The bank card as a second authentication factor

One factor is no longer enough

In a world where crime is increasingly concentrated in digital reality, the password model is no longer enough. Progressively, either voluntarily or by imposition of partners or regulation, the adoption of multiple authentication factors has become widespread. Whether changing equipment, activating a card, authorizing higher value transactions, accessing confidential data or any other action that requires greater security, the adoption of multiple authentication factors is essential.

Two factors… but which ones?

Authentication factors can go from possession (something I have) to knowledge (something I know) and to identity (something I am). Since identity recognition currently brings many challenges at the technological and data privacy level, the most common solutions have gone through factors associated with ownership and knowledge. For this purpose, the following additional authentication factors are usual for using the app on a mobile phone:

  • SMS OTP (One Time Password): this is a security factor considered obsolete by NIST – the North American Institute for Standards and Technology
  • App Token: poor usability solution as it requires the use of two apps simultaneously and low security because both apps are often on the same device, therefore also compromising the user experience when carrying out their banking operations
  • Matrix Card: high-cost solution (maintenance of the cards and everything that implies their management and shipping costs by mail) and poor usability since it requires the use of an additional card

I received an SMS from my bank…

This is a common expression in the reporting of various consumer complaints.

The degree of sophistication of online fraud in stealing credentials and even receiving OTP makes it very difficult to distinguish a fraud scheme from a real banking experience. If previously there were some indications that facilitated the identification of fraudulent schemes, currently the SMS appear integrated in previous conversations with the banks, the web pages are replicas of the official sites, the texts are carefully written in correct Portuguese and the accelerated day-to-day rhythm of consumers often makes them lower their guard while facing authentication requests.

Card is better than SMS

The bank card that any user already has can be a secure authentication solution (PSD2: proof of ownership) using hardware that the customer already has in his possession. The card, branded by the bank the user knows, is in his wallet every day and is often used in contactless payments.

By touching this card to a mobile phone for a few seconds, using NFC (Near Field Communication) technology, you can authenticate. NFC is a technology that allows two devices to communicate when they are close together, typically within a few inches.

In this case, since the bank card is currently equipped with an NFC antenna, when touching the mobile phone, the NFC reader reads the card information and sends it to the bank application for authentication.

This method avoids the use of one-time passwords (OTP) sent by SMS or, for example, the verification of numbers on the matrix card. In addition to being more secure, as it requires possession of a physical card that is active, it is more convenient by eliminating the need to manually enter a code. Additionally, it is easy to use, with an object that is already familiar to the user and with the bank’s trust mark, the authentication process is very fast as the card information is read and transmitted quickly.

This type of authentication can be used to formalize the process of changing mobile equipment, securely authorizing transactions, and preventing unauthorized access to confidential information, among many other use cases.

The future that is present

This is a solution that is already working and which, in practice, translates into an SDK (Software Development Kit) that can be integrated into the bank’s current application. With this feature, the mobile phone recognizes the card and requires it as an authentication factor. Currently available for Android, it is not yet possible to use it on the iPhone, since Apple does not provide access to NFC by other entities for financial transactions purposes. However, it is anticipated that this will soon be an outdated issue, with this type of solution being available for all NFC-equipped equipment.

Find out about the options available from your payment solution partner.

Junte-se a nós no evento de lançamento do movimento Merece

Os cartões eletrónicos ocupam um lugar especial nas nossas carteiras. Mas o que lhes acontece quando saem da validade ou ficam inutilizados por outro motivo?

Na Contisystems, enquanto fornecedor e personalizador de cartões, sentimos a necessidade de fazer mais para minimizar o impacto ambiental da nossa atividade. Todos os anos fornecemos milhões de cartões e sabemos que cada cartão deixa uma pegada equivalente a 150gr de Carbono. Uma vez que a validade de cada cartão anda pelos 3 ou 4 anos, há uma rotatividade grande e muitos cartões inutilizados. E já sabemos o final que normalmente têm os cartões inutilizados… o lixo comum! Ou seja, além da pegada de carbono que deixam, estes resíduos vão também contribuir para encher aterros.

Foi neste contexto que decidimos criar um movimento para dar aos cartões inutilizados o final que merecem, um final ecologicamente responsável.

