diff --git a/scd/apdu.c b/scd/apdu.c
index 7f3c320d2..98158648b 100644
--- a/scd/apdu.c
+++ b/scd/apdu.c
@@ -775,8 +775,8 @@ pcsc_send_apdu (int slot, unsigned char *apdu, size_t apdulen,
   if (DBG_CARD_IO)
     {
       /* Do not dump the PIN in a VERIFY command.  */
-      if (apdulen > 5 && apdu[1] == 0x20)
-        log_debug ("PCSC_data: %02X %02X %02X %02X %02X [redacted]\n",
+      if (apdulen > 5 && apdu[1] == 0x20 && !opt.debug_allow_pin_logging)
+        log_debug ("PCSC_data: %02X %02X %02X %02X %02X [hidden]\n",
                    apdu[0], apdu[1], apdu[2], apdu[3], apdu[4]);
       else
         log_printhex (apdu, apdulen, "PCSC_data:");
@@ -1564,8 +1564,8 @@ send_apdu_ccid (int slot, unsigned char *apdu, size_t apdulen,
   if (DBG_CARD_IO)
     {
       /* Do not dump the PIN in a VERIFY command.  */
-      if (apdulen > 5 && apdu[1] == 0x20)
-        log_debug (" raw apdu: %02x%02x%02x%02x%02x [redacted]\n",
+      if (apdulen > 5 && apdu[1] == 0x20 && !opt.debug_allow_pin_logging)
+        log_debug (" raw apdu: %02x%02x%02x%02x%02x [hidden]\n",
                    apdu[0], apdu[1], apdu[2], apdu[3], apdu[4]);
       else
         log_printhex (apdu, apdulen, " raw apdu:");
diff --git a/scd/scdaemon.c b/scd/scdaemon.c
index e43769f85..ed7fdc03a 100644
--- a/scd/scdaemon.c
+++ b/scd/scdaemon.c
@@ -79,6 +79,7 @@ enum cmd_and_opt_values
   oDebugAllowCoreDump,
   oDebugCCIDDriver,
   oDebugLogTid,
+  oDebugAllowPINLogging,
   oDebugAssuanLogCats,
   oNoGreeting,
   oNoOptions,
@@ -138,6 +139,7 @@ static gpgrt_opt_t opts[] = {
   ARGPARSE_s_n (oDebugAllowCoreDump, "debug-allow-core-dump", "@"),
   ARGPARSE_s_n (oDebugCCIDDriver, "debug-ccid-driver", "@"),
   ARGPARSE_s_n (oDebugLogTid, "debug-log-tid", "@"),
+  ARGPARSE_s_n (oDebugAllowPINLogging, "debug-allow-pin-logging", "@"),
   ARGPARSE_p_u (oDebugAssuanLogCats, "debug-assuan-log-cats", "@"),
   ARGPARSE_s_s (oLogFile,  "log-file", N_("|FILE|write a log to FILE")),
 
@@ -587,6 +589,9 @@ main (int argc, char **argv )
         case oDebugLogTid:
           log_set_pid_suffix_cb (tid_log_callback);
           break;
+        case oDebugAllowPINLogging:
+          opt.debug_allow_pin_logging = 1;
+          break;
         case oDebugAssuanLogCats:
           set_libassuan_log_cats (pargs.r.ret_ulong);
           break;
diff --git a/scd/scdaemon.h b/scd/scdaemon.h
index 68136b886..7b82d1b21 100644
--- a/scd/scdaemon.h
+++ b/scd/scdaemon.h
@@ -66,6 +66,7 @@ struct
   strlist_t disabled_applications;  /* Card applications we do not
                                        want to use. */
   unsigned long card_timeout; /* Disconnect after N seconds of inactivity.  */
+  int debug_allow_pin_logging; /* Allow PINs in debug output.  */
 } opt;