Originally Posted by
tmiw
I don't believe any support plaintext online PIN. It's a massive security issue if they do.
The other CVMs are supposed to be for terminals that don't support signature, I think.
As for pushing "void", I'm not 100% sure. The prompt for the merchant is something like "is signature valid? Yes/No" in their local language. I would think it would go to PIN next if they push No but it really depends on the terminal and card. I'm tempted to go to the yogurt shop I went to earlier in the thread with my Andrews card (since all of the CVM rules are "apply succeeding") and have the cashier push No to find out.
Plaintext Online PIN does not exist. All online PINs are enciphered. Online PINs are encrypted by the terminal and sent to the acquirer. Online PINs for EMV are handled by the terminal just like PINs for debit cards.
And no, your theory about the CVM list is incorrect. In your scenario, the terminal at the yogurt shop would actually void the transaction when you pushed NO. Per the EMV standard, once the terminal decides to try a CVM (either by choice or automatically), then the transaction will be voided if that particular CVM cannot be completed.
Also, there is no way for USAA to have a backup PIN for the people who void signature transactions.