CPI Card Group Partners With Karta to Embed Security in Prepaid Cards

At no stage before activation is the payment data exposed.
The SafeToBuy technology locks card details in an EMV chip, making printed numbers obsolete and theft impossible until purchase.

In an era when gift card fraud has quietly drained billions from consumers and retailers alike, a Colorado payments company and an Australian fintech have joined forces to relocate the most vulnerable data in the transaction — the card number itself — from printed packaging into the silence of an embedded chip. CPI Card Group and Karta's partnership represents not merely a product upgrade, but a philosophical rethinking of where trust lives in a payment instrument. By making the card's secrets inaccessible until the moment of legitimate activation, they are attempting to close a gap that criminals have exploited for decades.

  • Gift card fraud — where thieves photograph or skim card numbers from store shelves and drain balances before buyers ever leave — has persisted as one of retail's most stubborn and underreported losses.
  • SafeToBuy's core disruption is architectural: payment data is stripped from physical packaging entirely and locked inside an EMV chip, rendering a stolen card number effectively nonexistent until activation.
  • Shoppers can tap an unactivated card against their phone to validate and complete a purchase, with card details remaining hidden until the transaction is confirmed — a frictionless experience designed to replace anxiety with confidence.
  • CPI has taken a minority equity stake in Karta and will serve as its exclusive U.S. manufacturing partner, with a national retailer already piloting the program ahead of a broader 2026 platform launch.
  • The partnership's ambitions reach well beyond gift cards — both companies are already mapping how this security model could be extended to debit and credit programs, potentially redefining how all U.S. payment cards are issued.

CPI Card Group, based in Colorado, has formed a partnership with Karta, an Australian fintech founded in 2021 and backed by the Commonwealth Bank of Australia, to bring a new fraud-prevention technology called SafeToBuy to American prepaid gift cards. CPI has also taken a minority equity stake in Karta, signaling a deeper strategic alignment between the two companies.

The problem SafeToBuy addresses is familiar to anyone who has worked in retail loss prevention: criminals photograph or skim card numbers printed on gift card packaging, then drain the balances online before the legitimate buyer ever uses the card. SafeToBuy eliminates this vulnerability by removing printed card data from packaging altogether, embedding it instead within an EMV chip. A thief in a store aisle finds nothing to steal.

The customer experience is designed to feel effortless. A shopper picks up a gift card, taps it to their phone, and validates the purchase through an app. Only after activation does the card's payment data become accessible — usable in a mobile wallet, for online shopping, or as a traditional physical card. CPI will manufacture and personalize these contactless cards as Karta's exclusive U.S. supplier.

CPI's CEO John Lowe described the collaboration as a direct response to client demand for security that works seamlessly across physical and digital environments. Karta's co-CEO Clare Kinsey framed it as an amplification of what her company has built — pairing Karta's fraud-prevention architecture with CPI's manufacturing scale to establish a new standard across the card ecosystem.

A leading national retailer is already piloting the program. Both companies are working toward a U.S. launch of Karta's prepaid program management platform in early 2026, with longer-term plans to extend the model into debit and credit cards — a trajectory that could eventually reshape how payment cards across all categories are secured in the United States.

CPI Card Group, a Colorado-based payments technology company, has struck a partnership with Karta, an Australian fintech firm, to embed a new kind of security directly into prepaid gift cards sold in American stores. The deal includes a minority equity stake by CPI in Karta and represents a significant shift in how retailers might protect customers from one of the oldest fraud schemes in the business: the systematic draining of prepaid cards before they're ever activated.

The technology at the heart of this arrangement is called SafeToBuy, and it works by doing something deceptively simple—it removes the card number and security details from the physical packaging altogether. Instead of printing those digits on the back of a gift card box where anyone can photograph them, the data lives inside an EMV chip embedded in the card itself. This means a would-be thief standing in a store aisle cannot capture the information needed to drain the card online. The card is useless until the person who bought it activates it.

