It's been a few years since I've looked at any of this, so please forgive me if I'm out of date. I figure giving you information that's probably current is better than what you're getting right now (no information).
The protocol between the card reader, the payment processor, and your creditor is determined by your creditor, but the details of the implementation are not. In the same way that a website can do whatever they like with your credit card information once you enter it, the card reader can do the same. There are some laws and industry best practices intended to protect your card information that vary by region, but your account number, name, and card expiration date are exposed to the merchant even when using EMV. (see https://www.eftlab.com/knowledge-base/complete-list-of-emv-n...)
EMV is designed to provide PIN authentication to prevent the use of stolen cards. It doesn't guarantee an end-to-end secure protocol for each transaction (because that wouldn't work offline).
The protocol between the card reader, the payment processor, and your creditor is determined by your creditor, but the details of the implementation are not. In the same way that a website can do whatever they like with your credit card information once you enter it, the card reader can do the same. There are some laws and industry best practices intended to protect your card information that vary by region, but your account number, name, and card expiration date are exposed to the merchant even when using EMV. (see https://www.eftlab.com/knowledge-base/complete-list-of-emv-n...)
EMV is designed to provide PIN authentication to prevent the use of stolen cards. It doesn't guarantee an end-to-end secure protocol for each transaction (because that wouldn't work offline).