What if the second card authorization fails in a pin change operation?
Is executing a script without a second card authorization acceptable? Do we have to roll back operations ?
Regards.
You can't revert anything with a card. You just go step by step by the spec, send commands to the card in proper sequence, analyse the card responses and set appropriate bits in TVR.
The Pin Change/Unlock command in a script is protected with a Message Authentication Code that card must verify before applying the change and reject a command if MAC check fails.
Also, I hardly could imagine that a modern issuer would send a pin-change script without Issuer Authentication Data. So the Generate AC is unlikely to fail if an External Authenticate and Pin Change successfully processed by a card.
Even if the issuer does not support the Issuer Authentication, you just strictly follow the spec: you check the command execution status and take the action according to the spec.
All other things are beyond the EMV spec. Thus, the Payment System may require the TC to be always delivered to the Issuer (online or as part of a batch tx upload).