O nosso objetivo é envolver o maior número possível de entidades no sentido de incentivar empresas e indivíduos a contribuir para o tratamento ecologicamente responsável dos resíduos de cartões com componentes eletrónicos (sejam eles bancários ou não). Por isso:

  • se trabalha numa empresa emissora de cartões, não deixe de participar e motive a sua empresa a aderir ao movimento;
  • se conhece alguém que trabalha numa empresa emissora de cartões, partilhe este artigo e incentive-os a participar;
  • se quer também contribuir a nível pessoal, não deixe de acompanhar o movimento para saber o que fazer e pressione as entidades emissoras dos seus cartões a participar;
  • se trabalha noutro sector que gera resíduos não tratados, inspire-se e crie o seu ciclo de tratamento de resíduos; estamos disponíveis para partilhar experiências e contribuir como pudermos com iniciativas de outros setores.

Todos temos um papel na criação de um mundo ecologicamente mais responsável, vai fazer o seu?

Junte-se a nós e acompanhe a transmissão online do evento de lançamento deste novo movimento no próximo dia 08 de outubro entre das 09:30 e as 11:30.

Vamos contar com a participação dos primeiros membros do movimento e com os nossos parceiros que nos permitem dar aos cartões o final que merecem.

Contamos consigo, o nosso planeta merece.

What happens to cards swallowed by the ATM?

We all know the result of consecutively inserting the wrong pin, or what happens when we try to use a card that has already expired … But do you know what happens to your card after being swallowed by the automatic machine? Get to know the mysterious journey of bank cards swallowed.

Every day hundreds of bank cards are held at ATMs. The card retention system was created to ensure the safety of customers and prevent fraud and requires that cards follow a highly secure route to prevent them from falling into the wrong hands and that access to their money is compromised.

But let’s find out what travel cards do from your retention to their destruction.

1. The card is placed on a Blacklist

To ensure that your card details are not used after being held and that your account is secure, your card details are entered in a “blacklist”. This list protects bank customers from misusing your card data (for example when shopping online).

2. Collection of captured cards

Cards from different banks can be retained in each ATM. The bank that owns the ATM makes regular collection of those cards that are retained and separates them by entity.

Weekly, the various banking entities schedule the exchange of the cards withheld so that the cards return to the banks to which they belong.

This process, while apparently simple, is quite complex. We are talking about thousands of cards a week, and many different banks.

Only the process of separating cards by bank is a headache for banks due to the security and rigor required and the logistics of the entire process.

This whole cycle means that it often takes well over a week to send a card withheld to the issuing bank.

3. Verification of collected cards

After receiving the cards, each bank checks their cards, one by one, to ensure that everything goes smoothly. In this process, the collected cards are compared with the list provided by the other banks that collected the cards from their ATMs.

4. Destruction of cards

Finally, cards that are not returned to customers are destroyed! Usually the cards are crushed by industrial machines and their waste is delivered to an entity that will do its treatment.

The capture of cards in the ATM network results in a significant administrative and operational burden for banks as well as costs. It is common for banks to have many resources dedicated to this process and it does not flow in the best way, resulting in delays in the identification of the captured cards and prolonging the time that they are blacklisted.

It was for this reason that Contisystems developed the captured card processing service that centralizes the collection of cards, reading and reporting them, streamlining exchange logistics with other banks, storing them in safe deposit boxes and destroying them ecologically responsible when their end of life is confirmed.

We believe that, with this service, we speed up the process of delivering the cards to the respective issuing entity, and reduce the operational effort involved. Learn more about our service here:

Digitalization of terms and conditions

In April 2020, Banco de Portugal (BdP) announced that bank customers had 18,104 complaints in 2019. 18.7% more than in 2018. This increase, according to BdP, was particularly motivated by the availability of the Electronic Complaints Book (LRE) ). Excluding this book from the analysis, there would be, in 2019, an increase of complaints of 1.4% compared to 2018. 

The BdP gives visibility in this report that the topics most demanded by customers are: bank deposits, consumer credit and mortgage and mortgage loans. 

What do all these themes have in common? 

As a rule, all of them are governed by terms and conditions that are made known and accepted by your bank to the customer, such as interest rates, service costs, among other information. 

