Skip to content

Securing The Often Overlooked PIN on Glass Use Case: Self-Service Kiosks

Illustration of multiple self-service kiosks

The payment industry felt much excitement – and a degree of trepidation – in 2018 when PCI’s Software based PIN entry on COTS specification was released. Dedicated, expensive hardware would no longer be needed to accept a cardholder’s PIN and authorize a transaction. A consumer’s PIN could now be entered onto the touch screen of an off-the-shelf smart device. This became known as “PIN on Glass.”

While the Contactless payments on COTS specification (aka “Tap to Phone”) was yet to come, the target quickly became to merge PIN on Glass and Tap to Phone functionality to create a fully-featured SoftPOS.

Essentially, this would allow a smartphone to fully replace a dedicated POS terminal for all contactless payments. Contactless payment is now the preferred way for consumers to pay in-store – a trend that has accelerated quickly due to the global pandemic. Long term, this will revolutionize card present acceptance; and it’s the reason Apple recently acquired Mobeewave.

However, this focus ignores one of the biggest trends in retail: self-service kiosks. The self-service kiosk market is expected to grow by $2.29bn in the next four years. In the short term, this is where PIN on Glass can have the most impact.


Less is More in Self-Service Retail


The majority of self-service kiosks deployed today have two components:

  • The large touch screen where a consumer places their order
  • A separate card terminal for taking payment

The touch screen is bright, shiny and very appealing to consumers. This makes it quick and easy to place an order; while providing an interactive environment that allows the merchant to analyse how consumers interact with the platform and target directed upsell opportunities. Specialists in the space claim that they are able to increase the average transaction size by 20% to 30%.

One example of an upsell opportunity enabled by this technology is a fast food restaurant that rearranges menus to direct diners into purchasing combinations for larger profits. However, the separate card reader is an awkward addition to this scenario. It’s expensive, adding a hefty amount to the bill of parts. More importantly, it breaks the consumer’s eye contact with touch screen. Any UX expert will tell you that the split screen approach is detrimental to user engagement.

“One of the basic foundational design principles is KISS (Keep it Simple Stupid) and Less is More. A good user experience is one where anyone can easily find what they need to do.” says Verimatrix’s resident UX expert Renee Testa. “This is difficult to accomplish when a user has to shift focus between multiple devices to perform an action, such as placing an order and paying for it. Having a single device to interact with allows the customer to focus in one place and maintain context throughout their experience. Contextualization helps prevent users from getting lost in their interactions and enables them to complete the experience quickly and successfully. When consumers experience a positive interaction with any product, this results in a positive brand awareness – and increased revenue.”

With PIN on Glass, there is no need to separate a keypad and screen for accepting payments. Scaling the dedicated POS terminal down to a simple secure card reader and utilising the kiosk’s touch screen for PIN entry not only reduces costs but creates a much stronger experience for the consumer. The confusing redirection is eliminated and the consumer remains engaged on the touch screen.


Securing PIN on Glass to PCI’s Standards


The payment industry takes security seriously and consumer trust in payment networks is based on low fraud levels. To ensure security and maintain trust, every payment product or service must meet defined security standards and audits.

PFor acceptance, PCI is the industry body tasked with defining and enforcing these security standards. Before any PIN on Glass solution can be deployed, it must first be approved by PCI. This includes evaluation by an independent security lab.

Self-service kiosks are often built on devices running MS Windows – they are basically PCs in disguise. Just as Verimatrix’s shielding technology helps secure SoftPOS solutions running on Android, these solutions can be applied to PIN on Glass implementations running on Windows.

Verimatrix’s suite of shielding products empowers developers with tools that are proven against the PCI specifications, giving them confidence when it comes to security lab approvals and certification processes.

Do you have questions about applications and content security?

Book a call with one of our experts

Want to keep up with Verimatrix news?

Sign up to the newsletter

Want to take a deep dive?

Connect with us