Pin Validation

While all card numbers in the Connect Core database will have an associated PIN, many endpoints are available either with or without PIN validation. This distinction was made primarily to facilitate website integrators enforcing PIN validation for extra security in their cardholder-not-present scenario, while allowing ePOS integrators to not require it for cardholder-present scenarios. Note that whether or not PIN validation occurs is based entirely on the endpoint, not the card type.

Important: If implementing a cardholder-not-present system, you must use PIN validation. Not doing so leaves you or your customer very open to fraudulent activity and ‘card number guessing’ attacks. Where a transaction type is offered in a PIN and a no-PIN version, the no-PIN version should normally only be used in POS systems where the cardholder is present.