We demonstrate a middleperson attack on EMV which lets criminals use stolen chip and PIN cards without knowing the PIN.
This is an epic fail on the part of the designers of the specification. No doubt people will say “the spec is fine, it’s the implementation”. You shouldn’t have given free reign into how it was implemented in that case.