I’ve faced the same issue when experimenting with secure messaging on EMV cards. From my experience, not every CLA/INS combination supports secure messaging — it usually works only with specific post-issuance commands defined in EMV Book 3. If you try to wrap arbitrary commands (like GET DATA) with CLA=8C or 84, most cards will simply return 6E00 (Class not supported).

In short: secure messaging needs proper TLV structure and is only valid for a limited set of commands. If you want to see an analogy, it’s a bit like how secure communication in apps (for example, telegram mod apk) only works when the app itself supports encryption — you can’t just “force” it on every action