> I wonder what the technical details will look like
It’s already a thing, the EMVCo standard predates ubiquitous internet connectivity. Mass transit systems typically use it, airlines used to for in-flight purchases before the advent of reliable WiFi.
It is somewhat common to maintain a denylist of known fraudulent cards, but as you note the main mitigation is on the bank to track the card down. One of the key things you need to figure out with an offline payment system - and what I imagine is needed here - is a consensus on who has the liability for offline transactions and what the dollar limits are.
It’s already a thing, the EMVCo standard predates ubiquitous internet connectivity. Mass transit systems typically use it, airlines used to for in-flight purchases before the advent of reliable WiFi.
https://en.m.wikipedia.org/wiki/EMV#Offline_data_authenticat...
It is somewhat common to maintain a denylist of known fraudulent cards, but as you note the main mitigation is on the bank to track the card down. One of the key things you need to figure out with an offline payment system - and what I imagine is needed here - is a consensus on who has the liability for offline transactions and what the dollar limits are.