http://www.chipandpin.co.uk/
I have been thinking more why chip and pin is useless, also it just introduce a bigger security issue to the credit card authentication process.

The Process
First of all, chip and pin require the user to insert their card into the retailer's reader. The user will require to press their pin number into the device, then the reader will call up a database of credit card company to get confirm that the user is indeed the authorized user (card holder). After the process is completed the card and a receipt is given back to the user. So only advantage of chip and Pin is that, since retailer doesn't check the cardholder's signature 95% of the time. This can confirm that this is the real cardholder.

The Problem
Basic attack
If the reader have been tampered by either the untrusted retailer. They can insert 3 modification into the device. Such as 1) memory storage 2) rewired the Card reading input and cache the result into the memory storage (simply rewired the circuit so you can do Man in Middle Attack), 3) Another wire to the Number pad and cache the memory storage, too.

The attacker can now read the memory storage after a whole day more month's result. Now the attacker can clone the same card, which doesn't even need to look like the original and walk to different ATM to get the money out, without the risk of the usual way of getting caught (Walk inside shops, or online purchase)

Advance Attack
The attacker can post as a maintainer (reader technician) and walk inside shops or other retails and swipe the reader. They can add a dialer module which will dial out to a different number, which holds a database that collect the results every time the reader calls credit card company to do the authentication.

What do you think?