by Dave Tushie, Magellan Consulting, Inc., ICMA Standards and Technical Representative

At the ICMA EXPO in 2022, I was struck by the number of presentations related to the idea of bridging physical cards in the digital world.  One idea in particular was related to assuring that the card had a form of “fingerprint,” or “watermark,” placed during manufacturing to provide card authenticity.  However, what occurred to me most, was the idea that personalization could also be included in this type of implementation, depending on the level of security desired.  So, a broader theme could have been “how can we use the resources of mobile devices to assist in both card and cardholder authentication”?

Some of the more recent developments in card technology entail the introduction of biometric elements, like fingerprint and face print, to provide stronger cardholder (and/or device) authentication.  Naturally, this is also a new personalization element since such biometrics are unique to the cardholder.  However, because of privacy issues, most Issuers of such cards so equipped are not interested in populating and maintaining a database of cardholder biometrics.  (And, many cardholders are resistant with a requirement for such a centralized registry of their biometrics, due to privacy concerns.)  Consequently, the conventional manner of completely personalizing such a card from a central personalization bureau is not reasonably feasible.  The biometric feature will have to be enrolled on the card, where its secure memory element will hold the biometric only on the card itself after the cardholder has received it.  This is a new process where the cardholder will be actively involved in finalizing the card personalization.

Similarly, new physical card features can be envisioned which will embrace digital capabilities that allow for a new kind of personalization experience for the cardholder.  One of those features seen most recently, particularly in Asia, is the use of a QR code on the card that couples with the Issuers mobile app to unlock a set of digital account services for the cardholder.  In the above referenced technology, the concept of using a “holographic fingerprint” (watermark or authenticity certificate) unique to the card coupled with the QR code could unlock a secure mobile account on a mobile device.  While the concept presented at the EXPO was one of introducing this security element in the card manufacturing process, it certainly would be possible to alternatively add this feature under a secure patch laminate in the personalization process.  This would allow the holographic fingerprint to be identified specifically to a personalized card and hence, specific cardholder for a higher level of security.

There are also other forms of embedded security elements (watermarks) beyond holographic fingerprints.  Generally, holograms are optically variable devices (OVD) that can be identified specifically to a personalized card and hence, specific cardholder for a higher level of security.  MagnePrint is another form of watermark based on the unique physical characteristics of the magnetic elements in a magnetic stripe.  These properties can be captured and quantified during the personalization process, unique to that card.  Other card watermark technologies such as holomagnetics, optical taggants and specialized security inks are all possibilities for incorporation into combining card authenticity with a specific card account.  Even a relatively simple OCR printed security code tied to a specific account number (i.e. a hash of the account number using an Issuer master key) could be captured with a QR code on a mobile device app.  The central concept is that the mobile device app must be able to capture and read this authenticity certificate with the QR code.

And some new digital capabilities themselves can offer customized personalization.  Consider that a debit card attached to a digital wallet could enable the cardholder to use a one-time password/PIN per transaction.  This capability can be enabled by the integration of a physical card with a digital wallet app.  Cardholders could pay and convert with multiple currencies.  And monitor activity on the card with the mobile app.  All of these functionalities, and more, are well known in the industry and can be made more “sticky” with the physical card/digital mobile integration.

In the non-secure business, unlocking digital features with these same kinds of elements is also possible.  Digital rights management with cards issued for applications like movies and gaming can be enabled.  Scanning the QR code with the holographic fingerprint can unlock rights for streaming and/or download of such digital content in a user friendly yet media supplier secure manner.

In gift/prepaid cards, consumers are looking for seamless, omni-channel payments as they do with financial payment cards and mobile wallets.  They would like to enable the same with gift/prepaid cards, essentially creating a better experience for both the purchaser and recipient of the gift card.  Some of the more innovative ideas I have heard include the tokenization of account numbers, much like has been done in financial transaction cards, and the downloading and emailing of gift cards, both physical and digital.  To purchase and have personalized, physical cards delivered that have a message from the purchaser before opening the gift card and a thank you message which is delivered to the purchaser from the recipient after first use of the card.  The gift card, with an authenticity certificate and personalized QR code allows such messages to be delivered via text message, audio message, and/or video message, all viewed on the mobile device after scanning the QR code on the card.

Another area very new in the digital world is that of non-fungible tokens (NFT) utilizing blockchain technology developed for crypto wallets.  These wallets allow users to acquire, redeem and exchange crypto currencies from a secure wallet app on their digital device.  So far, the primary implementations for NFT’s outside crypto currencies have been in digital art and collectibles, most notably sports memorabilia.  In these kinds of applications, NFT’s provide the authenticity certificate for such goods.  This may be an area of interest for non-secure manufacturers to integrate physical cards with digital NFT’s.  It will require familiarity with blockchain technology and cryptographic key processes, but such knowledge can be provided by third party service providers if you don’t have it resident in your current operations.

Clearly, there is traction gaining on the integration (bridging) of physical cards and digital capabilities.  Some of this is due to introduction of features that are only achievable with a digital platform.  Other drivers are related to a seamless and familiar interface to users comfortable with and preference for digital devices at the center of their daily activities.  These changes will drive new possibilities for customized personalization that enhance these features unlocked by the physical card.