Most people have the right idea, however, it depends. The banks and card processors have a spectrum of risk for different types of transactions and technology implementations.

The behavior of a chip card varies, including online vs offline authorizations. An online authorization is one where the card terminal has a discussion between the card and the bank. An offline transaction happens only between the terminal and the card.

Online transactions can involve using the chip’s crypto functions since a cryptographic value used to verify card transactions is held at the bank.

Offline transactions can use a PIN validation scheme using similar crypto functions whereby a PIN is checked by the card itself, not at the bank (we mostly don’t use them in the US). Why would anyone use offline transactions? They can be slow, costly, and require reliable internet connectivity.

Here in the US offline chip transactions are almost identical to stripe-only transactions.

A bank may require online authorizations on amounts on, say over $100. But at a snack vending machine an offline tap is just fine risk-wise. The vending machine may settle its transactions once a day or so.

Most of the data can be viewed by a normal person. You can buy a “usb smart card reader” and get free EMV reading software. You’ll see a card number, expiration, internal CVV, type, your name. A few values will be hidden, such as the encrypted PIN or transaction signing secret.