CDE Blog

PIN on Glass: What's the Big Deal?

Written by Amy Bussler | Mar 29, 2018 4:00:00 AM

Mobility is the future of payments. More and more, consumers expect the convenience of paying when, where and however they want. For the most part, manufacturers have been quick to respond to this need. But there’s still one glaring fault: mobile PIN entry

Mobile solutions for processing debit transactions or enabling two-factor authentication are limited. Sure, consumers can enter PINs on dedicated mobile terminals, but when it comes to POS tablet systems or smartphones, merchants are left high and dry. Right now, tablet systems process debit as credit. That’s a workaround, but it’s not a long term solution. And as far as two-factor authentication is concerned, there’s just not an option.

Enter PIN on glass. PIN on glass is a promising solution to bring true mobility and payment security for merchants of all sizes, but it comes with significant risks and limitations. Read on to decide if this technology is right for your merchants.

Benefits

PCI recently announced new standards to enable software-based PIN entry. The ultimate goal is to enable consumers to securely enter their PIN on any commercial off-the-shelf device. Since PIN on glass is a software-based solution, merchants will enjoy much greater flexibility and cost savings. Merchants can use the same device for transactions and PIN entry, eliminating the cost and hassle of a separate PINpad.

What’s more, PIN on glass brings the opportunity to implement two-factor authentication efficiently. Two-factor authentication is beneficial for fraud prevention but the American public is notoriously resistant to adding any friction at checkout. PIN on glass could be a relatively quick and painless way to slip in this security measure.

Risk Factors

PIN on glass is not a foolproof solution, however. If past experience is any predictor of future behavior, merchants are right to be concerned about security. Hackers have proven resilient in breaking through firewalls in the past - from compromising SSL and TLS protocols online, to infiltrating merchant servers through phishing and remote access attacks.

Despite the best assurances of PCI, what’s to say that PIN functions will truly remain secure and separate in tablet systems? It’s a dilemma for payment providers. PIN on glass solves many of the pain points of mobility, but security rests on merchants following all the rules and maintaining rigorous compliance.

Limitations

As we all know in real life, human error is hard to eliminate. And let’s face it, software-based PIN entry running alongside other payment functions on the same device is an awfully tempting prospect for thieves. Because of this, PIN on glass may only be appropriate for merchants in very controlled settings.

Right now, PCI’s PIN on glass solution requires merchants to use a special secure card reader for PIN. Surely this must be an interim measure, as the whole purpose on PIN on glass is to bring mobility to more merchants, not fewer. Ultimately, the industry needs a PIN software solution compatible with a variety of off-the-shelf tablets, without the need for an additional piece of hardware.

Further, merchants participating in PIN on glass will need to participate in a monitoring service to keep the device up to secure specifications. Considering the extremely sensitive nature of PIN transfer, this is not an area to cut corners, and yet we know too often that’s what merchants tend to do.

PIN on glass is a promising technology, but for now, it’s not a practical solution for most merchants. In time, we expect the industry to produce simple, secure, software-based PIN solution. Until then, it might be best for your merchants to hold on to their PINpads.