Cambridge University security researchers have demonstrated how it might be possible to trick the card into thinking it’s doing a chip-and-signature transaction while the terminal thinks it’s authorised by chip-and-PIN. The flaw creates a means to make transactions that are “Verified by PIN” using a stolen uncancelled card without knowing the PIN number. Fraudsters would insert a “wedge” between the stolen card and terminal tricking the terminal into believing that the PIN was correctly verified

via Chip and PIN security busted • The Register.