Hacker News new | ask | show | jobs
by closewith 1425 days ago
Do you have a source for this?

The EMV spec doesn’t include encryption of any data sent to the terminal from the card.

The transaction cryptogram is signed, however.
1 comments
charles_kaw 1423 days ago
The terminals themselves use mtls to communicate and wrap the payload , wasn't referring to the payload itself.
link
closewith 1422 days ago
That seems like a walkback? You said:

> However, the card terminal does not see unencrypted payment data.

The card terminal does see unencrypted payment data. Hard to see your comment as ambiguous?

link