Technology has developed to the point where a merchant can now initiate a credit card transaction with a customer by using a mobile device, such as a smartphone or a tablet computer (e.g., an Apple iPad or the like). For example, current technology includes a small card reader that plugs into the audio jack of a smartphone or tablet of a merchant, and point-of-sale (POS) software that executes in the mobile device, to facilitate a credit card payment transaction. The merchant swipes the customer's credit card through the card reader, and the card reader communicates the card's data to the POS software in the mobile device. The POS software then confirms the authenticity of the card and communicates with a remote financial transaction processing system to obtain authorization for the transaction.
While this type of payment model offers much greater convenience and ease of use than the traditional POS systems, there are certain security related issues that need to be addressed. For example, data read from the card needs to be protected from discovery by unauthorized parties or entities, such as malware that may exist in the mobile device. Additionally, the customer may be required to input a personal identification number (PIN) into the mobile device as a security measure, before data from his or her credit card can be read by the card reader or decrypted by the POS software. PINs are required, for example, in debit card-based transactions and in some credit card-based transactions, such as those associated with the Europay, MasterCard and Visa (EMV) standard. In those scenarios, the PIN also needs to be protected from discovery by unauthorized parties or entities.