PIN on Glass – What is it?

PIN on Glass – What is it?
0 Shares

Download your Free eBook

PIN ON GLASS – WHAT IS IT?

Get your ebook now!


 

‘PIN on Glass’ is a catchy phrase that the payments industry and solution vendors have been bandying about as the next big thing for payment card processing: point of sale solutions that will allow merchants to accept card payments using just their mobile device and with no need to purchase expensive hardware.  This is not strictly true and care should be applied when using this term.

 

‘PIN on Glass’ is the ability to accept entry of the cardholder’s PIN value on a “glass-based capture mechanism” such as a touchscreen smartphone or tablet and as such could apply to two types of solution:

 

  • PCI PTS approved hardware-based point of interaction (POI) devices built on a mobile device platform and using the touch screen for PIN entry.
  • Solutions meeting the PCI SSC’s Software-based PIN entry on Commercial Off The Shelf devices (COTS) Standard (SPoC Solutions).

These solutions are very different: one relies on hardware-based PIN entry and protection, through PCI PTS approval of specific mobile device platforms; the other offers software-based PIN entry and protection, through a combination of individual components and processes validated as meeting the SPoC Standard, for use with any mobile device.

 

Webpage URL

Find out more about our PCI DSS compliance services by clicking the button below

LEARN MORE

Examples of approved PCI PTS hardware PIN Entry Devices that use the touchscreen for entry of the cardholder PIN include:

 

 

Ingenico APOS A8 
Poynt 5 

 

Clover Mini 
Saturn 1000 
Dynamicode P92 

(search for touchscreen PEDS on: https://www.pcisecuritystandards.org/assessors_and_solutions/pin_transaction_devices)

 

 

Often these PEDs are used as standalone devices, for example:

 

 

 

These PEDs may also be used in conjunction with a tablet device and cloud-based POS Solution.  The tablet may be a dedicated device designed for, and only used with, the POS Solution or it could simply be the merchant’s own COTS mobile device running the vendor’s POS app:

 

PIN on Glass | What is it? | Web Article | Explained

 

 

Software-based PIN entry directly into a merchant’s own COTS mobile device is only possible when the mobile device is being used as part of a PCI Approved SPoC Solution: https://www.pcisecuritystandards.org/assessors_and_solutions/spoc_solutions

 

SPoC Solutions allow the cardholder to enter their PIN into the merchant’s own smartphone or tablet but also requires the merchant to have the SPoC Solution’s approved hardware-based Secure Card Reader – PIN (SCRP) to capture the account data:

 

PIN on Glass | What is it? | Web Article | Explained

 

Coming Soon – ‘Contactless on COTS’

  • Solutions to allow a merchant to accept contactless payments using only their own mobile device and its NFC capabilities
    • This is still not PIN on Glass: contactless only
  • No need for the merchant to have any payment hardware (e.g. a dongle, secure card reader, etc.)
  • Both SPoC solutions and Contactless on COTS solutions address a need for secure solutions where the cost of hardware is not a barrier to entry for new merchants wanting to accept EMV card payments

Like this Article?

Subscribe to receive more tips & news about Cyber Security, Compliance and a lot more!

  • Sysnet Global Solutions will use the information you provide on this form to be in touch with you regarding non-promotional as well as promotional material by email and phone. If you agree to same, then please select the ‘I consent’ box after reading the terms and conditions listed below in relation to consent. You can change your mind at any time by clicking the unsubscribe link in the footer of any email you receive from us, update your preferences for communications, content etc. by clicking on the update my preferences button in any email we send you or by contacting us at marketing@sysnetgs.com We will treat your information with respect. For more information about our privacy practices please visit our website. By clicking below, you agree that we may process your information in accordance with these terms. We use Pardot as our marketing automation platform. By clicking below to submit this form, you acknowledge or agree that the information you provide will be transferred to Pardot for processing in accordance with their Privacy Policy and Terms