[Gigachad]

It would be a huge amount of work to pull this off and it's something that would be detected within the day because its so odd and not at all how normal payment flows work.

Not clear how you would match the pin either without having some personal info on the user which you don't have.

[alonsonic]

Exactly. The kiosk app that communicates to the terminal only gets a "transaction approved" response. There is no personal identifiable information provided to the kiosk app so there would be no way to link the pin they typed in the kiosk back to the customer identity or card number.

In short, for the kiosk this is a anonymous transaction that was confirmed paid.

The most you could do is ask for more details in the kiosk app which would be clunky and very suspicious.