Overview#
Payment Card are issued by a Issuer Bank.Payment Card number use the Bank Card Number numbering scheme.
We lump any payment card into Payment Card. They typically include Gift Cards, Debit Cards and Payment Card
Example Payment Card#
 |
What’s wrong with current credit cards?#
In the United States, the answer to this is just about everything. Your credit card number, or in industry parlance Primary Account Number PAN, is embedded in a primitive magnetic stripe on the back and, just for good measure, typically embossed on the front.There is no meaningful security on the card itself. For use in phone/internet transactions, the card also has a three- or four-digit security code printed on it as well, though this number is not absolutely required for transactions, and seems to be requested only at random. When you go to a store, you swipe your card and your plain-text PAN is seen by the merchant, then sent for verification through what you hope is a securely-encrypted connection to the credit card processor.
The problems do not lie with that end of the transaction. MasterCard, et al., and the issuing banks generally do a fantastic job of keeping their systems incredibly secure. The problem is with the merchant. They get to see your number and store it in their systems, which can be handy for returns, but also problematic. The Payment Card Industry PCI Security Standards Council has created strict rules governing the storage, use, and transmission of cardholder data, and while merchants may be required to be PCI compliant, that does not necessarily mean they actually are secure, or that there are not other holes the compliance measures have not fully accounted for. The number of large merchants that have announced major credit card breaches just in the past year is sobering reminder of this.
What about chipped cards?#
Outside of the United States, most countries long ago switched from using so-called "magstripe" cards to much more secure EMV cards, more commonly known as "Chip and PIN." The United States will finally begin switching over to EMV cards over the course of the next year, though most banks will issue "Chip and Signature" cards instead, that forgo the added security of using a PIN.These cards are a huge improvement, notably by generating single-use security codes, but they still transmit the PAN in the clear and provide no benefits for online transactions. The merchant still gets your PAN, and the merchant is still the problem.
There are just too many merchants, with too many possible security holes. The only way to keep your account safe is for the merchant to never have your PAN in the first place. As part of the switch to chipped cards, all merchants will have to update their credit card terminals, if they have not already done so.
In the US, the October 2015 "deadline" for the switch is not a hard deadline, but it is when the liability shifts, and that should be plenty of motivation for most merchants. Before the October 2015, if someone uses a credit card fraudulently, and the merchant follows the basic acceptance rules, then the credit card issuer is liable for the fraud. After October 2015, if the merchant has a chip-capable terminal, but the credit card itself is chipless, then the credit card issuer is still liable. But, if the credit card company has issued a chipped card, but the customer has to run it using the stripe because the merchant has not upgraded terminals, then the merchant is liable for any fraud.
Since credit card terminals don’t last forever anyway, and a single incident of fraud could be very costly, the conversion id expected to be rapid. The non-accidental timing of Apple Pay coincides with a hardware upgrade that is already going to happen regardless, which will help finally make NFC contactless payments common. The one critical side effect of America’s switch to accepting chipped cards is that almost all of the new terminals will also include support for contactless payments as well.
More Information#
There might be more information for this subject on one of the following:- 3D Secure
- ACH
- API Registry
- Access Card
- Access to Account
- Acquirer
- Address Verification System
- Apple Pay
- Bank Card Number
- Blinding Identity Taxonomy
- Bounded Context
- Card Issuer
- Card Not Present
- Card Security Code
- Card Verification Method
- Card-Emulation
- Cardholder
- Certificate
- Chase Pay
- Contactless POS
- Credential
- Credit Card
- Cryptocurrency
- DISHFIRE
- Debit Card
- Derived Credential
- Digital Subject
- E-residency
- EMVCo Tokenization
- Financial API
- Foundational ID
- Four-Party Credit Card System
- Gift Card
- Google Pay
- Google Wallet
- Google Wallet vs Apple Pay
- Host Card Emulation
- Hybrid Card
- Identity Card
- Identity Document
- Incremental authorization
- Interchange Fee
- Law of Consistent Experience Across Contexts
- Loyalty Card
- Magnetic Secure Transmission
- Major Industry Identifier
- Merchant
- Merchant Category Code
- Money
- Offline Data Authentication
- POS Terminal
- Payment Card Industry
- Payment Card Industry Data Security Standard
- Payment Card Verification
- Payment Network
- Payment Service Provider
- Payment Transaction
- Person-to-Person Payments
- Personal Identification Number
- Phishing
- Phone Number Portability
- Pretexting
- Primary Account Number
- Proximity Card
- Real Risk
- Regulatory Risk
- Secure Electronic Transaction
- Signature-Paper
- Smishing
- Social Login
- Softcard
- Stored-value card
- TD1
- Tokenization
- Verifiable Claims
- Vishing