Card Payments are a rare example of a process operating on a truly global scale with common practices and procedures. No-one now thinks twice about using a credit or debit card, or a charge or pre-paid card for any type of domestic or international payment, and as the world becomes more connected and international travel – for business, pleasure, work or even migration becomes more widespread, the ubiquity of the card payment process is a critical enabler for this.

The fact that card payments operate seamlessly throughout the world is due to the relationships that exist between the various actors who participate in the card issuing, acceptance and transacting processes – these can be visualized as a 'five-box model' comprising card issuer (often a bank), cardholder, merchant, acquirer (also often a bank) and network, which is commonly provided by a payment scheme that sets the rules under which the model operates.
This model is illustrated below:

five box model.jpg

The clockwise arrows in the diagram show the flow of a physical or virtual card transaction, initiated by the cardholder at a merchant and flowing through the acquirer and network back to the issuer, where it is applied to the cardholder's account. The flow of funds or value is exactly the reverse – the cardholder receives goods or services from the merchant, the acquirer pays the merchant, the network pays the acquirer, the issuer pays the network and the cardholder pays the issuer.

To enable these processes to happen, each player has a set of responsibilities;  for card issuers these include:

  • card issuance
  • transaction authorization
  • PIN management.

Card Issuance

Issuing a payment card to a customer starts with establishing an account of some sort – a regular bank account, a dedicated credit card account or even a virtual account against which an anonymous pre-paid card could be issued. Then comes the creation of a physical and/or virtual payment token in the form of a card, online wallet or mobile payment app. In each case, the information that will be used to enable the flows described above must be generated, the card or token is created and supplied to the cardholder, and in most cases, the lifecycle of that card or token must be managed. With most of the world now adhering to the EMV global chip card standard, a significant amount of card and security data must be generated for injection into the chip at card personalization time.

Transaction Authorization

When cardholders transact at merchants, most often an authorization request is generated and sent via the acquirer and network to the issuer for processing in real-time. The EMV card and the issuer authorization system work together using advanced cryptographic techniques to verify the identity of the card and cardholder, and the integrity of the transaction data. Only if these checks are successful, and the cardholder has sufficient available funds, is the request approved.

ePIN Management

In today's digitally-connected world, where online and mobile banking is rapidly replacing postal and face-to-face communication between banks and their customers, the old fashioned paper PIN mailer is an anachronism. Customers now expect to select their PIN when requesting a card, to be able to change it online or at an ATM, and to receive notifications or a PIN reminder (even though a self-selected PIN is far less likely to be forgotten) over digital channels, and to achieve all this instantly.

Aconite Technology for Card Management

Aconite Technology is highly experienced in providing payments solutions for card issuers that cover all the areas described above. We have been operating in this field since the first introduction of EMV cards in the UK in the 1990s, and we have helped many large and small financial institutions move to EMV card issuing and to enhance their systems to maximize the benefits available from EMV and ePIN management. We would be pleased to tell you about how we can help you implement a cost-effective, low risk card management system. Please contact us to find out more.