This document proposes a security enhancement to card payment systems by having the user enter their PIN on their mobile phone rather than in front of the merchant. This would minimize fraud like shoulder surfing. The idea is that when a merchant swipes the card, the bank server will notify the user on their phone to enter their PIN. After authenticating the user and checking their balance, the bank server will transfer funds to the merchant. This approach could minimize frauds and be useful for applications like hotels and malls, although it requires users to have a smartphone and internet access.