Text Size:


MagicCube Prepares for a PIN-on-Glass PCI Specification Due Later This Year
September 12, 2017

By Kevin Woodward

In anticipation of an upcoming PCI Security Standards Council specification for enabling PIN-on-glass transactions with consumer mobile devices, MagicCube released MC-Screen Shield, a back-end technology to help secure the PIN.

Image Credit: MagicCube

Shawki: “What we solved first was creating the virtual container, which we call the cube.”

PIN-on-glass technology—in which the PIN is entered via a display instead of using a dedicated PIN pad—has been available for a while on conventional point-of-sale terminals. The upcoming standard concerns a way to use commercially available, off-the-shelf consumer devices, like smart phones and tablets, as PIN-entry devices in a point-of-sale application.

The new standard will isolate the PIN, which will be encrypted, rendering it useless if malevolent entities were to get a hold of it, says Troy Leach, chief technology officer at the PCI Security Standards Council. The account number also will be encrypted within the secure card reader. “It’s an alternative way to [use] software PIN entry,” Leach says.

If a PIN is entered, regardless whether the card is a credit, debit, or prepaid card, it has to be protected and isolated from the other payment information. The new standard incorporates three principles. One is that the account data is isolated by encrypting it in the secure card reader and isolating it there. Second is ensuring the software security and integrity of the app onn the consumer device. The last element is there must be active monitoring of the service, akin to oversight, Leach says.

Santa Clara, Calif.-based MagicCube says the MC-Screen Shield technology works in conjunction with its MC-Token Shield service, a platform to protect tokenized payments.

“What we solved first was creating the virtual container, which we call the cube,” Sam Shawki, MagicCube chief executive and cofounder, tells Digital Transactions News. “The next thing was to try to solve for being able to enter a PIN on regular devices. Once you’ve done that, you get closer to where you can download a POS system rather than buy one.” Leach says the PCI standard will require a secure card reader to capture the account data.

Extending PIN-on-glass to consumer devices could be a boon for the card networks, which continually push for more electronic transactions. “While the networks have a desire to double the POS system globally, they know this cannot be done with hardware only,” Shawki says. “It needs enabling software.”

For now, MagicCube’s technology is in tests in the United Kingdom and Australia, where PIN use is more common, until the official standard is released. Leach expects that will happen in December following a comment period in October, though the feedback may alter the timeframe.

As retailers place more emphasis on the customer experience, PIN-on-glass technology could be viewed as an aid to improving the shopping experience, says Mark Bereseford, director and head of the Retailer Payments Practice at Edgar, Dunn & Co., a San Francisco-based consultancy.

“It is highly likely that [PIN-on-glass will appeal to] large merchants who want to move away from the traditional fixed point of sale and turn shop assistants into mobile points of sale—helping shoppers to make a choice and pay—such as seen in a fashion store,” Beresford says in an email to Digital Transactions News.

“Customer-experience design pioneers include Nordstrom, Apple, Nespresso, Warby Parker, John Lewis Partnership, and other retailers who understand that a good customer experience design is how to engage with customers in a more meaningful way,” he says. “PIN-on-glass is only introducing new ways of making a purchase anywhere in the store, in the changing room, out on the shop floor, etc.”

Share |


Read Digital Transactions Online
read more