In Part I of this series, we talked about how chip-card transactions differ from magstripe. We saw that there’s a considerable amount of back-and-forth communication between the reader and the card. But (good news!) we also saw that a lot of that communication is handled automatically — which is to say, out of the control of the payment-app developer — by the reader’s EMV kernel. In Part II, we talked a bit about the various tags (or TLV data) that you can expect to get back during an EMV transaction, and what some of them mean. We also mentioned that an EMV transaction occurs in phases (with names like Start, Authenticate, and Complete). And we saw that different TLVs come back during the different phases. We’ve also mentioned (many times, in...