And, from many years of personal experience, quite a lot of people don't treat their card and PIN securely. This might be in the form of (and these are genuine examples):
1. Writing the PIN on a post-it note and sticking it to the back of the card.
2. Writing the PIN on some paper and keeping it in the same place the card is kept.
3. Giving the card to someone else (partner, kids, relatives, etc.), along with the PIN, to run an errand for them.
4. Saying the PIN out loud as they type it in.
5. Asking the customer assistant/whoever is dealing with the transaction to enter the PIN for them.
Chip&Pin, while claiming to be more secure, enabled and made convenient basic forms of fraud, such as that in points 3 and 5.
I'd actually argue that the shifting of liability from the card issuer/merchant to the card holder/customer in the UK is a direct consequence of C&P allowing careless people to be more lax with the security of their card.
The worst thing is the chip+pin machines that do not have any shield to hide you punching the pin in, and then to just add insult to injury, they're the kind of buttons that you have to forcefully press with all your might to get them to register. So it's blatantly obvious to anyone taking notice which buttons you pressed.
