> So would it be possible to install software or hardware which always returns a "success" from the card reader hardware without it actually doing the transaction and give everyone who uses that machine free food until someone figures it out? Hmm…

Almost certainly not on EMV certified card acquirers, unless there is a bug in the firmware. These things are so locked down that, even as an authorised developer for the payment terminal, we had no access to the hardware, no way to view the cards encrypted payload, etc.

Parent meant to ignore the EMV and have the kiosk just claim that all orders are paid, so the user gets food.

If we say average transaction size is $10 and that you’ll save 1.000 customers (generous) before you’re caught.

You just committed a felony to provide $10.000 in free food.

Might as well get a day job and make that contribution annually and skip federal prison.

This is like a 2005 hack. I'm sure you could come up with at least one good solution to this problem.

Or you could tweak the ordering software to completely ignore the terminal, and not bother charging at all.

That should be pretty easy to block with signing they should already be doing.