we move to the people are using more digital cards. The rise of digital wallets and online payments is changing the proportion of physical/digital cards that each individual cardholders uses every day and consequently the need for a digital PIN delivery.    

This is part of the new, global card experience.  Fintechs have led the way and demonstrated the look and feel of modern mobile banking apps, and now the entire market is following suit – Digital PIN delivery is no longer “nice to have”, but critical to the modern card user experience. 

As we are now heading into a digital first, physical later approach to payment credentials, Thales helps financial services players implement modern card programmes with the Thales D1 issuing platform.  This brings simple, UX level APIs that orchestrate the entire issuing stack. It manages both the mobile front end to implement features such as Digital PIN but also orchestrate all the core banking infrastructure to build the three following use cases:   

  1. Set a preferred PIN code 
  1. Securely display the PIN code in the app in accordance to PCI DSS regulations  
  1. Allow fast PIN code recovery in-app  

 

The bank mobile app is going through a revolution and Digital PIN is a visible part of it.   

The post Digital PINS – The Next Step in Digital First Banking appeared first on Cybersecurity Insiders.