PCI standards for PIN on glass with COTS


(Allie) #1

There are now PCI standards for PIN on glass with commercial off the shelf devices (i.e. Square in the UK and Aus). This could be a huge game-changer as it’s now an endorsed, fully accepted method of PIN entry. Will iZettle, etc embrace it? What does it mean for accessibility?

Update - I edited to make this clear I’m referring to PIN on glass with COTS devices. There have been a few PIN on glass implementations on custom hardware complaint with the old standards - e.g. Clover Mini.


Is PIN entry with Square's new readers secure?
#2

Standards or not, as a consumer I feel happier entering a PIN (or doing a PayPass or PayWave transaction) on a real terminal. I would rather pay in cash than enter my PIN on someone’s phone.


(Andre Borie) #3

Meh - how do you know the terminal is “real” and not compromised? Unless you’ve opened the terminal and audited the code running on the chips inside there’s no guarantee the terminal isn’t evil. I’ve already explained this in more detail on the original thread if you’d like to read more.

The proper long term solution to that is CDCVM where your device authenticates you (like with mobile payments) and the terminal doesn’t have to be trusted at all, but in the meantime if I’m using a card I couldn’t care less whether it’s glass or “real” terminal - both can be compromised.


#4

I agree. I just said I feel happier. I did not say it was any more risky :wink:


( surohpotsirhC) #5

Contactless is the business. Love it.


#6

Yes. I just wish more places that accept PayPass or PayWave would do so not just up to the national £30 floor limit but have contactless and PIN for transactions above £30 instead of having to put the card into a slot for traditional chip and PIN.


(Valeri) #7

I’d rather enter my pin on my phone… oh wait that is more or less what applepay and androidpay doing in some form of authentication… nevermind…


(Allie) #8

I agree. Frankly I think this is one of those ‘a day late’ things. CDCVM has almost totally replaced PIN in my usage…

The reason I call it a game changer but think it’s a day late is because it gets rid of even having to have a PIN pad. That’s what’s game changing. PIN is now an afterthought.


(Valeri) #9

I have literally forgotten the pins for all of the cards that I don’t use on a daily basis, and they are obviously the ones that also don’t have show pin in app option legacy ones, and I really cannot go through the hassle to ask for a letter by post to recover it… oh well…


#10

I’m not sure this is something I like.
I’m perfectly happy entering my pin on something like an iZettle device, but moving the pin entry on to the (usually) iPad screen is not something I’d be keen on.
Certainly if it were an android device instead of an iPad where you can do all sorts of things with root, anyway.

I’d definitely use apple pay if the other option were to do chip and pin with pin entry on an iPad.


(Frank) #11

I think it will be some time for this to change a game as you still need a chip reader and, we’ll, they are already plentiful and happen to have a keypad on them. :rofl:

As for entering my pin on a screen I see no issues with this providing I am covered for fraud by my bank should the pin be taken and used with either a clone of or my actual card.