Unpacking PIN on Mobile Technology
The world of payments is rapidly changing. Growing demand for merchants, particularly small businesses and micro-merchants, to use their smartphones as tools for Point of Sale payment payments has reshaped the model for payment acceptance, along with the security requirements that go along with it.
Until recently, most Point of Sale card payments have been facilitated on dedicated payment terminal hardware that is purpose-built for payments. But today, more and more merchants are looking to use their phones to take payments.
This includes conventional mPOS technologies, with external card readers and PIN entry devices, but also new SoftPOS applications where both card reading and PIN can be processed on the mobile phone.
Specialised security design needs to be implemented to allow support for “PIN on mobile”.
What is PIN on Mobile?
Not to be confused with PIN on Glass, which refers to PIN entry on a payment terminal device’s touchscreen, PIN on Mobile is the term used to describe PIN entry on a consumer-grade smartphone. PIN on mobile is a software-based PIN implementation and has different security protocols associated compared with PIN on glass.
What solutions require mobile PIN?
There are two main use cases for PIN on mobile.
The first is a mobile Point of Sale technology, in which a card reader is used to accept the card, and a mobile device is used as the acceptance point for the PIN.
The second model relates to emerging SoftPOS technologies in which a consumer-grade mobile device accepts both the card and the PIN on the same device. SoftPOS payments are the evolution of mPOS technologies, offering a truly mobile solution without external hardware or dongles.
Software-based PIN entry on Consumer off the Shelf Device
The gold standard PIN on mobile security has been defined by the Payment Card Industry’s (PCI) Software-based PIN Entry on COTS standard, or “SPoC” for short. Central to the requirement is requirement for the PIN to be isolated and protected immediately.
The SPoC standard helps assure the security of new mobile Point of Sale technologies, enables merchants to lower their costs and provide customers with greater security when entering their personal details.
The growing acceptance of PIN on mobile is a promising development for the payment industry, creating an opening for innovations in card payments on consumer-grade mobile devices.