As in any dispute or disagreement, when these exist, then who is right? The client? The bank? 

It is therefore imperative for banks that, in the event of a dispute, be able to prove that the customer has been informed that a certain product or service has “x” costs,  or any other data. 

This was the motivation that led one of our bank clients to challenge us for a new project that, although complex for its content, proved to be the right opportunity to apply many of our strengths, namely knowledge, technical capacity and internal infrastructure. 

The challenge itself is that the bank should hold a guarantee that the cardmail (courtesy letter) that accompanies the credit card to be sent to the customer is produced and personalized as the bank stipulated, with data such as: 

  • Name 
  • Address 
  • Fees 
  • Associated terms and conditions (fixed or variable) 

In summary, we guarantee with this project that the cardmail will be personalized with the customer’s data, with the negotiated rates, and that it will be printed and saved in real time in a digital custody solution, in strict legal compliance. 

This allows the bank’s call center teams to have visibility on the document that was built and sent in real time and what information it included. 

Imagine the following scenario: 

Customer (A) calls your bank saying they have not been informed of the credit card fee (s) sent to them. At that moment, the bank’s employee will be able to access in real time the document that was produced and sent in paper format to his address and thatwas kept in digital custody at Contisystems. Thus, the bank has visibility that the card and its cardmail carried all the information that the customer now indicates he was unaware of. 

Furthermore, we give the possibility, in the scenario above, for the bank employee who served customer A, to send by email a copy of those the terms and conditions that accompanied the card when it was sent. 

Now, what we are describing here is to give the bank the possibility of having digital proof of what was actually sent to the client or what was written there. This is only possible, because Contisystems can take real-time custody of the document that is coming out of the personalization machine and that will be sent to the end customer. 

Contact us if this solution is useful for your organization. 

Do you already know our card design service?

In the Payment Solutions division, we have been working to expand our activities and today we can say with conviction that we are much more than a card personalizer. The latest extension of our service is further proof of this.

If we already covered the entire chain of complementary activities after the production of the card, such as the production of cardmail, direct delivery to customers, the treatment of captured cards or even the recycling of expired cards, now we want to be present even before the conceptual implementation of the card in order to ensure the entire process.

It was with this context, in order to contribute to the preparatory phase of card design, that we recently started a partnership agreement with a communication agency, with experience in bank cards design. Combining the design experience of this partner with our know-how regarding the existing possibilities in terms of materials, effects or types of customization, we can offer our customers a truly differentiating design service taking full advantage of all the options available.

Now we can also be at the beginning of the card design process, certain that we will deliver a highly added value work.

Discover what we can do for your business.

Eco-friendly alternatives to PVC cards

We have already mentioned here that we have seen an increasing trend towards metallic cards, at least in some segments. Whether they be pure metallic cards, with their very high cost, or hybrid cards, which mix PVC with metal, a differentiation which has been sought in terms of the base material for the card.

But, in fact, metal is not the only alternative to traditional PVC. In the search for ecological solutions, institutions have increasingly sought to find materials that will allow them to express their business environmental concerns. To this end, alternatives which have already been available to suppliers for some time, but which had not yet captured the interest of customers, have begun to appear on the market. As an example, we leave you a short extract from the Press Release issued about these choices. See Press Release from CaixaBank.

In this context, and in addition to the metallic options we discussed in a previous article, here are other alternatives to PVC that can be considered:

Recycled PVC

100% recycled plastic is an alternative to PVC, guaranteeing equivalent print quality and durability, but greatly reducing the environmental impact. RPVC minimizes the production of new PVC, which contributes to the reduction of the problem of plastic landfills.

This material is compatible with the usual customization options.

PLA – Polylactide resin

PLA (Poly Lactide Acid) cards are made from plants such as corn, generating an EN13432 certified composite material that guarantees 100% reliability. They have less CO2 emissions when compared to PVC products and do not use oil.

Being a compostable material under very specific conditions, it is not biodegradable in an uncontrolled environment. It is compatible with the different physical and logical customization options.

