Time to Clear the Confusion Over PIN on ‘glass’ and ‘mobile’

By David Poole, global head of mobile POS solutions for MYPINPAD 

More consumers than ever before are turning away from cash, using their debit and credit cards to pay for goods and services in-store. In fact, it has been forecast that, by 2026, the UK will be processing more than 60 million card transactions every day.

This poses a challenge for the five million small merchants in the UK that are still unable to accept card payments. These merchants risk losing sales as cashless consumers often abandon their shopping if they are unable to pay by card.

Thankfully, a new generation of point-of-sale (POS) technologies are becoming increasingly popular on the market to support merchants of all shapes and sizes to accept cashless payments cost-effectively and securely. This diversity, however, has led to confusion over new terms, and over the benefits of each solution for retailers’ businesses. Merchants need support in navigating this new world, in order to ensure they select the right technology for their needs.

 Distinguishing PoMs from PoGs

PIN on Mobile (PoM) and PIN on Glass (PoG) are two of the most commonly mislabelled technologies currently in the POS market. While the two terms are often mistakenly used interchangeably, each has differing benefits and features and serves merchants in a different manner, so choosing the right one is vital for a business to thrive.

The older of the two technologies is PoG, which describes traditional payment terminals that have evolved from larger models which operate using buttons, to a touch screen interface. Such touchscreen terminals are expensive for merchants and, crucially, don’t offer added functionality compared with traditional button-based interfaces.

Some PoG terminals – known as smartPOS – come in the form of locked-down, purpose-built Android devices. These are equally expensive to invest in and restricted to one device.

PIN on Mobile, on the other hand, enables merchants to avoid paying expensive set up costs by utilising a smartphone or tablet, directly as a payment acceptance terminal. This is a new, seamless and secure ‘plug and play’ platform for global card acceptance and consumer authentication. It is designed to shield merchants, consumers, payment service providers (PSPs) and acquirers from the complexity of underlying legacy infrastructure to deliver a secure, enhanced face-to-face payment acceptance and digital payment authentication experience

This is achieved using a secure and inexpensive Secure Card Reader and the ability for consumers to enter their card PIN directly into the merchant’s smart device.

Removing the need for a hardware-based PIN pad allows the production of smaller, low cost devices that will appeal to a larger market – our secure card reader only costs £20 to buy and own, in comparison to merchants renting traditional terminals for £20 per month. By reducing the solution cost, a significant barrier to entry for merchants is removed. This will enable even the smallest enterprises and under-served economies to process card payments. Not having to purchase or maintain a dedicated PIN entry device reduces costs and removes complexity.

 Benefiting from PoM

Due to its ability to harness inexpensive COTS devices, PoM offers merchants and retailers a cost-effective method of accepting card payments. With lower overheads for the device, PoM is especially more accessible for small or medium sized businesses that are usually priced out of accepting card payments. This benefit is making PoM one of the rising stars of the new generation of versatile payment solutions.

Importantly, PoM has been designed to achieve the same security standards as those offered by traditional POS terminals. With the arrival of the new PCI SSC SPoC standard for Software-based PIN Entry on COTS (SPoC), there is now a universal gold standard for secure transactions via the technology, which means that compliant PoM solutions ensure that users are in safe hands.

When a consumer enters their PIN into the smartphone or tablet, a PoM that is compliant with the new standard ensures that the PIN is isolated and protected immediately. Because of this assurance, merchants can reassure their customers that they are able to pay for the goods or services securely, without worrying about their payment details being compromised.

With such solutions, merchants can benefit from the same high level of security offered by traditional POS equipment, without the same expense. 

The opinion of the security experts

The differences between PoG and PoM have been highlighted by the PCI SSC. According to a spokesperson from the organisation: “A SPoC Standard covers a software-based approach for accepting PIN as the cardholder verification method on a merchant owned COTS device. The phrase “PIN on Glass” is often used generically regarding a variety of use cases, with the commonality simply being entering a PIN value on to a touch screen on a variety of device types.”

Under the PCI SSC’s definition, a SPoC solution includes many elements that work together to ensure that the PIN is isolated from other sensitive data when accepted by a COTS device. A Secure Card Reader – PIN (SCRP), a PIN cardholder verification method (CVM) application, the merchant’s COTS device, as well as back-end monitoring and attestation systems should all be present in a compliant SPoC system.

With advanced back-end monitoring and attestation systems, PCI-compliant SPoC can offer continuous monitoring of the entire solution and highlight when anomalous activity is spotted. Such monitoring can ensure that the device hasn’t deviated from the baseline as a result of tampering, rooting, or a physical attack.

All of this ensures optimum security throughout the SPoC device, making sure it keeps customers’ payment data as safe as a traditional POS terminal.  

Choosing the right solution for your needs

The demand from consumers for cashless payments is growing all the time. If they want to provide the best possible experience for customers, merchants need to ensure they are able to accept card and alternative payment solutions.

The new generation of POS technology can allow merchants to achieve this, whatever their shape or size. But, in order to benefit from these new solutions, they need to understand what is on offer so they can select the right equipment for their needs.

By talking to payment technology experts, merchants can ensure that they have the information they need to choose the most suitable technology for the needs of their business, enabling it to grow and thrive in an increasingly cashless world.

Most Read on Global Banking & Finance Review



More From Global Banking & Finance Review