Card Personalization Systems
Smart card personalization: data preparation systems, electrical and graphical personalization machines, and production workflows.
Card Personalization Systems
Card personalisation is the manufacturing-stage process that transforms a blank smart card into a card bearing a specific cardholder's identity, credentials, and personalised artwork. It is performed by a card personalisation bureau — a secure facility operating under strict physical and logical security controls.
Overview of the Personalisation Pipeline
Card Issuer (Bank / Government)
│ 1. Personalisation data file
▼
Data Preparation System
│ 2. Formatted personalisation records
▼
Electrical Personalisation (chip programming)
│ 3. Key loading, data writing, certificate injection
▼
Graphical Personalisation (printing)
│ 4. Name, photo, card number embossed/printed
▼
Quality Control & Audit
│ 5. Functional + visual verification
▼
Packaging & Fulfillment → Cardholder
Electrical Personalisation
Electrical personalisation writes data to the chip's EEPROM or Flash memory and injects cryptographic keys. Key operations include:
| Operation | Description |
|---|---|
| Key diversificationKey diversificationSecurityDeriving unique per-card keys from a master key.Click to view → | Derive card-unique keys from a master key using the card serial number |
| Certificate loading | Load PKI certificate chain (issuer → card) into secure file system |
| PIN initialisation | Set initial PIN (often mailed separately or set at first use) |
| Data encoding | Write PAN, cardholder name, expiry into APDUAPDUProtocolCommunication unit between card and reader.Click to view → file structures |
| Lifecycle transition | Set card to INITIALIZED or SECURED state ready for issuance |
Key diversification uses algorithms such as EMVEMVApplicationGlobal chip payment card standard.Click to view → Option A, Option B, or AESAESCryptographyNIST symmetric block cipher for smart card encryption.Click to view →-CMAC with a Master Derivation Key (MDK) held in the bureau's HSM. The MDK never leaves the HSMHSMSecurityPhysical device for key management.Click to view →; all diversification operations execute inside it.
Key Injection Facilities (KIF)
Key injection — loading symmetric keys or private keys onto blank cards — occurs in a PCI-compliant Key Injection Facility:
- Dual control: Two operators required to authorise key loading; neither alone knows the complete key.
- Split knowledge: Keys stored in HSMs with M-of-N key shares.
- Audit logging: Every injection event is timestamped and logged to an immutable audit record.
- Physical security: Caged area, CCTV, anti-skimming on injection machines.
For JavaCard and GlobalPlatform cards, the personalisation application is an applet pre-loaded during manufacture. The bureau authenticates to the card's Supplementary Security Domain using SCP03SCP03SoftwareAES-based secure channel protocol.Click to view → (SCP03) before writing personalisation data.
Graphical Personalisation
Graphical personalisation adds the visible data: printed name, photo, card number, expiry, and embossed elements. Technologies used:
| Method | Description | Use Case |
|---|---|---|
| Laser engravingLaser engravingManufacturingLaser-etched permanent personalization on polycarbonate cards.Click to view → | Ablates card bodycard bodyHardwarePlastic substrate forming the card physical structure.Click to view → for permanent, tamper-evident text | Premium bank cards, government ID |
| Inkjet printing | Full-colour photo and variable data printing | Low-to-mid volume ID cards |
| Dye-sublimation | High-quality colour photo printing | Access badges, employee ID |
| Embossing | Raised characters on card surface | Legacy bank card compatibility |
| UV ink | Visible only under UV illumination | Security feature, anti-counterfeiting |
Modern secure identity documents combine laser engraving (personalisation data that is physically part of the card body) with personalisation data on the chip — so altering one without altering the other is detectable.
Data Preparation
Before the bureau can personalise cards, the issuer's data preparation system formats raw records (from the card management system or identity database) into a personalisation file that the bureau's equipment can process:
Issuer CMS export → PKCS#7 encrypted + signed file → Bureau gateway
Bureau gateway → HSM decryption + signature verify → Personalisation station
Standard personalisation data formats include: - ISO/IEC 7813 Track 2 equivalent for chip data - Personalisation Script — sequence of APDU commands per card - ICAO MRTD Personalisation Package for ePassportePassportApplicationPassport with embedded contactless chip.Click to view → chips
Bureau Security Controls
Relevant certifications for personalisation bureaux:
| Standard | Scope |
|---|---|
| PCI DSSPCI DSSComplianceSecurity standard for payment card data environments.Click to view → | Cardholder data environment |
| PCI Card Production (PCI CP) | Physical and logical security of card manufacturing |
| ISO/IEC 27001 | Information security management |
| GSMA SASGSMA SASComplianceGSMA security certification for SIMSIMApplicationSmart card for mobile network authentication.Click to view →/eSIMeSIMApplicationProgrammable embedded SIM chip.Click to view → manufacturers.Click to view →-SM | For SIM/eSIM personalisation |
The issuer typically audits the bureau annually and requires evidence of PCI CP compliance and HSM audit logs.
Personalisation Quality Control
Each personalised card undergoes:
- Electrical test: Select applet, verify AID and critical data, perform a test cryptogram.
- Visual inspection: OCR reads printed data against the expected record; photo biometric matching verifies the photo placement.
- Sampling: Statistical sampling of issued cards for destructive security testing (see the Smart Card Testing Framework).
Cards that fail QC are physically destroyed and logged — destruction records are part of the audit trail.
See the GlobalPlatform Pro Guide for applet management commands used during personalisation, and the GDPR and Smart Card Data Guide for data protection requirements in bureau workflows.
Häufig gestellte Fragen
Our guides cover a range of experience levels. Getting Started guides introduce smart card fundamentals. Security guides address Common Criteria certification and key management. Programming guides target developers working with APDU commands, JavaCard applets, and GlobalPlatform card management.