Come to the chat late - my tuppence worth:

Chip and Pin in the UK - the popular attack route just now is to skim the card anyway, knowing you only get the magstripe details, then ship the details to countries where that is all that is needed. Remediated if you keep the card with you at all times, or through decent statistical analysis by the bank spotting that your card is used in a weird way!

PCI DSS - not worth the paper it is printed on. It offers very little in real security, but is a useful audit check box. Case in point - Worldpay (have a search on the FBI site for some juicy details) passed PCI DSS not long before being taken to the cleaners. The level of testing required by PCI would not help protect against upwards of 80% of the common attacks against financial services organisations.

Meh - feeling ranty today. Only 2 days left at my old job :-0