Why PIN Still Matters in Card-Present Payments
EMV authenticates the card. PIN still helps authenticate the cardholder.
Corebaseit
I’m Vincent Bevia. I work in payments at MultiSafepay (part of Ant Group), and I’ve spent years focused on POS architecture, EMV, and cryptography. I’m also the author of Point-of-Sale Systems Architecture — Volume 1 and The Obsolescence Paradox: Why the Best Engineers Will Thrive in the AI Era.
This blog is my space to share what I’m thinking about, learning, and discussing: POS systems, EMV, Payment Security, and, increasingly, about AI in general and how AI is reshaping this field. I also draw on my background in Electrical Engineering and Telecommunications — information theory, stochastic processes, and thermodynamics — the technical foundations that sit beneath much of this work.
Less corporate, more personal. Opinions, reflections, and the kind of things I’d talk about over coffee.
Topics I care about
- POS & EMV — how terminals, chips, and contactless payments actually work
- Cryptography & security — DUKPT, HSMs, and key management in the real world
- AI in payments — where it helps, where it doesn’t, and what’s coming next
- Engineering foundations — telecommunications, information theory, and stochastic processes
If you’re building payment technology — or just curious about how it all fits together — welcome.
Why EMV Chip Cards Resist Cloning: The ARQC Mechanism Explained
Every chip card generates a unique cryptographic proof each time you tap or insert it. That proof is why cloning a chip card’s transaction capability is effectively impossible — and why the …
Scheme-Level Signaling: How Networks Identify Unattended Transactions
PCI PTS classifies devices at the hardware level. But Visa and Mastercard classify transactions at the message level. No scheme inspects the physical terminal to determine whether it is attended or …
Transformers vs. Diffusion Models: Not All AI Is the Same
We casually say “AI can write, AI can draw, AI can code” as if it’s one thing. It’s not. Two of the most talked-about model families in AI today solve fundamentally different …
Stochastic, Entropy & AI: From Thermodynamics to Information Theory to Modern Machine Learning
I was listening to a podcast the other day about AI and the mathematics behind it — especially stochastic processes, entropy, and probability — and it immediately drew me in. With a background in …
Offline EMV vs Store-and-Forward: Two Different Mechanisms, One Confusing Name
When a POS has no connectivity, merchants still need to accept payments. The industry uses terms like “offline transaction” and “offline processing” loosely — but in EMV terms, …
L3 Certification Paths Are Not Created Equal: C-TAP, SmartPOS, and SoftPOS
When people talk about “L3 certification,” they often treat it as a single, uniform process. It isn’t. EMV Level 3 focuses on validating integration of the acceptance device with its …
BeviaLLM: Building a Language Model From Scratch With Python and NumPy
There’s a gap between using language models and understanding them. You can call an API, get a response, and build a product on top of it — without ever knowing what happens between the prompt …
AI as an Amplifier, Not a Replacement: Why Domain Expertise Matters More Than Ever
There’s a narrative floating around that AI will replace domain experts. That if the model can generate code, write architecture docs, and explain EMV flows, then maybe you don’t need the …
POS Terminal Environment Classifications: Attended, Semi-Attended, and Unattended
When you certify a SmartPOS terminal, the environment classification isn’t a minor detail — it’s a first-order architectural decision that determines CVM behavior, risk management rules, …