HOME

TheInfoList



OR:

A PIN pad or PIN entry device (PED) is an electronic device used in a
debit Debits and credits in double-entry bookkeeping are entries made in account ledgers to record changes in value resulting from business transactions. A debit entry in an account represents a transfer of value ''to'' that account, and a credit en ...
,
credit Credit (from Latin verb ''credit'', meaning "one believes") is the trust which allows one party to provide money or resources to another party wherein the second party does not reimburse the first party immediately (thereby generating a debt) ...
or
smart card A smart card, chip card, or integrated circuit card (ICC or IC card) is a physical electronic authentication device, used to control access to a resource. It is typically a plastic credit card-sized card with an embedded integrated circuit (IC) c ...
-based transaction to accept and
encrypt In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can deci ...
the cardholder's
personal identification number A personal identification number (PIN), or sometimes redundantly a PIN number or PIN code, is a numeric (sometimes alpha-numeric) passcode used in the process of authenticating a user accessing a system. The PIN has been the key to facilitat ...
(PIN). PIN pads are normally used with
payment terminal A payment terminal, also known as a point of sale (POS) terminal, credit card terminal, EFTPOS terminal (or by the older term as PDQ terminal which stands for "Process Data Quickly"), is a device which interfaces with payment cards to make electro ...
s,
automated teller machine An automated teller machine (ATM) or cash machine (in British English) is an electronic telecommunications device that enables customers of financial institutions to perform financial transactions, such as cash withdrawals, deposits, fun ...
s or integrated
point of sale The point of sale (POS) or point of purchase (POP) is the time and place at which a retail transaction is completed. At the point of sale, the merchant calculates the amount owed by the customer, indicates that amount, may prepare an invoice f ...
devices in which an electronic
cash register A cash register, sometimes called a till or automated money handling system, is a mechanical or electronic device for registering and calculating transactions at a point of sale. It is usually attached to a drawer for storing cash and other v ...
is responsible for taking the sale amount and initiating/handling the transaction. The PIN pad is required to read the card and allow the PIN to be securely entered and encrypted before it is sent to the bank. In some cases, with
chip card A smart card, chip card, or integrated circuit card (ICC or IC card) is a physical electronic authentication device, used to control access to a resource. It is typically a plastic credit card-sized card with an embedded integrated circuit (IC) c ...
s, the PIN is only transferred from the PIN pad to card and it is verified by the chip card. In this case the PIN does not need to be sent to the bank or card scheme for verification. (This is known as "offline PIN verification".) Like some stand-alone point of sale devices, PIN pads are equipped with hardware and software security features to ensure that the encryption keys and the PIN are erased if someone tries to tamper with the device. The PIN is encrypted immediately on entry and an encrypted PIN block is created. This encrypted PIN block is erased as soon as it has been sent from the PIN pad to the attached point of sale device and/or the chip card. PINs are encrypted using a variety of encryption schemes, the most common in 2010 being
triple DES In cryptography, Triple DES (3DES or TDES), officially the Triple Data Encryption Algorithm (TDEA or Triple DEA), is a symmetric-key block cipher, which applies the DES cipher algorithm three times to each data block. The Data Encryption Standa ...
. PIN pads must be approved to the standards required by the
payment card industry The payment card industry (PCI) denotes the debit, credit, prepaid, e-purse, ATM, and POS cards and associated businesses. Overview The payment card industry consists of all the organizations which store, process and transmit cardholder data, ...
to ensure that they provide adequate security at the point of PIN entry and for the PIN encryption process.
ISO 9564 ISO 9564 is an international standard for personal identification number (PIN) management and security in financial services. The PIN is used to verify the identity of a customer (the user of a bank card) within an electronic funds transfer syste ...
is the
international standard international standard is a technical standard developed by one or more international standards organizations. International standards are available for consideration and use worldwide. The most prominent such organization is the International Or ...
for PIN management and security, and specifies some required and recommended characteristics of PIN entry devices. Although PIN pads nominally allow entry of numeric values, some PIN pads also have letters assigned to most of the digits, to allow use of alphabetic characters or a words as a
mnemonic A mnemonic ( ) device, or memory device, is any learning technique that aids information retention or retrieval (remembering) in the human memory for better understanding. Mnemonics make use of elaborative encoding, retrieval cues, and imag ...
for the numeric PIN. Not all PIN pads necessarily have the same letters for the same numbers. ISO 9564 does not mandate any particular assignment of letters, and includes two examples that differ in the digits to which Q and Z are assigned.ISO 9564-1:2011, Annex B.4 Alpha-to-numeric mapping


Certifications

*
Payment card industry The payment card industry (PCI) denotes the debit, credit, prepaid, e-purse, ATM, and POS cards and associated businesses. Overview The payment card industry consists of all the organizations which store, process and transmit cardholder data, ...
*
EMV EMV is a payment method based on a technical standard for smart payment cards and for payment terminals and automated teller machines which can accept them. EMV stands for " Europay, Mastercard, and Visa", the three companies that created th ...
* Abecs * TQM * PayPass *
PayWave Visa Inc. (; stylized as ''VISA'') is an American multinational financial services corporation headquartered in San Francisco, California. It facilitates electronic funds transfers throughout the world, most commonly through Visa-branded cred ...
*
ExpressPay American Express Company (Amex) is an American multinational corporation, multinational corporation specialized in payment card industry, payment card services headquartered at 200 Vesey Street in the Battery Park City neighborhood of Lower Man ...


See also

*
Payment terminal A payment terminal, also known as a point of sale (POS) terminal, credit card terminal, EFTPOS terminal (or by the older term as PDQ terminal which stands for "Process Data Quickly"), is a device which interfaces with payment cards to make electro ...


References

{{reflist Banking equipment Encryption devices