Financial institutions are considering new services that add convenience and flexibility to the lives of customers visiting their branches. Given that the purpose of many of these visits is to open a new account or address a lost or stolen card, producing credit, debit and other payment cards from within a branch—a concept called instant issuance—can make these moments easier and more satisfying.
Careful investigation of hardware and software investments is necessary to deploy instant issuance solutions. One major decision is the deployment method—whether to build an instant issuance solution in-house or select a solution delivered as a service managed by a third party (via software as a service or SaaS).
Chief among the considerations for this decision is price. As one guide, outlined in this book are five potential cost centers for instant issuance to be evaluated during the decision making process. It is clear based on this evaluation that a SaaS-based instant issuance solution provides many cost advantages
Cost Advantage 1: The HSM
Arguably the most important part of an instant issuance solution is the hardware security module (HSM), which performs the security-critical cryptographic calculations involved in card production.
It should be no surprise that the deployment of the HSM is one of the most significant—and costliest— components of an internal instant issuance solution.
EMV® conversion adds further security and cost considerations for those managing in-house instant issuance and a related HSM, as the new chip technology may require updates or enhancements to a deployed HSM, including software or hardware changes. Additionally, an HSM needs to be maintained by, at the very least, installing firmware updates or critical security updates.
SaaS-based instant issuance solutions manage the encryption of cardholder data for the issuer. The financial institution does not need to deploy an HSM.
Cost Advantage 2: Graphics
The physical design and graphical look of cards produced by an instant issuance solution obviously must match those produced centrally.
Given that financial institutions do not change their card designs often, many do not maintain in-house graphics teams. Developing a matching image for the instant issuance solution can therefore be costly.
With SaaS-based instant issuance solutions, the design process is a service offered by the SaaS provider. In addition, certain instant issuance services are provided by companies that also manage the central issuer process for the customer. In those instances, the card graphic files are on file and can be used for the instant issuance process.
Cost Advantage 3: IT support
Financial institutions deploying an in-house instant issuance solution need a competent IT team to manage and maintain the servers, printers and related infrastructure. In addition to standard IT upkeep, such as server patch management and hardware support, the deployment of new features or changes to the instant issuance process requires extensive testing.
Making changes to the system takes time, and the system must go offline while enhancements are made and during the testing following their implementation.
In addition, as one could expect, the printer that produces the payment cards is not the same as any other printer in an enterprise environment and requires a different skill set for regular maintenance. With internal instant issuance solutions, a printer can easily be the weakest link. Software patches require regular installation, and significant hardware fixes or upgrades necessitate printer disassembly. Generally speaking, basic printer maintenance, such as printer cleaning, is required for every 1000 cards produced.
With SaaS-based solutions, the customer owns the printer and the printer maintenance costs. However, the SaaS partner can be a trusted advisor regarding regular maintenance and for more serious concerns—in certain situations the provider might even send a replacement printer.
By definition, a SaaS-based solution manages the instant issuance process all the way to the printer—without involvement from the customer—and the SaaS provider thoroughly tests enhancements or changes before putting them into production. One of the clear advantages of a SaaS- based approach is that any service enhancements benefit customers immediately, with zero downtime, and without any customer intervention.
A financial institution might choose a SaaS-based solution from a vendor that also provides a central issuance solution. In these cases, the same back-end hardware and software governs the central card and instant issuance processes. The institution’s responsibility is scaled back significantly.
Cost Advantage 4: Network security
With internal instant issuance solutions, the financial institution is responsible for the communication between the printer and the HSM for delivery of the card holder’s account information. It is advisable for these institutions to create a separate network segment, or layer, for this communication so that communication can be appropriately secured. Given the importance of the process, financial institutions should hire a third party to ensure proper deployment.
Network security must be tested, and if a company deploys its own connectivity solution, it will need to conduct penetration testing, as a matter of best practice and to comply with PCI regulations. Companies can explore hiring a pen tester or they can use a third-party firm on a regular basis.
With a SaaS-based solution, the SaaS vendor takes responsibility for network security and the related testing all the way to the printer.
Cost Advantage 5: PCI certification
Anything installed locally by a company deploying an internal instant issuance solution must be audited for PCI compliance, and the audit must cover the equipment, the network that supports it and how it is deployed.
A SaaS-based solution typically conducts multiple audits each year. Visa and MasterCard conduct audits, and a third-party may be hired to conduct a separate full PCI-DSS audit, verifying best practices for data storage and management. In addition, an auditor would come onsite to conduct a network penetration test and a separate web application penetration test.
Therefore, for companies that select a SaaS-based solution, the SaaS solution’s PCI certification and related testing processes are extensive. While the printer, printing process, and plastic composition must pass certain certifications directed by the financial institution, the heavy lifting on PCI compliance is covered by the SaaS provider.
The advantages of instant issuance are clear, but many financial institutions do not anticipate the costs associated with going on their own. SaaS-based instant issuance solutions are proven and available and deliver significant cost benefits.
For more about instant issuance and CPI's Card@Once®, visit www.cardatonce.com