Customers love payment cards – convenience, speed, security and not feeling like spending money are just some of the reasons for the popularity of these payment methods. Banks and sellers value them too – research shows that customers who use payment cards are more likely to spend money (this is due to our psychology, more precisely, the illusion of liquidity and painless loss). Despite the different opinions (including negative ones), bank cards, along with cash, are the most popular method of non-cash payments. In this article, we will briefly describe what payment cards are, their structure and types, and discuss the safety of using these tools.

Payment Card – Brief Definition

A payment card (bank card) is a method of payment issued by financial institutions, less often banks. As the name implies, the card is used to pay for purchased goods and services and to withdraw cash from ATMs. Paying with this tool is a convenient alternative to a cash transaction – we don’t have to withdraw cash every time we plan to buy something. At the time of the transaction, it is enough to insert the card or bring it to the payment terminal, enter the PIN code if necessary, agree and the bank will take care of the rest of the process, settling the customer’s obligations to the seller and reducing the balance of our account by the appropriate amount.

Bank cards – a little history

The first cards appeared at the beginning of the 20th century in the United States and were initially made of paper or metal. Card issuers were large retail chains, gas stations, hotels and oil companies, which rewarded loyal customers in this way (the cards made it possible to buy or receive goods on credit). However, all of these systems operated independently of each other, and it wasn’t until 1938 that companies began accepting each other’s cards.

The turning point in the development of non-cash payments was in 1949, when the concept of a means of payment that replaces cash was born in the mind of American businessman Frank McNamara (an interesting fact may be the fact that the inspiration for this was the idea of ​​a failed dinner with friends, where McNamara forgot his wallet ). A few months later, the entrepreneur together with Ralph Schneider founded the world’s first card-issuing company – Diners Club International.

Due to the dynamic development of the brand, followers quickly appeared on the American market. In 1958, American Express introduced its own payment card and it was the first plastic card in history (Diners Club used cards bearing the holder’s name).

That same year, Bank of America issued a card with a credit limit of $300. The customer can repay the debt in full or return only the minimum amount while still using the bank’s funds. In 1975, the institution also made a debit card available to individual customers, allowing cash withdrawals from ATMs.

Poland’s first ATM card

The first payment cards appeared in Poland in the late 1960s. However, these were cards issued by foreign banks, and only foreigners could use them, and only in specific places: ticket offices PLL LOT, exclusive hotels or stores selling goods in foreign currency (Baltona, Cepelia, Pewex).

The Polish card that allows cashless transactions appeared only in the mid-1980s. However, it was not a payment card, it was an ATM card. Its issuer was Polska Kasa Opieki SA Bank, in which an ATM was installed in the branch that allows the withdrawal of foreign currency up to $ 150.

The pioneer in the fledgling payment card market was Inicjatyw Gospodarczych Bank, which in 1991 issued the first business payment card (to receive it, you had to pay a deposit of 200 million PLN or 20,000 US dollars at that time). In 1993, Pekao Bank SA was the first to offer a debit card to individual customers, and two years later – a credit card.

Over time, other innovations appeared on the payment card market:

• In 2001 the first virtual card was created;
• In 2002, ING Bank Śląski issued the first prepaid card;
• In 2003, Kredyt Bank SA released the first microchip card.

Since then, we have chronicled the increasingly dynamic development of the market for payment instruments – new products, technologies and solutions are still being developed, which, on the one hand, make it easier for customers to use “plastic”, and on the other – to increase the level of transaction security.

What information is on a debit and credit card?

Physically, a payment card is a rectangular piece of plastic measuring 54 mm x 86 mm (ISO standard), equipped with a magnetic strip and/or chip on which cardholder data (name and surname), bank name, card ID, card validity date and CVV or CVC code necessary for transactions are recorded. Online.

If you want to learn more details on this topic, read our article on creating a payment card, in which all of the above components are described exactly as described.

Verification Code CVC2 / CVV2

Provides security for remote transactions for which a PIN cannot be used. It is placed only on the card and in the IT system of the issuing bank. Each code is a unique number, is not printed anywhere (for example, it does not appear on transaction confirmations from POS terminals), and does not appear in any other databases. According to security standards set by the Payment Card Industry Security Standards Council, sellers who shop online cannot store the CVV2/CVC2 code. It is only checked during the transaction, and should not be saved or archived. Thanks to this, even if the database is stolen, criminals can only access the card number, but they do not know its sensitive data. This rule applies all over the world,

How is the card security code generated?

