‘PIN on Glass’ is a catchy phrase that the payments industry and solution vendors have been bandying about as the next big thing for payment card processing: point of sale solutions that will allow merchants to accept card payments using just their mobile device and with no need to purchase expensive hardware. This is not strictly true and care should be applied when using this term.
‘PIN on Glass’ is the ability to accept entry of the cardholder’s PIN value on a “glass-based capture mechanism” such as a touchscreen smartphone or tablet and as such could apply to two types of solution:
- PCI PTS approved hardware-based point of interaction (POI) devices built on a mobile device platform and using the touch screen for PIN entry.
- Solutions meeting the PCI SSC’s Software-based PIN entry on Commercial Off The Shelf devices (COTS) Standard (SPoC Solutions).
These solutions are very different: one relies on hardware-based PIN entry and protection, through PCI PTS approval of specific mobile device platforms; the other offers software-based PIN entry and protection, through a combination of individual components and processes validated as meeting the SPoC Standard, for use with any mobile device.
Examples of approved PCI PTS hardware PIN Entry Devices that use the touchscreen for entry of the cardholder PIN include:
|Ingenico APOS A8|
(search for touchscreen PEDS on: https://www.pcisecuritystandards.org/assessors_and_solutions/pin_transaction_devices)
Often these PEDs are used as standalone devices, for example:
These PEDs may also be used in conjunction with a tablet device and cloud-based POS Solution. The tablet may be a dedicated device designed for, and only used with, the POS Solution or it could simply be the merchant’s own COTS mobile device running the vendor’s POS app:
Software-based PIN entry directly into a merchant’s own COTS mobile device is only possible when the mobile device is being used as part of a PCI Approved SPoC Solution: https://www.pcisecuritystandards.org/assessors_and_solutions/spoc_solutions
SPoC Solutions allow the cardholder to enter their PIN into the merchant’s own smartphone or tablet but also requires the merchant to have the SPoC Solution’s approved hardware-based Secure Card Reader – PIN (SCRP) to capture the account data:
If you are a merchant that requires technical or PCI DSS help, please click here