| > Chip + PIN is basically the EMV standard for cards with chips on them Worse than that, it's a marketing name :) Or it was in the UK. Strictly speaking the cards contain a customer verification method list that gives the terminal the info about whether and in what priority order it should process PIN offline, online, signature or other methods. This method allows american cards to function elsewhere in the world, depending on the terminal risk profile, and euro cards which usually would require a PIN to function in PIN-less US terminals. > There is very little difference in the process when using NFC, except that the power to the chip in the card is via the NFC field. Sure, but in contactless EMV there is no user interaction part of the process, so 'offline PIN' is not a possibility. This is because the transaction process would have to halt while the user entered their PIN and continue afterwards. So I'm pretty sure that for contactless transactions there is no offline PIN CVM. The process is also going to be slightly different in that the card/phone doesn't stick around for any post-transaction issuer scripts, and IIRC from the short time I worked on a contactless product, there is only a single application-cryptogram generation phase compared to the two in a chip transaction, though I can't remember the significance of that now! Or can I ... the second Gen AC phase is where the card signs off on the bank's authorisation of a transaction, if the transaction has gone online. Strictly your chip card can still decline a transaction even if the bank says it's OK. This is missing in contactless flow because, again, it would require the transaction to pause and take longer than a quick wave. |
I didn't need to re-present the card to the reader. It processed the rest of the transaction after the PIN was entered.