In January 2018, the Payment Card Industry Security Standards Council (PCI-SSC) released its standard for software-based PIN entry on commercial off-the-shelf devices – known as PIN on Glass.
This new payments technology allows merchants to accept PIN transactions on a mobile device like a smartphone or a tablet, without having to set up a standalone, dedicated PIN pad or other PIN entry device.
With PIN on Glass, a merchant can simply download a software application on their mobile device, instead of purchasing and installing a separate device whose sole purpose is to accept payments – explains Jacqueline Cremos, Manager, Industry Affairs, ETA.
Many in the payments industry expect that this new technology will enable more small and micro-merchants to accept PIN transactions. Authenticating a transaction with a PIN, as opposed to a signature, is widely considered to provide more robust protection against fraud.
And so, PIN on Glass will allow smaller merchants – sometimes called “long-tail” merchants because they tend not to adopt new payments technologies as quickly – to reap more of the security protections of the payments ecosystem. Indeed, PIN on Glass may even drive more merchants to accept cards and digital payments, by offering advanced security at a lower cost than before.
However, not everyone views this standard in the same positive light. Software-based PIN entry introduces new vulnerabilities that must be addressed. Commercial off-the-shelf (COTS) devices are not designed to accept payments; furthermore, they are designed to “talk” to other devices – and so are more open to interception.
The software itself must be secured and thoroughly tested. The PCI standard aims to address some of these issues by emphasising a few core principles, including isolation of the PIN from the Primary Account Number (PAN) and other cardholder data, ensuring the security and integrity of the PIN entry software application, active monitoring of the software, and requiring a Secure Card Reader for PIN (SCRP) to encrypt and maintain the confidentiality of the account data.
Additionally, PIN on Glass transactions are restricted to EMV contact and contactless transactions.
The post PIN on Glass: What you need to know about this payments technology appeared first on Payments Cards & Mobile.