In the card-issuing space, a predictable pattern exists with plastic cards, Very Good Security’s CEO and Co-founder Mahmoud Abdelkader told Karen Webster.
Consumer demands card. Issuer prints card, sends it off — and promptly loses contact and context about that card. The security risks with plastic cards out in the field are well-known: plenty of personally identifiable information (PII) and, of course, the card number on there, too.
Necessity is the mother of invention, as they say — and necessity is spurring financial institutions (FIs) to examine issuing virtual cards in greater numbers.
The pivot toward virtual card issuance can be tied to one simple pressure along supply chains: namely, the ongoing chip shortage, Abdelkader said. Sourcing the chips, the transistors and the components that go into the tangible cards has been problematic. But there’s a gap between getting the virtual cards into consumers’ hands and getting them to use those cards.
“It’s a very big revenue model for companies that issue cards,” said Abdelkader. “And they get a little bit of the interchange back.”
Special opportunities are in place when it comes to virtual cards, he said. Those cards can, for example, embed offers and promotions — and even loyalty programs (a Netflix subscription, for example) — that can bring those virtual cards to top of mind and top of wallet.
But, as Abdelkader noted, the issuers need to know they are compliant while they control the entire end-to-end user experience. But navigating card launches with speed and achieving PCI compliance isn’t easy. He pointed to the use of aliasing as a key way to protect data and the consumer, from the point of registering for the card to using those virtual offerings day to day.
At a high level, aliasing has been described as a process where data is mimicked but is not transported to — nor does it reside within — end systems.
The heightened levels of security, said Abdelkader, can also help firms protect their back-office operations. Hacks and ransomware are short-circuited as the sensitive data simply is not there to be stolen.
Controlling The Experience
For the issuers, he said, “it’s important to be able to control the experience, to give that user a conversion experience, to make sure that the revenue is maximized and optimized for that particular transaction.” FIs can then use aliasing strategically to increase revenues, incentivizing a user to transact with that same card in the context of an application (or a rewards program, for example).
Metadata, Abdelkader explained, helps the FI understand how individuals are transacting as they are motivated to make purchases. One added benefit accrues for the FIs, too: They don’t have to spend additional money on ad campaigns or brand awareness efforts — instead, they can turn security, compliance and logins into competitive advantages. Consumers, in the meantime, will eventually be able to monitor and control their data in a way that has not been previously available to them.
Abdelkader pointed to the example of one bank in Texas that had a strict timeline to go to market with one of its commercial cards. It turned out that in the process of developing those cards, the VGS client found a stumbling block in compliance and security. That hampered their efforts to go live with the cards, as well as their efforts to determine just how individuals would interact with their FIs when activating, using or reporting issues with those cards. Aliasing, he said, can intercept a customer email or text message and “rewrite” it by replacing a card number with the alias — thus, the sensitive data never makes it to the customer agent.
Consider it a case of building a bridge between card deployment and card use, as well as building up a steady flow of transactions.
“The whole point of this is that we solve the back-office problems, but also help customers go live faster,” Abdelkader said — and the transaction lift has been significant, about 15 percent to 20 percent, VGS has observed. “Those transactions do not need to be ‘nurtured’ to get the bank to start seeing revenue right away,” he added.
Giving Context To The Cards
Abdelkader said that the flexibility and programmability of the virtual cards can give rise to scenarios where the cards satisfy concrete use cases such as budgeting, where spending limits are in place over a certain timeframe and only for certain items. Or the cards, he said, can be provisioned to children, with similar limits, to teach them good spending habits. In the commercial setting, virtual cards can be similarly budgeted or limited to treasury functions, or limited by department spend.
Looking ahead, product development initiatives exist that can give users the ability to “opt-in” to move their cards to top of wallet (with promotional activities to entice those decisions) or to push a preferred payment method. As Abdelkader told Webster, to aid FIs’ initiatives to innovate their card programs, delving into data and data privacy, “we built a platform to let you build applications on top of sensitive data, and we know that the interfaces that you use today to collect the sensitive data itself should be a platform.”
As he told Webster, with data aliasing, “the virtual card issuing piece is done. Now card issuers can focus on what they can enable on those cards.”