Ocean Plastic

These cards are made with plastic recovered from the oceans (for example, trawl nylons), helping the oceans and wildlife to deal with plastic pollution. This product is the result of a partnership between Giesecke + Devrient (one of the largest card manufacturers in the world) and the association Parly for the Oceans.

These are just some of the alternatives to consider when thinking about making your card more “green”. You can count on Contisystems to help you along the path towards sustainability, whether in the choice of your card, in the production of cardmails with FSC certified materials, or even with old card collection and recycling services.

Are payment cards here to stay?

The recovery of the economy, the increase in financial literacy and the consequent increase in the banked population, as well as the variety of ATM services provided in Portugal, has increased the number of bank cards in recent years.

Despite this being a decade of changes in the banking competitive arena, namely with the bankruptcy of banks such as BPN and BPP, the BES fraud scandals and acquisitions such as the incorporation by Banco Santander of BANIF and Banco Popular, there was still room for innovation. Experiences such as online account opening, MBWay (alternative payment method), the CGD DABOX app (taking advantage of PSD2), or even exploiting credit from a more humane perspective like PUZZLE did, are just a few we can name.

Portugal has innovation in its DNA and the adoption of new ways of looking at banking has been notorious. However, even though new payment methods are emerging and adhering, their penetration does not yet seem to replace the use of plastic card. According to the studies to which we have access, the forecast for the coming years is still for growth both in the number of cards in circulation and the value payed with cards. And if growth exists in total, it is expected to be twice significant in prepaid cards, namely closed-loop prepaid cards.

As we have heard repeatedly at several recent industry conferences (Banca do Futuro, Portugal Digital Summit and MoneyConf: Web Summit), the focus should not be on technology, but on customers and solving their problems or difficulties. If the new forms of payment will solve these problems, then they will find their space and their success, if they just appear claiming the use of the latest technology, then they will find user disappointment and poor adherence. While debit, credit, prepaid or any other card is the best solution for many consumers, it will remain a concern for us to provide the best solutions for those who want to use it.

The trend of metal cards

What do the studies say?

According to the ICMA Card Marketing Report study, the 2018 market increased the demand and sale of cards.

A reading of the report points out to the fact that PVC is the raw material of choice for most card uses, regardless of their geographical location.

It is generally known that PVC cards are widely implemented in our everyday lives. This card has an acceptable cost and all production and customisation processes are adapted to this material. For these reasons it is difficult to switch to other raw materials that will, of course, entail higher costs and adapting customisation equipment.

Nevertheless, the materials used in cards have evolved in order to achieve the differentiation sought by customers. In fact, from a marketing point of view, the process of changing from PVC cards to metal cards, for example, can be justified for specific products, markets or segments.

Are all metal cards the same?

No, in fact there are different ways of incorporating metal into the cards, and four types are generally identified:

Full Metal Card

They are made solely of metal and are available in various precious metals such as platinum and gold, as well as other metals such as stainless steel, nickel, and silver.

Hybrid Metal

The front plate of the card is in metal but the back plate is in PVC, and the core of the card is also in PVC

Metal Plate

These consist of two metal plates (one on the front and one on the back) in which the core of the card is in PVC, which is why the card is lighter.

Encapsulated Metal

These cards are pre-laminated with PVC sheets, but are much heavier due to their metal core.

Do metal cards work the same way as PVC cards?


  • They can work in a similar manner to the already known plastic card;
  • They are more durable than plastic cards, which does not mean they are indestructible;
  • Premium feel associated with metal.


  • Some cards are incompatible with contactless operations, but some manufacturers are developing combinations of metal alloys that allow the contactless system to operate in a normal way;
  • Although the robustness of the cards makes them ideal for travel, they can be detected by metal detectors, such as those found at airports. Although, at airports, you are asked to remove everything from your pockets, if this card is forgotten when passing through the metal detector it may activate it;
  • Its rigidity may pose a problem with regard to ATM equipment, automatic machines, etc.

Furthermore, during the development process, the particularities associated with this material must be taken into account:

  • Its laser-based customisation process generates a groove-type engraving, giving the card a tactile sensation of depth.
  •  Creative and design teams must pay particular attention, since Pantone colours are not the same on metal as compared to their use on PVC.

But then, if they do have some limitations and require care, why produce metal cards?

