There are three different methods for operating with card PIN:

  • Using a pre-shared 3DES key with Enfuce
  • Using public key cryptography (PKI)
  • Using the web view solution, described in the pincontrol API

PCI compliance

Processing PIN codes is controlled with strict compliance regulations by the card schemes. There are multiple ways to access the PIN in Enfuce’s APIs depending on the client solution, and whether the client is a card schema member themselves and therefore responsible for compliance.

The least complex way to take this functionality into use is to use the pincontrol API, since with that the entire PIN transport mechanism is handled by Enfuce. Please see the pincontrol API documentation for this option.

In the API described in this document, there are two solutions, a PKI approach, and a pre-shared key approach.

The PKI approach, implemented correctly, will avoid exposing PIN codes to the client’s back-end systems, but the PIN will still be processed by the card-holder device. This means that the software running on the device may need to be assessed for security and compliance.

The pre-shared key approach will expose the PIN code to the client’s back-end and can only be used by customers responsible for PIN handling towards the card scheme.

For any questions, contact us: