Correct, in fact there already are. Most of those will require at a minimum a hardware hack or access to transactions 'in progress' (modified terminals) and will usually only gain access to the data that is stored on the magnetic stripe, not to the other data stored on the chip (the chip contains a duplicate of the stripe data and some other data only available on the chip and not sent out over the wire used in challenge/response fashion).
The system is not 100% secure but is a bit better than just having a password and the fact that it requires access to the original card makes it a lot harder still (those cards can be stolen though, and combined with a bit of hardware and a 'yes' card (a card that always responds 'transaction authorized') you could fool online payment terminals).
But that's still a step removed from gaining complete control of a bank account using web based banking and a password.
Correct, in fact there already are. Most of those will require at a minimum a hardware hack or access to transactions 'in progress' (modified terminals) and will usually only gain access to the data that is stored on the magnetic stripe, not to the other data stored on the chip (the chip contains a duplicate of the stripe data and some other data only available on the chip and not sent out over the wire used in challenge/response fashion).
The system is not 100% secure but is a bit better than just having a password and the fact that it requires access to the original card makes it a lot harder still (those cards can be stolen though, and combined with a bit of hardware and a 'yes' card (a card that always responds 'transaction authorized') you could fool online payment terminals).
But that's still a step removed from gaining complete control of a bank account using web based banking and a password.