A market survey carried out by CompoSecure with over 6,000 consumers from the markets of Brazil, Hong Kong, Japan, Singapore, the United States and the UK, revealed that 59% (the majority) of the study respondents prefer metal or hybrid cards over plastic cards. This number was always above 50% in all surveyed markets, reaching 82% in Brazil.

The study highlights the fact that the metal card can be an important factor for the final customer in deciding between one or another financial institution, combined with high loyalty and reward programmes.


For our customers, the metal card can generate higher client volumes and may mean greater visibility for their brand. In fact, the status resulting from a metal card is highly valued by users, so they should not be discarded from the bank cards design portfolio. However, there are options for metal cards that give some margin for greater efficiency in the installed processes, and which should be options to consider to avoid greater concerns or functionality limitations.

At Contisystems, as always, we are committed to finding the best card for every situation. Count on us to provide you with the available options, advantages, and limitations, and to work jointly on the layout of your card.

How do the Portuguese pay?

The Payment Systems Report for the year 2018 was recently published by the Bank of Portugal. This report, which reflects the evolution of payment methods in Portugal, gives us a very current view of the Portuguese payment behaviours and of what trends have been observed. Analysing the recent past gives us important tips for the future, and we believe for our customers as well. We took the opportunity to share a brief summary.

In 2018, with growth in terms of economic activity, retail payments in Portugal continued to grow. In 2018, 2.7 billion retail payment operations were processed in the amount of 491.5 billion euros, representing an increase of 7.6% in number of transactions and 7.3% compared to 2017.

Besides payments in cash, which still represent most payments, cards are the most commonly used means of payment by the Portuguese (87% of payments not made in banknotes and coins). This is followed by direct debit, credit transfers and cheques.

Portugal is among the European Union countries with the highest number of bank cards per inhabitant; at the end of 2018 there were more than 30 million cards in Portugal (of which more than 21 million were debit cards).

The Portuguese mainly make withdrawals and purchases with their card. Considering a trend of migration from withdrawals (1% increase in number of transactions) to card payments (a 12% increase in number of transactions), there was an increase of 8.7% in the number of Automatic Payment Terminals (APTs) to 349 thousand and a 2.3% decrease in the number of ATMs.

Although 38% of the cards and 72% of the terminals are already available for contactless payments, only 4% of in-person purchases were made using this technology. Of the total purchases made with cards only 4% were made online.

Credit transfers represent more than half of the amount transacted in Portugal and were the instrument with the highest growth. This growth trend was common to all electronic payment methods.

Although the number of payments by cheque decreased by 12% in 2018, representing a 6.3% decrease in value, an average of 120,000 payments per day are still made by Cheque. The amount paid by cheque totalled 89.7 billion euros in 2018.

It is also worth noting that since 2018, the Portuguese have a new solution to make their payments, and the immediate transfers, completed in seconds already represent, on average, 7,170 payments per day since its launch in September 2018. See the full study of Bank of Portugal here.

Cards: contactless or non-contactless, that is the question

Surely you have noticed those people who are in front of you, or even by your side, at the cashier of a clothing store, for example, and who make payments with credit or debit cards, without even needing to mark the classic GREEN + CODE + GREEN. Right?

Well, it’s not magic or technology from another planet, these people are simply using contactless technology. And note that there are more and more people are using this system.

In Portugal, for example, the number of transactions doubled in relation to 2017, but it is still well below the figures recorded for the rest of Europe.

According to Mastercard in Portugal, this number shows that “there is still a long way to go, as contactless transactions in Portugal represent less than 3% of total transactions, whereas in other European countries it already represents between 30 and 50% of the total amount”.

If we look at the general numbers, contactless is mostly used in the retail trade, accounting for 85.8% of the total number of transactions and 74.6% of the value, according to the 2017 Payment Systems Report.

Let’s talk about cards

At Contisystems we are more than used to looking at these subjects and we like to think that we know a few things about cards.

That is exactly why we decided to try to give a direct answer the question that is the title of this article: Contactless or Non-Contactless, that is the question.

To do this, we decided to create a list where we show you some of the advantages, which are many, and the disadvantages, because these also exist, of this payment system.