Codes are generated separately for each card based on an encryption algorithm taking into account the card’s bank number and expiration date: ‘card_number’ = ‘expiry_date’ ‘algorithm’. The data obtained in this way is reduced to the form of decimal numbers, and the last three or four digits of the code are printed on the back of the card.

CVC2 / CVV2 code and CVC1 / CVV1 code

It should be noted that each payment card is secured with two different codes. Created based on various algorithms and written on magnetic tape in the form of two separate paths:

– CVC1 / CVV1 code is checked during transactions made with the physical card. When the magnetic stripe is pulled through the payment terminal, the code is automatically retrieved and verified by the card issuer;

On the other hand, the CVC2/CVV2 code (along with the card number, expiration date and cardholder details) allows for “Card No Existing” transactions that take place without the card physically present with the merchant.

How do I find the verification code on the card?

CVC2 Code ( Card Verification Code 2 ) – A three-digit code used to verify remote MO/TO transactions on MasterCard cards. This symbol is located on the back of the card next to the signature strip.

CVV2 code ( Card Verification Value 2 ) – a three-digit code that allows identification of a Visa Electron and Visa Gold card holder. The number is printed on the back of the card.

American Express Cards – The code consists of four numbers and is placed on the face of the card.

Safety rules

The CVC2 / CVV2 code, such as the PIN number, must not be disclosed to third parties . It should be noted that banks treat the disclosure of the CVV2 / CVC2 code to unauthorized persons as a violation of the security rules applicable to cardholders and refuse to refund in case of unauthorized transactions resulting from such behaviour.

Unfortunately, recently there are more and more cases of CVV2 / CVC2 code being blackmailed by criminals. After obtaining the sensitive data of the card, the fraudsters make online purchases on the victim’s account and thus clean the account. How to protect yourself from this type of attack is described in the article How to use a payment card safely?

What is the difference between magnetic card and smart card?

Magnetic cards store information on a magnetic strip, which makes them vulnerable to fraud. The low level of fraud protection made it necessary to implement another guarantee. The solution turned out to be chip cards, and instead of a magnetic strip they were equipped with a microprocessor that controlled the process of accessing data. The stored information is also encrypted, which makes it more difficult for unauthorized people to read it. The use of smart cards also requires the card holder to enter a PIN code, which also increases the level of security of this solution.

For some time now, banks have been supplying their customers in series with smart chip cards, which has driven magnetic cards out of the market. During the transition period, a large percentage of smart cards also contain a magnetic stripe to ensure compatibility with legacy transaction systems.

Payment card types

There are many ways to classify payment cards. They are often divided in terms of the way settlements are made with the bank.

The three basic types of payment cards are as follows:

• Credit Cards – a method of payment based on a credit limit granted by the bank. The credit card holder will receive from time to time a list of transactions made with the card and information on the method and date of settlement. Usually, the credit limit is associated with an additional interest rate, but the customer may avoid the need to pay interest on non-cash transactions if, within a specified period of time (the so-called interest-free period), he pays 100% of his obligations to the bank. In Poland, the interest-free period is usually up to 30 days from the settlement date. Banks often use this feature in credit card promotional materials because customers are tempted by the idea of ​​a free loan. Getting a credit card doesn’t always require opening a bank account.
• Debit cards – cards issued to a bank account. At the time of making a transaction with a debit card, the bank debits the debt from the card holder’s account. The customer must have an appropriate balance of funds in his account for the transaction to be successful. The name of a debit card can be a little confusing, since an overdraft can be understood as a debt on your bank account, while a debit card does not allow you to create a negative balance in your account. This name is associated with the fact that when using a debit card, the transaction is immediately posted, debiting the customer’s bank account. In this sense, the word debit simply means debiting your account immediately.
• Charge cards – and otherwise postpaid cards. It can be said that it is a combination of credit card and debit card. On the one hand, as in the case of a credit card, the bank gives the customer a line of credit, but on the other hand, a debit card is often linked to the bank account (such as a debit card). Deferred payment consists in the fact that the customer undertakes to provide funds to repay the debt in full (and not in part, as in the case of credit cards) within a specified period, and then the bank takes the money from the customer’s account.

