I attended a presentation at USENIX Security '07 that described a simple relay attack that defeats chip & PIN security. The attacker uses a relatively cheap ($500) hacked PIN terminal that relays the chip & PIN data to an accomplice, who then buys something with the hijacked credentials.

The worst part was that, according to the presenters, UK laws placed the burden of proof on the consumer to prove they were hacked, because of the assumption was that chip & PIN was unbreakable. I'm not sure if the laws have caught up, or if the distance bounding solution proposed in the paper has been widely deployed, but if not, I think I'd rather have a more easily hackable system than a false sense of security combined with laws that assume that hacks are impossible.