Comment by rcxdude

EMV is in a substantially better position than online credit card payments: the terminal cannot clone a card (though it sees a PIN and card number, it does not see the CVV, so it is not useful for online transactions, and the card contains private keys which are relatively hard to extract. The only remaining hole is creating a magstripe card, but these are becoming rare even in the US). The card does see and verify the transaction. The two main issues are the PIN entry onto the pad (which exposes some information, though with NFC this hole is somewhat removed), and the fact that the payment is still initiated by the terminal, with no way for the user to independently see the transaction amount before authorising the transaction (NFC on a phone can in principle fix this, though in a somewhat annoying manner: it could refuse the transaction the first time, then prompt the user, and accept the next transaction for the same amount).