Generally mobile/web based payments don’t require PIN. I’ve never been prompted on a Square or Toast machine— only place I’ve ever been asked is on a traditional PINpad and Clover machines.
Neither Square or Toast support PIN entry, whereas a Clover (made by First Data, the largest processing platform) and Ingenico/Verifone equipment have the proper hardware to ensure physical security while they encrypt the PIN in transit back to the bank your platform uses to process the transaction.
PIN Debit transactions are less expensive to process since there is less risk, but it adds complexity (First Data has many different bank keyloads like Carlton 500, Wells 350, etc depending on the bank that is underwriting the chargeback risk for your account if your company folds).
Square does support PIN entry: you just enter the PIN into the touchscreen of the mobile device. Square developed a way of securing the PIN that doesn't require dedicated hardware. (It's now a PCI security standard: "Software-based PIN Entry on COTS".)
Yes, there may be some markets where Square doesn't support PINs. I took your comment to mean that Square doesn't support PINs at all, and that it's because of a physical security requirement. I couldn't resist responding to that, since neither of those has been true for a while.
I'm not going to enter my PIN into someones mobile unless I have a way of verifying the app they are using is really the app it says it is. I can't see how that could possibly work.
That's actually true! I totally forgot about my most recent Square/Clover experience...it's been months since I paid on those. Thank you for reminding me. I wonder how does it work in the back at the bank level, why are those OK vs like a Wholefoods or corner-store...
I think it’s configurable at the store. I’ve noticed a lot of transactions that ask for my pin usually say “please enter your pin or press here to skip,” save for 7-eleven (that’s like the only place where I actually have to enter it). PIN entry likely reduces liability, and I believe it’s significantly harder to chargeback for fraud.
PIN Debit transactions are less expensive to process since there is less risk, but it adds complexity (First Data has many different bank keyloads like Carlton 500, Wells 350, etc depending on the bank that is underwriting the chargeback risk for your account if your company folds).