The farmers market community has expressed much interest in about applications (apps), add-ons and hardware that support credit and debit transactions on smartphones, tablets, and other hand-held mobile devices. Typically, such devices are not designed to accept Personal Identification Numbers (PIN) as part of a transaction. Rather, they only support credit and signature debit transactions.
To achieve Payment Card Industry (PCI)-compliance, PINs may only be entered on tamper-proof, ANSI and ISO-compliant devices. These requirements are in place to protect the customer. If any of the companies supporting credit/debit on these devices attempted to incorporate PIN-entry into their products, they would lose their PCI certification and ability to accept signature transactions. The PCI Standards Council PIN Security Requirements Document stipulates that:
In contrast, PINs are a basic component of every Electronic Benefit Transfer (EBT) transaction. Without a PIN, the transaction cannot be approved by any EBT processor. It is the only means of identification the SNAP customer has to ensure that they are the authorized user of the card. The only exception is when a retailer uses the manual voucher process.
FNS has worked with Novo Dia to develop a secure software-based method for PIN-entry. This has been thoroughly tested by smart phone industry security experts and found to be highly secure, but even that process is not PCI-compliant. FNS is comfortable with its security level and has approved the application for farmers markets. We would require similar extensive testing and assurances for any new mobile application proposed for use as a point of sale device for SNAP.