What's also interesting about our chip readers here in the US is that they only do chip + signature for credit cards, so they're not adding anything if someone physically has your card (I've had the ones they auto-reissue, which Chase claims they cannot stop in their system, stolen from my mailbox).

The card company checks whether the card and terminal are EMV capable. But, the whole card system is not built on absolute security but on risk-management and fraud detection, that is somehow balanced with customer convenience. In effects this means that only thing that is absolutely needed for transaction to be authorized is card number, what other data have to be provided and what checks have to pass is function of trustworthiness of various parties involved (mainly of the merchant).

(for example, the EMV standard explicitly handles various failure modes like "PIN-pad is broken", "card holder does not remember PIN" and so on, and allows configurations that accept such transactions)