PIN on Glass refers to a technology that allows customers to enter their PIN securely on a touchscreen device, such as a smartphone or tablet, instead of using a traditional physical keypad.
The PCI Security Standards Council (PCI SSC) introduced new standards to support this approach. Known as the Software-based PIN Entry on COTS (SPoC) standard, it defines how secure PIN entry can be achieved on commercial off-the-shelf (COTS) devices.
Instead of relying on dedicated payment terminals, PIN on Glass enables merchants to accept secure PIN-based transactions using everyday devices. These solutions combine a secure PIN entry application with additional hardware, such as a Secure Card Reader for PIN (SCRP), to protect sensitive cardholder data.
The standard also supports both contact and contactless EMV transactions, ensuring that PIN on Glass solutions meet the same security expectations as traditional payment terminals.
Evolution of Credit Card Transaction Validation Methods
Over time, credit card transaction validation has evolved to improve both security and user experience. This progression has led directly to innovations like PIN on Glass.
- Paper-based signatures
Customers signed physical receipts to authorize transactions, with minimal real-time verification. - Signatures on proprietary hardware
Digital signature capture devices replaced paper, but still relied on manual verification. - PIN entry on dedicated hardware devices
Secure PIN entry devices (PEDs) became the standard, offering stronger authentication and encryption. - Software-based PIN entry on dedicated payment terminals
Payment terminals began integrating software-driven PIN entry while maintaining secure hardware environments. - PIN on Glass (software-based PIN entry on COTS devices)
The latest evolution enables secure PIN entry directly on commercial off-the-shelf devices like smartphones and tablets, reducing hardware dependency while maintaining strong security standards.
Why the Software PIN Standard Is Needed (PIN on Glass Benefits)
The shift toward PIN on Glass and software-based PIN entry standards is driven by the need for more scalable, secure, and cost-effective payment solutions. As payment environments evolve, this approach benefits consumers, merchants, and financial institutions alike.
Who Benefits from PIN on Glass?
Consumers / Cardholders
- Greater convenience
More merchants can accept card payments, reducing reliance on cash or checks. - Improved security
PIN authentication is significantly more secure than signature-based verification.
Merchants
- Lower acceptance costs
Businesses no longer need to invest in expensive, specialized payment terminals. - Greater flexibility
Payments can be accepted on everyday devices like smartphones and tablets.
Banks & Financial Institutions
- Increased transaction volume
More merchant adoption leads to higher payment activity and fee revenue. - Reduced fraud risk
PIN-based authentication lowers point-of-sale fraud compared to signatures.
Industry Shift Driving PIN on Glass Adoption
In markets like the United States, payment systems have historically relied more on checks and signatures compared to Europe. However, this is rapidly changing.
As more businesses move toward cashless operations, the demand for flexible and scalable payment solutions continues to grow. PIN on Glass supports this shift by enabling secure payments without the need for dedicated hardware, making large-scale adoption more practical and cost-efficient.
Core Security Challenge of PIN on Glass
While PIN on Glass expands payment accessibility, it also introduces new risks.
Consumer-grade devices are not originally designed for payment security, which increases the potential for:
- Malware attacks
- Unauthorized remote access
- Device manipulation
To address this, software-based PIN solutions must be hardened to ensure strong protection against evolving threats.
PCI SSC Security Requirements for PIN on Glass
The PCI Security Standards Council defines strict requirements for secure software-based PIN entry on COTS devices:
- Monitor
Devices must support continuous monitoring, including remote updates and security patching. - Remote disable
Systems must allow devices to be taken offline immediately if a threat is detected. - Isolate
PIN data must be fully separated from other payment and account data. - Secure
The PIN entry application must maintain strong integrity and resist tampering. - Protect
Merchants must use a PCI-approved Secure Card Reader for PIN (SCRP).
The PCI SSC is also developing testing and certification processes to validate compliant solutions, Contact RSI Security to ensure that PIN on Glass implementations meet strict security standards before being widely adopted.
Download Our PCI DSS Checklist
Leave a Reply