PINpad
Encyclopedia
A PIN pad is an electronic device used in a debit
or smart card
-based transaction to input and encrypt the cardholder's PIN
. PIN pads are normally used with integrated point of sale devices in which an electronic cash register
is responsible for taking the sale amount and initiating/handling the transaction. The PIN pad is required so that the customer card can be accessed (in the case of chip cards) and the PIN can be securely entered and encrypted before it is sent upstream to the transaction manager of the switch or the bank. In some cases, with chip cards, the PIN is only transferred from the PIN pad to the chip (within the PIN pad itself) and it is verified by the chip card. In this case the PIN does not need to be sent to the bank or card scheme for verification. (This is known as 'offline PIN verification'.)
Like some stand-alone point of sale devices, PIN pads are equipped with hardware and software security features to ensure that the injected security keys and the PIN are erased if someone tries to tamper with the device. The PIN is encrypted immediately on entry and an encrypted PIN block is created. This encrypted PIN block is erased as soon as it has been sent from the PIN pad to the attached point of sale device and/or the chip card. PINs are encrypted using a variety of encryption schemes, the most common being triple DES
.
PIN pads must be approved to the standards required by the payment card industry
to ensure that they provide adequate security at the point of PIN entry and for the PIN encryption process. ISO 9564
is the international standard
for PIN management and security.
Some well known PIN pad vendors include Hypercom
(now including Thales e-Transactions division), Ingenico
(now including Sagem), and VeriFone
.
Debit card
A debit card is a plastic card that provides the cardholder electronic access to his or her bank account/s at a financial institution...
or smart card
Smart card
A smart card, chip card, or integrated circuit card , is any pocket-sized card with embedded integrated circuits. A smart card or microprocessor cards contain volatile memory and microprocessor components. The card is made of plastic, generally polyvinyl chloride, but sometimes acrylonitrile...
-based transaction to input and encrypt the cardholder's PIN
Personal identification number
A personal identification number is a secret numeric password shared between a user and a system that can be used to authenticate the user to the system. Typically, the user is required to provide a non-confidential user identifier or token and a confidential PIN to gain access to the system...
. PIN pads are normally used with integrated point of sale devices in which an electronic cash register
Cash register
A cash register or till is a mechanical or electronic device for calculating and recording sales transactions, and an attached cash drawer for storing cash...
is responsible for taking the sale amount and initiating/handling the transaction. The PIN pad is required so that the customer card can be accessed (in the case of chip cards) and the PIN can be securely entered and encrypted before it is sent upstream to the transaction manager of the switch or the bank. In some cases, with chip cards, the PIN is only transferred from the PIN pad to the chip (within the PIN pad itself) and it is verified by the chip card. In this case the PIN does not need to be sent to the bank or card scheme for verification. (This is known as 'offline PIN verification'.)
Like some stand-alone point of sale devices, PIN pads are equipped with hardware and software security features to ensure that the injected security keys and the PIN are erased if someone tries to tamper with the device. The PIN is encrypted immediately on entry and an encrypted PIN block is created. This encrypted PIN block is erased as soon as it has been sent from the PIN pad to the attached point of sale device and/or the chip card. PINs are encrypted using a variety of encryption schemes, the most common being triple DES
Triple DES
In cryptography, Triple DES is the common name for the Triple Data Encryption Algorithm block cipher, which applies the Data Encryption Standard cipher algorithm three times to each data block....
.
PIN pads must be approved to the standards required by the payment card industry
Payment card industry
The payment card industry denotes the debit, credit, prepaid, e-purse, ATM, and POS cards and associated businesses.The term is sometimes more specifically used to refer to the Payment Card Industry Security Standards Council, a council originally formed by American Express, Discover Financial...
to ensure that they provide adequate security at the point of PIN entry and for the PIN encryption process. ISO 9564
ISO 9564
ISO 9564 is an international standard for personal identification number management and security in retail banking.The PIN is used to verify the identity of a customer within an electronic funds transfer system, and to authorise the transfer of funds, so it is important to protect it against...
is the international standard
International standard
International standards are standards developed by international standards organizations. International standards are available for consideration and use, worldwide...
for PIN management and security.
Some well known PIN pad vendors include Hypercom
Hypercom
Hypercom was a founding member of the Secure POS Vendor Alliance, a non-profit organization created by Hypercom, Ingenico and VeriFone, to increase awareness of and improve payment industry security. Hypercom was founded in Australia in 1978....
(now including Thales e-Transactions division), Ingenico
Ingenico
Ingenico S.A. is a worldwide company, whose business is to provide the technology involved in secure electronic transactions. Its traditional business is based around the manufacture of point of sale payment terminals, but it now also includes complete payment solutions and related services.It...
(now including Sagem), and VeriFone
VeriFone
VeriFone is a company that makes point-of-sale equipment. It was founded and incorporated in Hawaii in 1981, and named itself after its first product, the name standing for Verification telephone....
.