[lyall]

Chip cards do send the card number as part of the transaction. They just also send other information that makes it easier to tell if the original card is physically present, meaning you don’t have to worry as much about someone stealing the details and spoofing your card.

You may be thinking of tokenization, which is a feature of some services such as Apple/Google Pay. This is where a “fake” account number—really a number that is scoped to eg a specific device or a specific merchant—is sent with the transaction. That then gets resolved to the real number somewhere down the processing pipeline closer to the card issuer. The benefit being if someone snoops this tokenized account number they won’t be able to use it thanks to the tight scoping.

[atwood22]

Are you sure? I thought chip cards worked using certificates signed by the card issuer. And transactions involved sending a nonce to be signed. Everything can be verified by the public key. I could totally be wrong though.

[lyall]

Maybe that's how IC cards work in some places, but that's definitely not the normal EMV standard. I've worked on the implementation of EMV chip card processing through basically all the major networks and can tell you that we necessarily have access to—and have to store after—the raw card number to facilitate the transaction. There's a lot of encryption involved to prevent bad actors from getting access but it's far from end-to-end.