arpc | More effective network communication, two-way calling, notify and broadcast supported | Pub Sub library

Short answer to your question is YES - the acceptance device will perform card authentication. When it comes to ODA, it might be also SDA (already obsolete) or DDA that will happen regardless of CDA mode.

CDA mode 3 means only that ODA will not be performed if other CAM (Card Authentication Method) is available. It will still happen for offline accepted transactions.

To clarify, the Card Authentication Methods:

• Offline CAM = PKI based Offline Data Authentication which CDA is an example of
• Online CAM = symmetric cryptography based verification of cryptograms during online communication.

In early days of EMV implementation acceptance devices had quite limited processing power - they were mostly based on 8-bit microcontrollers which meant it took ages to perform RSA with larger modulus. That's why CDA mode 3 was introduced - to avoid performing resource-heavy offline CAM when online CAM is available - in online transactions. That was perceived an optimization in the time and was recommended by schemes and EMVCo. In today terms, CDA mode 1 is widely adopted and I don't remember any recent Type Approvals with CDA mode 3. If you have a device with it, you might be dealing with an old device with an expired approval.

ARPC verification (Issuer Authentication step) you mention is not reflected in TVR B1b8 - it's only an indication that ODA was not performed, which (apart from CDA mode 3 situation) might also be when card and terminal do not support any common authentication method (some online-only terminals do not need to perform ODA; some non-expiring cards do not support ODA as well). Issuer Authentication might be explicit (when AIP in the card indicates it and you received ARPC in the response), but might happen also implicitly (when AIP doesn't indicate it but card requests ARPC in CDOL2) and you might not see it indicated in TVR.