Wednesday, July 8, 2009

PIN Debit for Internet Transactions

Noise about this approach is floating around once again. Seems every 18-24 months or so, I guess that is how long it takes folks to forget why the last attempt failed, "news" about this concept surfaces. Speaking of "floating", one of the schemes uses a floating soft PIN Pad as its magic. I watched a YouTube video that showed a demo, supposedly real but clearly a demo since the merchant referenced is not live with the solution, of one of these transactions. My vision is still blurry from following the keypad doing its multiple scrambles after each entry.
What are these people thinking?
p.s. This technology was resurrected out of the ashes of a now bankrupt fingerprint-at-the-POS based payments company. That company blew threw around $100 million dollars of investor's money.


John B. Frank said...

As the editor of the PIN Payments blog ( I ran across this post via the search engines and wanted to comment.

The "noise" is not every 18-24 months. There is a "constant buzz" going on as PIN Debit is the most popular form of payment, preferred by both merchants and consumers alike. Truth be told, it is V/MC who are reluctant to make the push because they make more money off Interchange from less secure signature debit payments. Which is why they have attached rewards programs to signature debit, ironically is technically known as "offline" debit.

There are two approaches to bringing PIN (online) debit to "online" shoppers.

The first one entails entering "typing" your card number into the browser, which is not safe, and then clicking the aforementioned floating PIN Pad. Search my blog for what I have to say about floating PIN Pads.

The second one entails "replicating" the brick and mortar experience and create a "card present" two-factor authentication environment. This approach would also eliminate phishing, cloned websites, cloned cards, etc.

Problem was, in a "card not present" world wide web, how do you do that? The answer was to engineer a "low cost" secure end-to-end-encrypted Point of Sale Device WITH a built-in PIN Pad, designed specifically for eCommerce. The other problem was getting it PCI 2.0 certified for eCommerce usage.

Well, for $15, consumers can now swipe their card, and enter their PIN, in the safety of their own home, with PCI 2.0 Certified technology.

They can use it for online banking log-in, account to account money transfers (P2P, B2B etc.) and to conduct secure online PIN debit transactions.

A side benefit is that, by replicating the brick and mortar experience and creating a "card present" environment, Internet Merchants can save millions on Interchange Fees, which may be passed down to the consumers.

Or you could type your personal account number (PAN) into a web browser and take your chances that it won't be screen scraped, key-logged, intercepted by malware, etc.

My point is this is not an every 18-24 month event. PIN Debit on the web will be ubiquitous by 2012.

To learn more about internet based PIN Debit, visit the PIN Payments Blog at:

SKlebe said...

John, a key point here is that my perspective is without bias as I have no vested interest in one method winning over another. It is just a simple fact that convenience, rewards and utility rule. Consumers who perfer debit over credit can simply use their visa/mc "debit" card and they have virtually $0 liability. I will bet you $100 dollars that PIN Debit online will not be close to ubiquity by 2012. Of course you have to define ubiquity.