The ultimate across the board user authentication approach in use today is evidently the password-based authentication. When we carry out a credit card transaction through the EDC (Electronic Data Capture) machine in the public, the user’s PIN number becomes very much vulnerable to the direct observation by nearby adversaries in huddled places, promoted by vision enhancing and/or recording appliances. Devising a secure PIN entry method during the credit card transaction in such a situation is a strenuous task. Currently, there is no pragmatic solution being implemented for this problem. This paper starts with the investigation of the current status about the direct experiential attacks. Our analysis about these attacks terminates that no practical available solution at present for these direct observational attacks. This paper introduces a model which attempts to make the PIN number entry secure during credit card transactions in public places. Our model aims to use the user’s mobile phone for PIN number entry rather than the merchant’s user machine. The best tract about the proposed model is that the PIN number does not get revealed to any of the direct observational attacks, be it direct human observation or observation by a video camera.