Chip-and-pin weakness is revealed

No kidding! I am surprised and amazed! :O

Chip & pin is all about putting the responsibility for avoiding fraud onto the user instead of the company. Previously you could say "that's not my signature"; now they can say "that's your PIN, it's your job to keep that secret". That's the whole reason for it. Not to make anything safer. (Flashing your card and PIN around in front of other shoppers is meant to be safe?)

I know someone who works/ed as a cryptographer for banks and CC companies and we had the same argument. "But it's incredibly secure!" "No, the part done by the machines is still secure. The human component is much less so now!" (Given a choice between trying to factor hundreds of digits of prime number and peeking over the shoulder/lifting the wallet of a harried shopper, er yeah, I'll go after the shopper every time.) And then we run into the wall of "that's not the banks' problem".

Problem? It's an undocumented feature.