[orliesaurus]

How do you enter a PIN code? i.e. Wholefoods accepts contactless payments and then guess what...you need a PIN code.

I guess an app somewhere (like on a phone or iPad) needs to be handed over to you to do that...? I really dislike PIN code backed payments, the whole touchless/contactless experience should be as fast as paying for the "tube" in London with an Oyster IMHO

[posguy]

PIN entry (for PIN Debit, Healthcare Savings Account, EBT, WIC) is not supported on the Stripe Reader M2 as there is no PCI-DSS compliant PIN Pad.

PIN Pads have the underwriting bank's encryption keys injected into them at a secure facility, and these pads have anti-tamper features (think thin ribbon cables that tear when opened, contact sensors to detect case opening, heat and vibration sensors, all battery backed where if the battery dies the PIN Pad is toast).

[jackson1442]

Generally mobile/web based payments don’t require PIN. I’ve never been prompted on a Square or Toast machine— only place I’ve ever been asked is on a traditional PINpad and Clover machines.

[posguy]

Neither Square or Toast support PIN entry, whereas a Clover (made by First Data, the largest processing platform) and Ingenico/Verifone equipment have the proper hardware to ensure physical security while they encrypt the PIN in transit back to the bank your platform uses to process the transaction.

PIN Debit transactions are less expensive to process since there is less risk, but it adds complexity (First Data has many different bank keyloads like Carlton 500, Wells 350, etc depending on the bank that is underwriting the chargeback risk for your account if your company folds).

[jqmp]

Square does support PIN entry: you just enter the PIN into the touchscreen of the mobile device. Square developed a way of securing the PIN that doesn't require dedicated hardware. (It's now a PCI security standard: "Software-based PIN Entry on COTS".)

[posguy]

Square does not support PIN entry for US Debit or EBT Cash/Food cards, this appears to only be a feature in countries where Chip & PIN are mandatory: https://squareup.com/ca/en/townsquare/debit-is-here

[jqmp]

Yes, there may be some markets where Square doesn't support PINs. I took your comment to mean that Square doesn't support PINs at all, and that it's because of a physical security requirement. I couldn't resist responding to that, since neither of those has been true for a while.

[rjmunro]

I'm not going to enter my PIN into someones mobile unless I have a way of verifying the app they are using is really the app it says it is. I can't see how that could possibly work.

[swiley]

Meh. With credit cards it's the banks problem if something goes wrong (and their fault for push a horrible authentication method.)

[orliesaurus]

username checks out with knowledge haha - thanks!

[orliesaurus]

That's actually true! I totally forgot about my most recent Square/Clover experience...it's been months since I paid on those. Thank you for reminding me. I wonder how does it work in the back at the bank level, why are those OK vs like a Wholefoods or corner-store...

[jackson1442]

I think it’s configurable at the store. I’ve noticed a lot of transactions that ask for my pin usually say “please enter your pin or press here to skip,” save for 7-eleven (that’s like the only place where I actually have to enter it). PIN entry likely reduces liability, and I believe it’s significantly harder to chargeback for fraud.

[chubs]

Pin is to be entered on the merchant's phone. The standard is called 'Pin On Glass' in the industry. Hope that helps :)

[ElFitz]

It may be inconvenient, but the main point is to help prevent someone from emptying our bank accounts by merely stealing our debit cards or walking around with a contactless payment terminal in the tube.