FlyerTalk Forums - View Single Post - USA EMV cards: Availability, Q&A (Chip & PIN or Signature) [2017>]
Thread: USA EMV cards: Availability, Q&A (Chip & PIN or Signature) [2017>]
View Single Post
Old Jul 22, 2020 | 4:12 pm
  #6176  
dmapr
10 Countries Visited
10 Years on Site
 
Join Date: Apr 2014
Location: San Jose, CA
Posts: 111
Originally Posted by bullfrog
So my PIN-priority SDFCU Cashback+ got compromised. New one came in the mail today and I just don't understand it.

It definitely has an offline PIN stored on the card; with cardpeek I am able to confirm that my selected PIN is there. If I enter the wrong PIN on purpose it decrements the PIN-try counter; if I enter the right PIN I get success and the PIN-try is reset to 3.

But the CVM list doesn't mention offline PIN at all!

Enciphered PIN online - If unattended cash
Signature - If manual cash
Fail - If purchase with Cashback
Signature
No CVM
Enciphered PIN verified online


What gives? Is this just a programming error? Are they doing something goofy where they will use the issuer script to re-write the CVM list after the first (non-quickchip) transaction? There's got to be *something* I'm missing; why would they include the PIN on the chip at all if they weren't going to use it? Even if they goofed and sent me the signature-preferring card by mistake (and I called SDFCU -- they assure me that I got a PIN-priority card) even the signature card would still reference the offline PIN somewhere?
I wonder if they have changed something, because on my SDFCU Platinum Rewards card that has been last issued in 2018 there's no support for online PIN other than at an ATM:
  1. Fail cardholder verification if this CVM is unsuccessful: Enciphered PIN verified online - If unattended cash
  2. Apply succeeding CV rule if this rule is unsuccessful: Plaintext PIN verification performed by ICC - If terminal supports the CVM
  3. Apply succeeding CV rule if this rule is unsuccessful: Signature (paper) - If terminal supports the CVM
  4. Fail cardholder verification if this CVM is unsuccessful: No CVM Required - If terminal supports the CVM
This list hasn't changed since the card has been issued. Also, they told me they always send a signature-preferring card when it's time to renew, you have to call them and specifically request PIN-preferring ones. That's what I did last time as well, on the cards they have sent by default the PIN was below the signature in the CVM list.
dmapr is offline