Pin on Glass Payment: Revolutionizing the Payment Industry

Table of Contents

Touchscreen Payment Via Pin On Glass via Android

We were asked about using Pin on Glass. Would be nice to get rid of numeric keypad.

Comment from Datacap — Yes, PIN on Glass is supported in the US. It’s generally supported via purpose-built PCI PTS devices that have certified PoG with EMVCo and/or on COTS (consumer off the shelf) devices via a SoftPOS (contactless payments only) implementation. That being said, PIN on SoftPOS is still pretty rare in the US. Expect to see it more over the next year or two as SoftPOS adoption gains momentum.

For a payment kiosk in the U.S., PIN-on-Glass (PoG) technology is generally acceptable, provided it meets specific security standards and certifications. Here’s what you need to know:

Overview

Acceptability and Standards

PIN-on-Glass is an evolving technology in the payment industry that allows customers to enter their PIN on a touchscreen device rather than a physical keypad

. For a payment kiosk to use PoG in the U.S., it must adhere to strict security requirements:

PCI Certification: The device must be certified by the Payment Card Industry Security Standards Council (PCI SSC)
Hardware Requirements: The kiosk should use PCI PTS (PIN Transaction Security) approved hardware-based point of interaction (POI) devices built on a mobile device platform
Software Requirements: If using a software-based solution, it must comply with the PCI Software-based PIN Entry on Commercial Off-The-Shelf (SPoC) standard

Security Measures

PoG solutions incorporate multiple layers of security to protect sensitive data:

Encryption of PIN and payment information
Tamper detection mechanisms
Secure boot processes
Isolation of PIN from other cardholder data

Considerations for Implementation

When implementing PoG for a payment kiosk in the U.S., consider the following:

Compliance Deadlines: Be aware of any mandates from card brands. For example, Visa announced a sunset date for non-approved SPoC solutions
Accessibility: Ensure the kiosk can accommodate customers with disabilities to avoid potential legal issues
Consumer Trust: Some customers may be hesitant to use PoG technology, particularly in areas with strong “Protect your PIN” awareness programs
EMV Transactions: PoG solutions often focus on EMV (chip) transactions rather than magnetic stripe, which enhances security

In conclusion, PIN-on-Glass is acceptable for payment kiosks in the U.S., provided the solution meets PCI standards and incorporates robust security measures. As the technology continues to evolve, it’s crucial to stay updated on the latest requirements and consumer preferences to ensure successful implementation.

Legal Considerations

Accessibility Issues

Merchants using PIN-on-Glass solutions need to be aware of potential legal risks related to accessibility:

Many jurisdictions, including the US, Canada, and the EU, have laws aimed at providing accessibility for disabled individuals
A merchant offering payment only via PIN-on-Glass could be at risk under these laws, as there have been lawsuits filed in the US over the use of touch screens and apps
Merchants need to do their due diligence to ensure they can accommodate customers with disabilities, or they may find themselves facing legal action

Security and Compliance Requirements

There are also legal implications related to security standards and compliance:

Merchants must use PCI-approved Secure Card Reader for PIN (SCRP) devices
PIN-on-Glass solutions must comply with the PCI Software-based PIN Entry on COTS (SPoC) standard
Visa has mandated that merchants accepting PIN-based transactions via COTS devices must use or transition to a PCI-validated software-based PIN entry on COTS solution
Failure to comply with these standards could result in legal liability in case of data breaches or fraud.

Consumer Protection Laws

Merchants may face legal risks related to consumer protection:

If proper security measures are not in place, merchants could be held liable for fraudulent transactions or data breaches.
Consumers may have legal recourse if their PIN data is compromised due to inadequate security measures.

Contractual Obligations

Merchants should be aware of potential contractual implications:

Agreements with payment processors or acquiring banks may require compliance with specific security standards for PIN entry.
Failure to meet these contractual obligations could result in legal disputes or termination of services.

To mitigate these legal risks, merchants should ensure they are using PCI-compliant PIN-on-Glass solutions, provide accessible alternatives for customers with disabilities, and stay informed about relevant laws and regulations in their jurisdictions

Where is Pin Use Relevant

Debit Card Transactions

PIN is most commonly used with debit cards in the following scenarios:

ATM Withdrawals: When withdrawing cash from an ATM, entering a PIN is typically required
Point-of-Sale (POS) Purchases: Many merchants offer the option to use PIN for debit card purchases. When using a debit card at a store, customers can often choose between “debit” (which requires PIN entry) or “credit” (which may require a signature)
Cash Back at Retailers: When getting cash back during a purchase at a store, PIN entry is usually required

Credit Card Transactions

While less common, PINs can sometimes be used with credit cards:

Cash Advances: When using a credit card to withdraw cash from an ATM, a PIN is typically required
Chip and PIN Cards: Some credit cards, particularly those designed for international use, may use chip and PIN technology. However, this is less common in the U.S. compared to other countries

Online and Mobile Transactions

Two-Factor Authentication: Some banks use PINs as part of their two-factor authentication process for online or mobile banking transactions

Additional Considerations

Signature vs. PIN: In the U.S., signature-based transactions are still common, especially for credit cards. However, PIN-based
Merchant Discretion: Some merchants may prefer PIN transactions due to potentially lower processing fees, while others may opt for signature-based transactions
Contactless Payments: With the rise of contactless payments, some transactions may not require PIN entry for small amounts

It’s worth noting that the use of PINs in the U.S. is less prevalent compared to some other countries, particularly for credit card transactions. However, for debit card usage, especially at ATMs and for cash back at retailers, PINs remain a standard security measure.

EUROPE

Contactless Payments

Contactless payment has become increasingly prevalent across Europe, reducing the need for PIN entry for many transactions:

Most purchases under €50 (or the local equivalent) can be made without entering a PIN
Using mobile payment methods like Apple Pay or Google Pay often eliminates the need for PIN entry, even for larger purchases

Chip and PIN

Despite the rise of contactless payments, chip and PIN technology remains standard in many European countries:

For transactions exceeding the contactless limit, a PIN is typically required
Some countries, like France, have implemented “PIN Online” verification, where the PIN is verified directly with the bank’s server rather than the card chip

Variations by Country and Merchant

The use of PINs can vary depending on the specific country and merchant:

In Germany, some establishments may only accept cash or specific cards like Eurocard
Unattended payment points (e.g., ticket machines, parking garages, self-service gas pumps) often require chip and PIN cards

American Cards in Europe

For American travelers using US-issued cards:

Many US cards now work with contactless payments in Europe
Some US cards may still default to chip and signature rather than chip and PIN
At manned terminals, signature-based transactions are usually accepted, but automated kiosks may require a PIN