For retailers and the financial institutions that back prepaid programs, this addresses a persistent problem. Gift card fraud has long been a vector for loss, with criminals using stolen or photographed card numbers to make purchases before legitimate buyers even leave the store. CPI's CEO John Lowe framed the partnership as a response to what clients are asking for: secure experiences that work both in physical stores and on phones and computers. By combining CPI's manufacturing scale and expertise in chip-enabled cards with Karta's fraud-prevention architecture, the two companies are positioning themselves to offer something that hasn't existed at scale in the U.S. market.

The customer experience is designed to be frictionless. A shopper selects a gift card in a store, taps it against their phone, and validates the purchase through an app. Once the transaction is confirmed, they can add the card to a mobile wallet, reveal the details for online shopping, or simply keep it as a physical card. At no stage before activation is the payment data exposed. CPI will serve as Karta's exclusive U.S. supplier, manufacturing and personalizing the contactless cards that will carry the SafeToBuy applet.

Karta's co-founder and co-CEO Clare Kinsey emphasized that the collaboration amplifies what her company has built. Karta, founded in 2021 and backed by the Commonwealth Bank of Australia, has developed fraud-prevention technology designed for prepaid, transit, credit, and debit cards. Pairing that innovation with CPI's reach and production capacity creates what both companies describe as a new standard for card security across the ecosystem—one that benefits retailers, processors, distribution partners, and the financial institutions underwriting these programs.

The partnership is not limited to gift cards. Both companies are already working to adapt Karta's prepaid program management platform for the U.S. market, with a launch targeted for early 2026. A leading national retailer is currently piloting the program. The long-term vision extends beyond prepaid cards into debit and credit, suggesting that this security model could eventually reshape how all payment cards are issued and protected in the United States. For now, the focus is on proving the concept works at scale and demonstrating that embedding security in the card itself, rather than relying on printed numbers, can meaningfully reduce fraud while maintaining the simplicity customers expect.

Our clients want to deliver secure and engaging customer experiences, both physically and digitally. This collaboration allows us to help mitigate card fraud by connecting a secure digital experience in-store, online, and on mobile with our prepaid solutions.
— John Lowe, President and CEO of CPI Card Group
By combining Karta's innovation with CPI's scale and reach, we are creating a new standard of security and trust that enables retailers, processors, and distribution partners to deliver safer, more reliable card programs.
— Clare Kinsey, co-founder and co-CEO of Karta
La Conversación del Hearth Otra perspectiva de la historia
Inventor

Why does a gift card need to be tapped to a phone before it's activated? Isn't that adding friction to something that should be simple?

Model

It sounds like friction, but it's actually the opposite. Right now, you buy a gift card, and the number is printed on the back. A thief can photograph it in the store. With this system, there's nothing to photograph—the data is locked in the chip. The tap is how the buyer proves they own it and unlocks it. One step, and the card is safe.

Inventor

So the card is essentially blank until someone activates it?

Model

Exactly. The EMV chip has the data, but it's encrypted and inaccessible until the legitimate buyer taps it and completes the purchase. It's a clever inversion—instead of protecting a number that's already exposed, you never expose the number in the first place.

Inventor

This is a U.S. launch, but Karta is Australian. Why did they need CPI to make this work here?

Model

Scale and trust. CPI manufactures millions of payment cards every year in the U.S. They have the factories, the relationships with retailers, the expertise in chip technology. Karta had the idea and the patent. Together, they can actually get this into stores at a meaningful scale.

Inventor

What happens to the retailers who are already losing money to gift card fraud?

Model

That's the bet. If this works, they reduce losses immediately. And they can market it—"your gift card is secure from the moment you buy it." That's a selling point, especially for high-value cards where fraud is most costly.

Inventor

When does this actually hit stores?

Model

The prepaid program management platform launches early 2026. They're already piloting with a major retailer, so the groundwork is being laid now. But it will take time to scale across the industry.

Quieres la nota completa? Lee el original en Business Wire ↗
Contáctanos FAQ