However, before we start trying to find the answers that you are looking for, it is important to mention the Banco de Portugal definition for contactless technology here:

Contactless cards are payment cards with proximity reading technology. These cards allow you to make payments without having to enter the PIN: for that purpose, simply place the card close (normally, less than 4 centimeters away) to an automatic payment terminal (APT) fit for the purpose of receiving contactless payments.”

Pros of contactless technology

But let us return to the advantages of this payment method:

Greater security.

This is an undeniable advantage.
Even Banco de Portugal itself tells us that “the contactless system offers greater security to the cardholder and greater protection against fraud attempts, as it makes it easier for you to make payments without the card leaving your hand, or having the need to enter your personal code in public. ”

Therefore, making payments by using contactless technology allows us to maintain greater control of the process and prevents our card from being, for example, cloned by copying the magnetic stripe or the chip.

To make a payment with contactless technology, it is always necessary for the merchant to first enter the value in the APT. The customer will always have to confirm the value of the transaction before using the card. Once the value has been confirmed, the card must be placed close to the APT, typically within 4 centimeters of the machine, until the transaction is confirmed. The terminal does not perform any additional transactions until the current transaction is complete.

Payment limits.

If you do not know, we can also tell you that card issuers have defined a set of control elements to ensure the security of these cards and these entail measures such as: existence of a maximum amount per contactless transaction and imposition of a limit of consecutive contactless payments.

Possibility to disable the contactless system whenever you want.

The card with contactless system retains its functionality of traditional use with PIN. To disable contactless, you only need to contact the entity that issued your card (usually your bank) and ask to deactivate the system. Upon deactivating, the card will work like any other non-contactless.

More convenience.

With this type of payment you do not have to worry about one more code to memorize, or having to hide the code from the person next to you, the person behind you and the person waiting for your payment.

Possibility of turning your smartphone into a card.

There are debit cards, credit cards and prepaid cards that already have contactless technology. This option also allows you to make payments through your mobile phone or smartwatch.

Visa, for example, already allows any NFC app for Android to enable the smartphone to emulate a smart card by using Host Card Emulation (HCE).
Users can wave their smartphone in front of a secure reader to pay for their purchases.

Cards and APTs with contactless technology must be adequately identified with the following symbol:

simbolo contactless

Cons of contactless technology

Despite all of these advantages, DECO has left some recommendations for the users of this type of technology, alerting to some vulnerabilities of this type of system.

According to this organization, which is responsible for consumer protection, “some free and simple to download mobile apps, enable the reading of contactless card data.”.

Therefore, if you are a public transport user at rush hour and, to avoid transmitting data from your card – although close proximity is required for someone with a mobile phone with one of these apps installed to get your card data – Deco advises you to carry the card in an aluminum wallet designed for cards, so that you can isolate and protect it.

In addition to this Deco alert and despite the fact that contactless technology is a reality that is perfectly inserted in the physical payments made in Portugal, it still has some limitations, which we will now present:

Low value transactions.

The maximum amount allowed for a transaction of this kind is generally fixed at 20 euros. Let us agree that it is not a particularly exciting amount, but we believe that soon these values ​​will be revised to allow for a greater use of contactless technology; i.e. each contactless payment cannot exceed the maximum amount allowed. This maximum value is defined by the entity that issued the card.

Limit of consecutive payments.

In addition, another limitation is the existence of a limit of consecutive payments that can be made without entering the PIN, which is usually 60 euros. Once this limit is exceeded, the customer can only re-make contactless payments after performing an operation in a payment terminal or in an automated teller machine with the PIN code. This limit is also defined by the entity that issued the card;

Deactivation of the system must be done by the Bank.

For you to deactivate the contactless function in your card you must make that request to the card issuer, which in this case is your Bank.

Usage rules are not universal.

For this reason, Banco de Portugal recommends that if you travel abroad and intend to do contactless transactions, you should try to read up on the applicable rules in the country where you are traveling to.

Here at Contisystems, we are avid admirers of this technology, due to the privacy it enables, the fact that it makes your transactions safer and more comfortable and because it makes your life easier.

Did you enjoy this article?

Subscribe our newsletter and get a quartly selection of our most relevant articles.

Email Marketing by E-goi