A flaw in the EMV protocol lays out the rules for chip-and-PIN card transactions at ATMs and point-of-sale terminals could enable persistent attackers to carry out bogus card transactions. The chip in an EMV card is there to execute an authentication protocol, and is itself very difficult to clone. However, the authentication process also relies on the merchant’s point of sale kit, or an ATM, generating a completely random number to prove the uniqueness of the transaction. The researchers warned that this random number is not so random and is even possible sometimes to predict.
Source: https://thehackernews.com/2012/09/chip-and-pin-payment-card-system.html