PIN on Glass | What is it? | Web Article

0 Shares

Download your Free eBook

PIN ON GLASS – WHAT IS IT?

‘PIN on Glass’ is a catchy phrase that the payments industry and solution vendors have been bandying about as the next big thing for payment card processing: point of sale solutions that will allow merchants to accept card payments using just their mobile device and with no need to purchase expensive hardware. This is not strictly true and care should be applied when using this term.

‘PIN on Glass’ is the ability to accept entry of the cardholder’s PIN value on a “glass-based capture mechanism” such as a touchscreen smartphone or tablet and as such could apply to two types of solution:

PCI PTS approved hardware-based point of interaction (POI) devices built on a mobile device platform and using the touch screen for PIN entry.
Solutions meeting the PCI SSC’s Software-based PIN entry on Commercial Off The Shelf devices (COTS) Standard (SPoC Solutions).

These solutions are very different: one relies on hardware-based PIN entry and protection, through PCI PTS approval of specific mobile device platforms; the other offers software-based PIN entry and protection, through a combination of individual components and processes validated as meeting the SPoC Standard, for use with any mobile device.

Examples of approved PCI PTS hardware PIN Entry Devices that use the touchscreen for entry of the cardholder PIN include:

Ingenico APOS A8
Poynt 5
Clover Mini
Saturn 1000
Dynamicode P92

(search for touchscreen PEDS on: https://www.pcisecuritystandards.org/assessors_and_solutions/pin_transaction_devices)

Often these PEDs are used as standalone devices, for example:

These PEDs may also be used in conjunction with a tablet device and cloud-based POS Solution. The tablet may be a dedicated device designed for, and only used with, the POS Solution or it could simply be the merchant’s own COTS mobile device running the vendor’s POS app:

Software-based PIN entry directly into a merchant’s own COTS mobile device is only possible when the mobile device is being used as part of a PCI Approved SPoC Solution: https://www.pcisecuritystandards.org/assessors_and_solutions/spoc_solutions

SPoC Solutions allow the cardholder to enter their PIN into the merchant’s own smartphone or tablet but also requires the merchant to have the SPoC Solution’s approved hardware-based Secure Card Reader – PIN (SCRP) to capture the account data:

Coming Soon – ‘Contactless on COTS’

PCI SSC confirmed in June 2018, they are developing a new standard for ‘Contactless on COTS’ (it doesn’t have a catchy name yet)
- https://blog.pcisecuritystandards.org/contactless-payments-pci-ssc-on-plans-to-develop-security-standard-for-payment-acceptance-on-merchant-cots-devices

Solutions to allow a merchant to accept contactless payments using only their own mobile device and its NFC capabilities
- This is still not PIN on Glass: contactless only

No need for the merchant to have any payment hardware (e.g. a dongle, secure card reader, etc.)

Both SPoC solutions and Contactless on COTS solutions address a need for secure solutions where the cost of hardware is not a barrier to entry for new merchants wanting to accept EMV card payments

If you are a merchant that requires technical or PCI DSS help, please click here

mcs-callback

Name*
First Last
Company Name*
Phone*
Email*
Country*
Please select your country of residence
Preferred Callback Time*

Stay up to date

Subscribe to our Blog

PIN on Glass – What is it?

PIN ON GLASS – WHAT IS IT?

Coming Soon – ‘Contactless on COTS’

PIN ON GLASS – WHAT IS IT?

Coming Soon – ‘Contactless on COTS’

mcs-callback

Merchant Help Request

Cookies Policy