In addition to the above types of cards, we can also distinguish:

• Prepaid cards (prepaid cards) – these are financial instruments that require top-up, for example by bank transfer to the so-called technical account of the bank that issued the card. The credited cards can then be used to make transactions up to the amount of the balance on the card. After using the funds, you can recharge your prepaid cards. Prepaid cards can be issued to their holder, which means that they are not tied to a specific person and can be used, for example, as gift or travel cards. The advantage of a prepaid card is also high security – in case of theft, you only risk losing the funds in the technical account of the card.
• Virtual Cards – In terms of operation, they are similar to prepaid cards. The difference is that the virtual card is not issued in physical form. It is simply a number that you can use for non-current card transactions . You cannot withdraw money from an ATM with a virtual card.

Out of curiosity, let’s add that a few years ago there were cards that could only be used at ATMs! Unfortunately, we will not find ATM cards in commercial banks anymore – now they can only be obtained from some cooperative banks.

As mentioned earlier, payment cards can be classified according to various criteria. In addition to the method of settlement with the bank, a popular apportionment method is classification based on the level of wealth of clients.

In terms of marketing, payment cards can be divided into:

• Classic cards (Classic cards) – standard payment cards with basic functionality, and free insurance for these cards is very rare nowadays.
• Silver Cards (Silver Cards) – cards for people with high incomes; These instruments usually have a wider scope of insurance protection and the possibility of exemption from fees (the conditions for exemption are higher than for regular cards).
• Gold Cards (Golden Cards) – cards for high-income customers, which provide insurance protection for the holder and his relatives, discounts with bank partners, fee waivers, and are also widely accepted.
• Platinum cards (Platinum cards) – cards for wealthy customers, which guarantee high insurance protection, a high credit limit (for credit cards) and additional services (such as a concierge).
• exclusive cards – cards for VIP clients, offering a wide range of services (and insurance); They are often made of certain materials, such as gold (the Russian Infinite Visa) or titanium (the Centurion American Express Card).

From the point of view of the payment institution whose logo is located on the card there are cards:

• Visa – is the largest and most popular card organization in the world, and also in Poland, where Visa cards make up the unquestionable majority,
• MasterCard – the largest competitor to Visa (in Poland it still has a smaller market share), but more innovative and modern (NFC payments, contactless gadgets),
• American Express and Diners Club – less well-known card institutions in Poland, but well-known and appreciated in the world; Cards of these institutions are considered very prestigious, they are used to settle payments, for example, for car rental or air services.

proximity cards

Contactless cards are payment cards that allow contactless payment. Physically, they are chip cards or cards with a chip and magnetic stripe, but they have an additional built-in antenna that allows you to make transactions by bringing the card closer to the payment terminal. In Poland, contactless cards can be used to make quick payments up to PLN 100 without providing a PIN (it is also possible to increase this amount, but the transaction must be confirmed with a PIN code or signature). At the moment, banks offer their customers VISA payWave and MasterCard PayPass cards, and the contactless cards themselves already account for about 88% of all cards in circulation .

In addition to contactless cards, other carriers are also available, allowing to carry out contactless payments. We are talking here, among other things, about proximity stickers that can be attached to a mobile phone or mp3 player. On the Polish market you can also find other contactless media (the so-called piper) in the form of watches, key rings and proximity straps. Thanks to them, you can pay for purchases (up to PLN 100) without having to carry a debit card with you. Here we have written more about contactless tools.

The popularity of proximity cards has sparked controversy over their safety. The fact that you can make small payments without having to confirm the transaction with a PIN makes it easy to lose cash from your account and even create a debit balance if your contactless card is stolen. The cases of theft of contactless cards and the inability of their users in such cases contributed to the revision of the current policy of banks in this regard. On September 30, 2013, the NBP Payment System Board adopted an important recommendation regarding the security of contactless cards. The following obligations are imposed on banks, payment institutions and other participants in the payment system:

• recommendations for improving the procedures for issuing contactless cards – banks should enable customers to enable or disable the contactless function on a payment card , and first of all inform them of such a possibility; If there is no option to disable the contactless function, the bank must provide the customer with a choice of a card without the contactless function. This recommendation also imposed an obligation on banks to inform the customer, among other things, about what the contactless function is, about transaction limits, authorization methods, and about theft.
• Recommendations for increasing the awareness of cardholders of the contactless function, including through education – Payment system participants should enhance contactless card security, educate the public in this area through social campaigns, marketing campaigns, and training of bank staff.
• Recommendations regarding the division of liability for unauthorized transactions between the issuer of the contactless card and the holder – the legal provisions indicated that in the event of a loss of the card, the holder is liable for unauthorized transactions up to the amount of 150 euros. The recommendation obligated banks to implement measures limiting the liability of contactless cardholders to the equivalent of 50 euros (if the bank allows customers to disable / enable the contactless feature or use cards without this feature) or completely exclude the responsibility of the cardholder (if the bank does not allow the customer to disable the contactless feature or use the contactless feature). cards without this feature).

