Small business and micro-merchants across the U.S. are looking for a solution that helps them securely accept payment without compromising on security and burning a hole in their pockets. An answer to their call seems to be brewing up in the industry with PIN on Mobile technology. In my first blog post in this series, I discussed the basics of what a PIN on Mobile solution is all about and how does it work. In the second post, I explored which vertical benefits the most from this technology and how. For my third blog post in the series, I am taking a technical route and am looking to talk about the different components of a PIN on Mobile solutions. This is again a common question that I get when I talk about this subject.
What are the components in a PIN on Mobile solution?
A PIN on Mobile solution is comprised of a smart card reader that includes a software library for PIN entry, a software app on the merchant’s mobile device and a back-end solution that monitors the integrity of the merchant device’s execution environment before PIN entry.
- Smart card reader: The PIN on Mobile solutions needs a smart card reader that accepts EMV and NFC/contactless This reader also needs to include a software library for PIN entry which helps in integrating the device with the merchant’s smartphone or tablet that used for entering a PIN. Based on the standards PCI released earlier this year for PIN on Mobile, the payment card reader cannot have magstripe acceptance which most devices today in the market have.
- PIN on mobile app: A PIN on Mobile solution also needs a software application that allows secure entry of a PIN on the merchant's mobile device without compromising on the customer’s buying experience. This application ensures the secure PIN data does not come into contact with other non-sensitive data on the mobile device.
- Back-end system: The final piece to this PIN on Mobile puzzle is a back-end system that monitors the integrity of the merchant device’s execution environment before PIN entry. This ensures that a customer can securely enter a PIN on the merchant’s mobile device without it being compromised.
Why can’t PIN on Mobile readers use magstripe?
One of the most important aspects of this solution is that the card reader does not accept magstripe transactions. The reason why magstripe is not used here is because of certain security vulnerability that increases when magstripe card verification is used. To address this, PCI excluded magstripe readers from their standard released earlier this year. EMV contact and EMV contactless card verification methods were approved because they offer much stronger security for both the merchants and customers.
Hope you found this blog post helpful. Feel free to ask your PIN on Mobile related questions in the comments section below or you can also submit your questions on our Ask an Expert section.
Irfan Nasir is the VP of Product and Solutions at Ingenico Group, North America