Card Personalization Bureau
ManufacturingA certified facility that performs both electrical and graphical personalization of smart cards at scale, operating under strict physical security controls and audited against standards such as GSMA SAS, PCI DSS, or Common Criteria.
What Is a Card Personalization Bureau?
A card personalization bureaucard personalization bureauManufacturingCertified facility for large-scale smart card personalization.Click to view → is a certified, physically secured facility that performs both electrical personalization and graphical personalization of smart cards at industrial scale. The bureau receives blank, pre-personalized card stock from manufacturers, loads cardholder-specific data (keys, certificates, PINs, application data) onto the chip, prints the card surface, and prepares the finished cards for distribution -- all under strict chain-of-custody controls.
Personalization bureaus are critical nodes in the smart card supply chain, handling the most sensitive phase of card production: the moment when generic hardware becomes a unique, credentialed identity or payment instrument.
Operations
A personalization bureau performs several integrated operations:
| Phase | Description |
|---|---|
| Card receipt and inventory | Incoming blank card stock is logged and stored in secure vaults |
| Electrical personalization | Data (keys, certificates, PAN, PINs) written to chip via contact readers |
| Graphical personalization | Cardholder name, photo, and design printed on card bodycard bodyHardwarePlastic substrate forming the card physical structure.Click to view → |
| Quality assurance | Card testing verifies chip function and print quality |
| Fulfillment | PIN mailers generated, cards matched to envelopes, dispatched |
Security Requirements
Personalization bureaus must maintain certifications from multiple industry bodies:
- PCI DSS -- mandatory for payment card personalization (handling PANs, CVVs)
- PCI PTS -- for PIN generation and management equipment
- GSMA SAS (SAS-UP) -- required for SIMSIMApplicationSmart card for mobile network authentication.Click to view → card personalization
- Common Criteria -- some government card programs require CC-evaluated personalization environments
- ISO 27001 -- information security management system
Physical security measures include:
- 24/7 CCTV surveillance of all production areas
- Biometric access control to personalization rooms
- Card counting at every production stage (zero-loss policy)
- Secure destruction of rejected cards and waste material
- HSM-based key management -- master keys never exist outside HSMHSMSecurityPhysical device for key management.Click to view → boundaries
Key Management
The bureau's HSMs perform key diversification during personalization, deriving unique per-card keys from issuer master keys loaded during a key ceremony. The HSMs are typically FIPS 140 Level 3 certified and physically secured in dedicated key management rooms.
Bureau Models
| Model | Description |
|---|---|
| In-house | Large issuers (banks, governments) operate their own bureau |
| Service bureau | Third-party facility serving multiple issuers |
| Instant issuance | Branch-level personalization for immediate card delivery |
Preguntas frecuentes
The smart card glossary is a comprehensive reference of technical terms, acronyms, and concepts used in smart card technology. It covers protocols (APDU, T=0, T=1), security (Common Criteria, EAL, HSM), hardware (SE, EEPROM, contact pad), and applications (EMV, ePassport, eSIM). It serves developers, product managers, and engineers.
Yes. SmartCardFYI provides glossary definitions in 15 languages including English, Korean, Japanese, Chinese, Spanish, Portuguese, Hindi, Arabic, French, Russian, German, Turkish, Vietnamese, Indonesian, and Thai.