From a theoretical perspective, a smart card can be compared to a networked computer: it’s content cannot be accessed directly like a disk or a USB stick, you must send requests to the chip (either to access some data or to execute some operation) and the chip answers following a given protocol (authentication may be needed for some requests, etc.).
Therefore, still from a theoretical perspective, while a smart card itself can be considered as secure, this led to a wrong marketing discourse claiming that systems based on it were “unbreakable” or that such cards were “unclonable”. However, a complex system like a complete payment system cannot be shrinked to the sole EMV card security. The payment card is only the tip of the iceberg, every element composing this system and their mutual interaction must be taken into account, from the various involved devices to the protocols and the …