Architectures for card issuance systems can be categorized as either centralized or distributed in nature. Each scenario presents a unique set of opportunities, and perhaps more importantly, security risks that must be understood and addressed.
There is a macro and a micro distinction that can be made when defining the two types of issuance architectures. At a macro level, centralized issuance can refer to situations in which a third party issuer is handling the card production and distribution on behalf of the client. With distributed issuance the client controls its own card production and distribution.
In closed system environments (e.g. campuses, corporations), a more micro-distinction for centralized and distributed issuance can apply. When a campus has multiple branches or a corporation has multiple locations, centralized issuance has all cards produced from a single, controlled location. Distributed issuance deploys the technology and responsibility for issuance to the various sites.
In the case of both the macro and micro distinctions, the following discussion can apply.
In the past, centralized meant secure and distributed meant fast …
“We are seeing great opportunities and advances for distributed issuance,” says John Ekers, Director of Product Marketing for Systems and Software, Fargo Electronics. “In general, it is always better if you are controlling more of the process yourself.”
Certainly this self-control aspect is the key reason issuers choose the distributed model. Using the campus setting as the example, distributed issuance equates to instant issuance. The enrollment, authentication, imaging, production and distribution can be completed onsite, while the cardholder waits. Centralized issuance cannot accomplish this.
But, centralized issuance has traditionally possessed a major advantage over its distributed counterpart: added security. Blank card stock can be locked down and each piece accounted for at all stages in the process; staff access can be tightly monitored; fraudulent card creation can be curtailed via stringent checks and balances; etc.
“What we are seeing today,” adds Mr. Ekers, “is a migration of the security control procedures traditionally used in centralized issuance bureaus to the distributed environments.”
Categorizing the risks
A major shift in the nature of campus, corporate, and other ID card applications have been the primary driver for increased issuance security. A degree of risk has always existed but as the privileges and opportunities that an ID enables has expanded, the dangers arising from fraudulent cards have grown.
The risks associate with issuance procedures can be thought of in three main areas and for each, according to Mr. Ekers, there are significant advances underway for distributed environments. The areas are materials, data, and personnel.
In centralized issuance all card stock, printer supplies, and equipment are kept in one location making it easier to manage and track. When production is distributed, so too must the materials be distributed. This requires a more sophisticated system of control.
Off-the-shelf inventory management software, built-in security mechanisms in new printer models, and software prompts in both printers and imaging software are making it easier to manage materials in a distributed environment.
In centralized issuance, employees undergo background checks and can be closely monitored throughout the day. Monitoring is far more difficult in a distributed environment.
By requiring stringent login procedures, restricting the hours that an employee can print cards to appropriate times, and employing other system-controlled checks and balances, remote monitoring and control are becoming a reality. “In the near future,” says Mr. Ekers, “I expect to see biometric login to issuance systems become the norm.”
In terms of issuance data, both the personal information of your cardholders and the ongoing system operation data is crucial. Obviously, the security of the cardholder data is paramount to ensure individual privacy. The system operation data is key to monitoring efficient and appropriate use of the equipment and materials.
In a highly controlled centralized environment, data can be tightly held on a closed network with security controls appropriate to the need. The physical premises can be locked down and unauthorized access restricted. This is far more difficult in a distributed environment where open or pseudo-open networks are used and open access to the premises is required to facilitate customer service.
Advances in encryption techniques (e.g. hardware security modules that manage issuer keys) have made it possible to ensure that cardholder data is never transmitted “in the clear” thus reducing the risk of data compromise. High level encryption and high speed networking is enabling distributed access to centralized data repositories, thus allowing the cardholder data to be held securely in a single location and accessed only when necessary by a distributed site.
Distributed issuance: no longer be “less secure”
“We are nearing the point where the security benefits of centralized issuance are no longer sufficient to merit the loss of control,” says Mr. Ekers. “Distributed issuance can be technology-enabled such that its security matches, and potentially exceeds, its counterpart.”
He concludes with the following thought, “When an issuer switches from a centralized model to a distributed model they are forced to reexamine the controls employed for materials, personnel, and data. I have seen many cases where they find significant security holes in their former centralized processes that have been corrected in the migration.”