Home > Information

Software Has the Last Word for PIN Entry

According to Eurosmart, more than 8 billion secure elements will be shipped this year; the figure will grow 9% in 2015 and could possibly reach 12 billion units in 2020. Secure elements mostly come in the shape of SIM cards for telecom applications, which represent more than half the total shipments, followed by secure chips for banking (actual smart cards, authentication dongles, and payment terminals) with less than a quarter of the global volume.

Interestingly, among all secure elements, NFC-enabled SIM cards are the fastest growing, set to nearly double from 350 million units shipped in 2014 to 600 million for 2015. This is probably what made Oyvind Rastad, the chairman of Eurosmart, say for the third year in a row, "Next year will be the year of NFC," and NFC-based Apple Pay and Google Wallet touch-and-pay solutions will certainly boost consumer awareness and drive the demand for more NFC-based applications. Until recently, PIN entry was certified secure only through hardware entry solutions, including a bulky physical keypad. So far, PCI compliance restrictions have prevented the design of sleek, touchscreen-only point-of-sale terminals, which would better reflect today's modern smartphone designs.

At Cartes, the Danish exhibitor Cryptera A/S (recently acquired by Diebold Inc. for its expertise in the manufacture of secure PIN entry pads) announced CryptoTouch, which it claims to be the first encrypting PIN touchscreen application to comply with Payment Card Industry (PCI) security requirements.

The CryptoTouch application encrypts all PIN entries that users make on touchscreen interfaces, from automated teller machines (ATMs) to point-of-sale (POS) devices and other unattended payment terminals.

Here is an opportunity for terminal manufacturers to move away from the traditional mechanical keypad to a more versatile and adaptive touchscreen interface. The solution relies on a purpose-built secure module, the ETS 6200, combining logical and physical security measures. The polymer-enclosed unit includes a PCI-approved encrypted touch sensor for standard screen sizes from 12" to 24", and it supports 3DES and remote key loading. The company also claims that the use of touchscreens also mitigates the risk of fraudsters replacing or tampering with mechanical encrypting PIN pads.

But what about camera skimming and shoulder surfing on such touchscreen PIN interfaces?