The above recommendations are intended to increase the security of customers by enabling them to choose between contactless payment functionality and cards without this feature. Moreover, they have limited the liability of contactless card holders for unauthorized card transactions. Banks implemented these recommendations by allowing customers to choose a traditional smart card or by letting contactless be turned off.

Card Innovations

The entire field of cashless payments is developing dynamically, and payment cards are no longer what they used to be. Recent years have brought us many developments in this regard.

Cards with the selected image

More and more banks offer debit cards in a non-standard form. The standard pattern on “plastic” is usually not attractive, so for an additional fee, customers can also choose a different pattern to suit their personality or interests. You will find an overview of this plastic material in the text “Payment card with your own photo. Is it worth it?”

The card is in the phone, the watch, and the bracelet

Due to the development of banking technologies, the traditional card (credit or debit) is no longer a modern means of payment for purchases or services. Financial institutions now let you add a card on your phone to apps like Google Pay or Apple Pay, as well as use the card in your watch, and even a sports band. You can find more in the article “Mobile Payments – Overview and Availability in Banks”.

A card with a screen and a card with a variable CVC code

The MasterCard Display with an integrated mini-display was an exception among contactless cards. It had two PIN numbers – one for regular cashless payments and one for the screen placed on the card. A small screen was used to display our account status and messages from the bank. The card can also be used as a code to confirm transactions in Internet banking (instead of common SMS messages).

A card with a screen and a card with a variable CVC code

The MasterCard Display with an integrated mini-display was an exception among contactless cards. It had two PIN numbers – one for regular cashless payments and one for the screen placed on the card. A small screen was used to display our account status and messages from the bank. The card can also be used as a code to confirm transactions in Internet banking (instead of common SMS messages).

The second innovative card in our market was the MasterCard debit card with the variable CVC2 code (MasterCard Dynamic CVC). There was a small display on the back of the plastic with a different set of numbers every hour, the CVC2 code. This code is used to secure online transactions and is required when we pay, for example, with a debit card for goods or services on the Internet.

The card with a dynamic Card Verification Code (CVC) was intended to increase the security of online payments and eliminate the risk of data interception by unauthorized persons. Even if someone found out the card number and CVC code, within an hour that code was already out of date and the hacker could not complete the transaction.

Payment card security

Chip cards, which are currently offered to customers, have a much higher level of security than cards with magnetic stripes, which are gradually becoming obsolete.

The primary security mechanism for a payment card is a PIN code . For security reasons, it is never placed on the card and must be remembered by the customer. At the time of the transaction, after the card holder enters the PIN code, the data from the payment card (such as the bank name and card number) is encrypted along with the PIN code entered using the DES or 3DES algorithm and then sent to the bank’s authentication system. The system verifies the card holder (authentication process) by comparing the transmitted data with the information stored in the banking system database. After correct verification, the system allows the card holder to access the bank account. The next step in the payment process is authorization, that is, the process of checking whether the card holder can perform a certain operation (for example, whether he has the appropriate amount of funds in his account).

Additional security used in online card payments is the 3D Secure Service , which is being offered by an increasing number of financial institutions. It consists of a two-step verification process for the card owner – when paying for goods, we enter sensitive data from the card and an additional authorization code received from the bank (from a token card, token or SMS). Most of the time, enabling 3D-Secure is completely free, so it’s worth using this solution.

Stolen or lost payment cards should be held at the bank as soon as possible. This concerns the legal responsibility of the bank for unauthorized transactions made with plastic – according to the law, the customer is responsible for transactions amounting to the equivalent of 150 euros, unless the card is canceled in advance. The sooner we contact the bank (in person or by phone), the less losses we incur as a result of the theft.

Payment card insurance is also a good solution – it further reduces the liability of the client, and sometimes releases it completely, transferring the liability to the bank (the cost of such insurance varies from PLN 3 to PLN 5 per month).

Watch also

Top 5 DNS attacks. How do you reduce its effects?