Originally Posted by
tmiw
Enciphered PIN = PIN is encrypted in the terminal before being sent to the card/acquirer. Plaintext = no encryption done on the PIN. I think most terminals support both but most cards with a PIN use plaintext for offline PIN due to the expense required to make cards that can do encryption.
So why do any credit cards offer plaintext online PIN? Seems kinda silly to not encipher a PIN.
As for enciphered offline, if I understand correctly, the card would need to encipher it before sending it to the terminal for confirmation? If so, sounds like the USAA still does that, above what others do.
I also don't get why a plaintext PIN would ever be a CVM than an enciphered one.
Fail means the transaction will just be voided. "Apply succeeding rule" means the terminal will go to the next supported rule in the card's CVM list, failing if it can't find any other rules.
So how can it fail signature but still have lower CVMs? Is that only for terminals that don't support signature? You mentioned it would be nice not to fail so as to help where merchants just void signature transactions - how would that help if the terminal would just pop out a slip? Could he press "void" and it would then ask for a PIN?