Deconstructing cards 💳

Whether you work in the fintech space or not, chances are you regard the 85x53 rectangle 💳 as a universal pictogram for "payments". I'm not here to discuss the details of how the plastic card came to be one of the key items of your financial life, but if you're looking at fintech from a product perspective, you probably should start thinking about cards as the floppy disk of payments. Ubiquitous, ingrained into pop culture, but a class of product that will eventually disappear.

To understand why and how, it's pretty important to break down what a card is down to its basic components:

The black stripe on the back is called magnetic stripe - it holds two tracks that magnetically encode the card's basic data. While there's limited fancy things you can do with the mag-stripe nowadays, it is still incredibly popular in many places where full terminals are too expensive to acquire or replace - and its simplicity was used by Square in the early 2010s to launch one of the greatest fintech product of all times - an inexpensive reader that slots into your phone and ushered in the hyperlocal Point of Sale revolution.

The 🤖 chip, on the other hand, is a full-fledged microprocessor that can interface with terminals, be powered up by them and actually execute cryptographic calculations using a set of keys that is burned onto the card during production. The chip actually makes debit cards one of the first (albeit unpowered) personal computing devices. While its computing power pales compared to a smartphone, it is a fully segregated, air-gapped device: in terms of security, it has largely stood the test of time.

The nfc coil 📶 is a spool of copper wire that allows the chip to be powered and execute commands wirelessly in close proximity (near field communication). If the product you're working on aims to bridge the gap between cards and phone, the coil (if enabled) also allows your card to signal its presence to your smartphone, and in some cases onboard its data onto a digital wallet.

Finally the 🗃️ printed data (name, PAN, expiration date, CVC) allows humans to read the card data and use it to make purchases online. From a product perspective, not having this data on the card can be a feature.

Ultimately, the thing that holds all of these pieces together is the card itself: the design, look and feel, and experience of it. Heck, search for "bank design" on Dribble and you'll find that every single product designer in the Western world thinks of 'card design' first when designing a financial experience.

Yet there is a very large part of the world that has never paid - and probably never will pay - for its groceries using a piece of plastic. Part of it is due to network effects, and the market penetration of the large card rails (Visa, Mastercard, Amex, Diners, etc.) into emerging markets. But part of it is due to cards being, quite frankly, a product of the 20th century.

Deconstructing your card

What could we do better if we start over today with some product thinking?

Out of the four card components (magstripe, chip, nfc and data), let's start by removing the magstripe. Magstripes are pretty inexpensive (at 2 to 8 dollarcents per card for vanilla stripes), but they also don't add a lot of value anymore. Cameras and NFC readers are cheap, and whatever data can be transferred using a magnetic head, can be recovered more effectively using them.

Taking away the chip is arguably more complex, since it's not simply a data storage, but a processing entity (which makes it more expensive, at around 50 to 80 dollarcents per card). Sure enough, most networks have gotten around by building wallets (like Apple Pay or Google Pay) on top of your existing card, using the internet to provision a set of equivalent keys onto a separate cryptographic element in your phone (where possible), and have your phone replicate the processing functionality of the card chip.

But what if we simply remove the processing requirements altogether, instead moving to true multi-factor authentication to verify the identity of the paying party? Instead of simply assuming it's really you making a purchase, because of the chip or phone ('something you have') and the PIN ('something you know'), we could take a page from the e-commerce world and take a zero-trust approach, instead letting you validate every single transaction as they come in? Modern processing protocols like 3D Secure 2 or open banking take exactly this approach.

Now that the processing is on your phone (or any device with an internet connection), the next logical step is to decouple the wireless functionality from an NFC (near field communication) to a generic approach where transactions are validated by yourself regardless of distance: much as there is no need to swipe your card anymore, moving to a zero-trust model assumes that being in possession of the card and waving it around the terminal is not sufficient to approve a transaction. So let's chuck the NFC coil away (10-20 dollarcents per card) and move to either on-device authentication, or biometric authentication - just as seamless, and way more secure.

Finally, the card details. If you really break these details down to their atomic level - they are simply a manifestation of a contract between you, the store, and the bank. The bank gives you a number that attests you have a relationship with them: an address for your money. Then you pass this number to the store (either online, by swiping the magstripe, the chip, or the NFC coil) to show your agreement for a given purchase. The store uses this number (along with some additional security data) to prove to the bank that you have, in fact, authorized them to collect your money.

This, at its core, is the product you're paying for - the thing makes your life easier. Fintechs - be it banks, wallets, or investments - tend to focus on the emotional side of money: metal cards, beatiful user experience, and dopamine-inducing game-like rewards. But all the customer really wants, is securely trading something for something.

Putting it back together

So where does that get us - what's this radical redesign that turns the world of cards upside down? For this we have to go back to the initial assumption: 💳 cards are the 💾 floppy disk of payments. They have legacy rails, and existing infrastructure, but at 1 to 2 dollars per card (plus significantly more for regulatory verification and card dispatching), getting the remaining 2 billion people into the system will not be solved by coming up with flashier card designs.

Much like CDs or thumb drives were for floppy disk, whatever we build on top of the existing card stack is an incremental upgrade - a brilliant upgrade, sure, and useful - but still heavily influenced by the legacy model.

In the case of the floppy, what people actually wanted was to store their data securely, and share it when needed or wanted. The disruptive solution was the cloud: enabled by personal computing and ubiquitous internet connectivity, today it's often more practical to share files and permissions on the cloud than it is to rummage in a drawer looking for an encrypted USB stick.

For cards, what people really want is being in control of their finances (that is, approve only the expenses they actually want); feel secure (that is, do not fear their money will be lost), and make trading goods and services as seamless as possible (that is, move money from storage to store as quickly and easily as possible).

Deconstructing the card, we found this ideal spending product already. It's a product that counts on 📸 inexpensive sensors and 📱 existing personal computing devices to onboard data from multiple sources and give the customer instant control. It is inherently secure, offering either ☝️ biometric or 🔓 online authentication for every transaction deemed risky. And it can be easily generated, easily refreshed, and easily shared - but never accidentally - to make trading as seamless as possible and easily prove this contract afterwards.

It doesn't need to be a piece of plastic. It doesn't even need to be a physical object. And in fact, it's quite remarkable that multiple products have converged into this: be it local wallets, cryptocurrencies, instant payments, or simply digital identity, this is what many of the biggest fintechs around see as your next card:

And I think I believe them.