How will PCI Legitimise Card PIN Authentication on Mobile Devices?
The Payment Card Industry Security Standards Council (PCI SSC)’s Chief Technology Officer Troy Leach recently divulged news of a new payment standard; one that enables the secure entry of PIN into merchant’s smart devices. The organisation aims to publish the final version by the end of the year.
This decision, driven largely to increase electronic payments acceptance by reducing barriers to entry will be welcomed by merchants looking for a low cost, alternative payment solution. The ‘PIN on Mobile’ (PoM) standard will enable a software-based approach to protect PIN entry for payments. In other words, PoM deliver a secure capability for PIN entered directly into a mobile device.
Entering a PIN into a mobile device can be as secure as traditional terminals. MYPINPAD (MPP) has developed a secure, multi-factor, ‘PIN on Mobile’ (PoM) solution that creates a trusted and hardened environment to protect sensitive consumer operations on devices such as tablets and smartphones. PoM allows a consumer’s card PIN to be entered directly into the merchant’s mobile device. The only hardware required is an inexpensive PCI approved secure card reader which is EMV compliant.
MPP’s technology tokenises the PIN at the point of entry, therefore the PIN is never seen by the device, instead, a unique PIN token is generated. The PIN token is sent separately from the payment transaction data over an encrypted channel to the secure PCI SCR. Keeping both the Primary Account Number (PAN) and the PIN safe.
PoM will enable the payments industry to continue to grow the number of acceptance points globally and we are extremely happy to see an official standard developed by PCI SSC. The technology will bring huge opportunities for merchants and acquirers alike and successfully help build an innovative, simpler and broader payments acceptance ecosystem.
Smartphones and tablets have a large role to play in payment authentication. Not just as a mode for transacting, but also, a universal component of strong, multi-factor authentication. The ability to enter a PIN into a mobile device will increase payment acceptance for merchants and become a routine and preferred way for merchants to accept card payments.