[charles_kaw]

btw if anyone has ever taken a look at a POS setup, it's a bit misleading to the uninformed

In some solutions, the readers are in fact hooked up directly to the POS system. However, the card terminal does not see unencrypted payment data. The POS is acting as a network bridge or switch, while getting limited information over network from the terminal.

In fact, I'm not sure that's even something that's allowed in large scale installations today.

[MBCook]

You only get unencrypted stuff when doing mag-stripe, and that’s mostly just card number and name. Same with tap-to-pay may-stripe emulation (the old way which no one is supposed to use anymore, even in the US per credit card rules).

That’s why everyone has/is moving off mag-stripe (depending on country) and to EMV. With EMV and EMV contactless the terminal never gets the full card number, among many other significant security improvements.

[charles_kaw]

>You only get unencrypted stuff when doing mag-stripe

The terminal encrypts it before sending it over the wire

[closewith]

Do you have a source for this?

The EMV spec doesn’t include encryption of any data sent to the terminal from the card.

The transaction cryptogram is signed, however.

[charles_kaw]

The terminals themselves use mtls to communicate and wrap the payload , wasn't referring to the payload itself.

[closewith]

That seems like a walkback? You said:

> However, the card terminal does not see unencrypted payment data.

The card terminal does see unencrypted payment data. Hard to see your comment as ambiguous?