Today the Payment Card Industry Security Standards Council (PCI SSA) introduced a new method of how a merchant can use his phone for “secure PIN entry” https://blog.pcisecuritystandards.org/new-pci-software-pin-entry-on-cots-standard
I can not believe that they trust a Phone with bad and slow updates which the owner probably never installed. Some phones also won’t get any update at all - old phones or cheap ones from China.
I would like to see an option to request a trash PIN. So I can use this PIN for this transaction within 5 minutes (like the CVV2) and never again. This can be used for this new method and also on ATMs or on places were we can not perfectly hide our PIN (ex. Apple Retail Store). This is also an option for daily usage or the PSD2. For example I pay with NFC and bunq/Aqcuirer is requesting a pin verification (random or over 25€ Limit). I can grab my phone and get one if the terminal is online. If not I can still use my offline PIN like today.
I would also like to see a lockdown PIN. If someone is rubbing my card and is gouging me to give him the PIN or put it in the ATM. I can use this PIN and the ATM is rejecting it with “not supported” or “insufficient funds”. So that they think they can not get anything from me :-)
I hope and guess that I am not alone.
Cheers
Tobias