Originally Posted by
WhatWhatTech
Plaintext Online PIN does not exist. All online PINs are enciphered. Online PINs are encrypted by the terminal and sent to the acquirer. Online PINs for EMV are handled by the terminal just like PINs for debit cards.
And no, your theory about the CVM list is incorrect. In your scenario, the terminal at the yogurt shop would actually void the transaction when you pushed NO. Per the EMV standard, once the terminal decides to try a CVM (either by choice or automatically), then the transaction will be voided if that particular CVM cannot be completed.
Also, there is no way for USAA to have a backup PIN for the people who void signature transactions.
If that's the case, then in what case is the succeeding rule applied?