PIN on Glass – What is it?

PIN on Glass – What is it?
0 Shares

Download your Free eBook

PIN ON GLASS – WHAT IS IT?

Get your ebook now!


 

‘PIN on Glass’ is a catchy phrase that the payments industry and solution vendors have been bandying about as the next big thing for payment card processing: point of sale solutions that will allow merchants to accept card payments using just their mobile device and with no need to purchase expensive hardware.  This is not strictly true and care should be applied when using this term.

 

‘PIN on Glass’ is the ability to accept entry of the cardholder’s PIN value on a “glass-based capture mechanism” such as a touchscreen smartphone or tablet and as such could apply to two types of solution:

 

  • PCI PTS approved hardware-based point of interaction (POI) devices built on a mobile device platform and using the touch screen for PIN entry.
  • Solutions meeting the PCI SSC’s Software-based PIN entry on Commercial Off The Shelf devices (COTS) Standard (SPoC Solutions).

These solutions are very different: one relies on hardware-based PIN entry and protection, through PCI PTS approval of specific mobile device platforms; the other offers software-based PIN entry and protection, through a combination of individual components and processes validated as meeting the SPoC Standard, for use with any mobile device.

 

Webpage URL

Find out more about our Cyber Security and Compliance Solutions

Request a Callback

Examples of approved PCI PTS hardware PIN Entry Devices that use the touchscreen for entry of the cardholder PIN include:

 

 

Ingenico APOS A8 
Poynt 5 

 

Clover Mini 
Saturn 1000 
Dynamicode P92 

(search for touchscreen PEDS on: https://www.pcisecuritystandards.org/assessors_and_solutions/pin_transaction_devices)

 

 

Often these PEDs are used as standalone devices, for example:

 

 

 

These PEDs may also be used in conjunction with a tablet device and cloud-based POS Solution.  The tablet may be a dedicated device designed for, and only used with, the POS Solution or it could simply be the merchant’s own COTS mobile device running the vendor’s POS app:

 

PIN on Glass | What is it? | Web Article | Explained

 

 

Software-based PIN entry directly into a merchant’s own COTS mobile device is only possible when the mobile device is being used as part of a PCI Approved SPoC Solution: https://www.pcisecuritystandards.org/assessors_and_solutions/spoc_solutions

 

SPoC Solutions allow the cardholder to enter their PIN into the merchant’s own smartphone or tablet but also requires the merchant to have the SPoC Solution’s approved hardware-based Secure Card Reader – PIN (SCRP) to capture the account data:

 

PIN on Glass | What is it? | Web Article | Explained

 

Coming Soon – ‘Contactless on COTS’

  • Solutions to allow a merchant to accept contactless payments using only their own mobile device and its NFC capabilities
    • This is still not PIN on Glass: contactless only
  • No need for the merchant to have any payment hardware (e.g. a dongle, secure card reader, etc.)
  • Both SPoC solutions and Contactless on COTS solutions address a need for secure solutions where the cost of hardware is not a barrier to entry for new merchants wanting to accept EMV card payments

Webpage URL

Find out more about our Cyber Security and Compliance Solutions

Request a Callback