0
votes

I have a terminal that behaves this way, when offline PIN is requested and the user presses enter without typing the PIN it goes on to request online PIN instead. I want to know if this is the recommended behaviour. My team argues that it should fail if the offline PIN is not entered instead of requesting online PIN.

1

1 Answers

4
votes

This a feature called PIN bypass. What is an additional option is subsequent PIN bypass (which means bypassing all PIN methods if bypass is requested on one of them). If you have bypass enabled but not subsequent and the next applicable method will be online PIN, it will be requested.

In either case, offline PIN is just one of the cardholder verification methods. Failing in such situation without processing the rest of the CVM List when method has 'Apply succeeding rule when this one fails' bit set would be against EMVCo specs.