Er - too much information?
Why are they sending the PIN to the merchant gateway? Neither the merchant gateway nor the card-issuer needs to know that information - just that a duly validated card has been used. Surely all the PIN needs to do is verify to the card that it can activate - even the POS terminal doesn't need to know what the PIN is.