EMV is the de-facto worldwide payment system used by Mastercard, Visa, American Express, and such. In-shop EMV contactless payments are not anonymous or private: the payers’ long-term identification data leaks to Merchants or even to observers. Anti-Money Laundering (AML), Know Your Customer (KYC) and Strong Customer Authentication (SCA) are payment regulations protecting us from illegal activities, but –in so doing– contribute chiefly to this lack of privacy in EMV payments. Threading the tightrope of AML, KYC and SCA regulations, we provide two privacy-enhancing, EMV-compatible, law-abiding and practicable contactless-payments protocols: PrivBank and PrivProxy. We do not use privacy-enhancing technology, like homomorphic encryption, that would break backwards-compatibility with current EMV, but rather we do privacy by engineering design, adhering to the existing EMV infrastructure, as is. So, PrivBank and PrivProxy provably achieve strong notions of payers and merchant privacy, anonymity and unlinkability as seen in e-cash or shopping vouchers, whilst being implementable in EMV as it stands.