PIN on Glass | What is it? | Web Article

0 Shares

Download your Free eBook

PIN ON GLASS – WHAT IS IT?

‘PIN on Glass’ is a catchy phrase that the payments industry and solution vendors have been bandying about as the next big thing for payment card processing: point of sale solutions that will allow merchants to accept card payments using just their mobile device and with no need to purchase expensive hardware. This is not strictly true and care should be applied when using this term.

‘PIN on Glass’ is the ability to accept entry of the cardholder’s PIN value on a “glass-based capture mechanism” such as a touchscreen smartphone or tablet and as such could apply to two types of solution:

PCI PTS approved hardware-based point of interaction (POI) devices built on a mobile device platform and using the touch screen for PIN entry.
Solutions meeting the PCI SSC’s Software-based PIN entry on Commercial Off The Shelf devices (COTS) Standard (SPoC Solutions).

These solutions are very different: one relies on hardware-based PIN entry and protection, through PCI PTS approval of specific mobile device platforms; the other offers software-based PIN entry and protection, through a combination of individual components and processes validated as meeting the SPoC Standard, for use with any mobile device.

Examples of approved PCI PTS hardware PIN Entry Devices that use the touchscreen for entry of the cardholder PIN include:

Ingenico APOS A8
Poynt 5
Clover Mini
Saturn 1000
Dynamicode P92

(search for touchscreen PEDS on: https://www.pcisecuritystandards.org/assessors_and_solutions/pin_transaction_devices)

Often these PEDs are used as standalone devices, for example:

These PEDs may also be used in conjunction with a tablet device and cloud-based POS Solution. The tablet may be a dedicated device designed for, and only used with, the POS Solution or it could simply be the merchant’s own COTS mobile device running the vendor’s POS app:

Software-based PIN entry directly into a merchant’s own COTS mobile device is only possible when the mobile device is being used as part of a PCI Approved SPoC Solution: https://www.pcisecuritystandards.org/assessors_and_solutions/spoc_solutions

SPoC Solutions allow the cardholder to enter their PIN into the merchant’s own smartphone or tablet but also requires the merchant to have the SPoC Solution’s approved hardware-based Secure Card Reader – PIN (SCRP) to capture the account data:

Coming Soon – ‘Contactless on COTS’

PCI SSC confirmed in June 2018, they are developing a new standard for ‘Contactless on COTS’ (it doesn’t have a catchy name yet)
- https://blog.pcisecuritystandards.org/contactless-payments-pci-ssc-on-plans-to-develop-security-standard-for-payment-acceptance-on-merchant-cots-devices

Solutions to allow a merchant to accept contactless payments using only their own mobile device and its NFC capabilities
- This is still not PIN on Glass: contactless only

No need for the merchant to have any payment hardware (e.g. a dongle, secure card reader, etc.)

Both SPoC solutions and Contactless on COTS solutions address a need for secure solutions where the cost of hardware is not a barrier to entry for new merchants wanting to accept EMV card payments

Like this Article?

Subscribe to receive more tips & news about Cyber Security, Compliance and a lot more!

Email*
Sysnet Global Solutions will use the information you provide on this form to be in touch with you regarding non-promotional as well as promotional material by email and phone. If you agree to same, then please select the ‘I consent’ box after reading the terms and conditions listed below in relation to consent. You can change your mind at any time by clicking the unsubscribe link in the footer of any email you receive from us, update your preferences for communications, content etc. by clicking on the update my preferences button in any email we send you or by contacting us at marketing@sysnetgs.com We will treat your information with respect. For more information about our privacy practices please visit our website. By clicking below, you agree that we may process your information in accordance with these terms. We use Pardot as our marketing automation platform. By clicking below to submit this form, you acknowledge or agree that the information you provide will be transferred to Pardot for processing in accordance with their Privacy Policy and Terms
Permissions*
- I consent

If you are a merchant that requires technical or PCI DSS help, please click here

mcs-callback

Name*
First Last
Company Name*
Phone*
Email*
Country*
Please select your country of residence
Preferred Callback Time*

Subscribe to our Blog

To keep up to date with the latest topics in Cyber Security and Compliance.

PIN on Glass – What is it?

PIN ON GLASS – WHAT IS IT?

Coming Soon – ‘Contactless on COTS’

Like this Article?

No time to read?

PIN ON GLASS – WHAT IS IT?

Coming Soon – ‘Contactless on COTS’

Like this Article?

mcs-callback

Merchant Help Request

No time to read?

Cookies Policy