Cloning the mag stripe is relatively easy. You just need a card reader/writer. First read your card, save the data, and then run a blank card through the machine and encode your data to the mag stripe of that card.
Cloning EMV chips is much harder. The chip itself cannot be cloned but there are some security vulnerabilities that make it possible to trick a POS terminal or ATM. I'm not entirely sure about the technicalities of it. You can probably dig up some articles about it. The gist of it appears to be that EMV chips are still considered generally safe enough, but not as 100% secure as they were initially touted.
Regarding the ease of cloning magnetic stripes, you're correct. Magnetic stripe data can be relatively easily captured and duplicated. This vulnerability is precisely why the industry has been shifting towards EMV (chip + PIN) technology. Globally there is a decrease in amount of places where there is swiping instead of dipping, so in the 'cool' places this would not be that useful.
EMV chips generate a unique transaction code for each payment, a feature that is meant to stop any cloning attempt. This makes EMV dynamic by nature, unlike magnetic stripes that present static information (basically saves you the unencrypted hassle of typing your numbers in). Also track data is encrypted on EMV, so you would also need a mathematical breakthrough to get info directly from the cards.
[1]
The most recent significant incident I can think of is probably OLB in Germany, where a gang in Brazil was able to clone and abuse cards that resulted in a ±1.5m euro payout [2]. But even in this case there was not really a flaw in EMV that was exploited, but flaws in applications/infra that assume EMV is trusted. E.g. there have been attacks where non-EMV transactions have been encoded as EMV transactions and passed through payment networks.
that's basically the root of my question - if any ATM or POS terminal can read the chip what makes it hard to make a copy (or device with the same physical interface) that presents the same data
To really be able to pull this off on EMV chips you need to be able to insert yourself into pos/payment terminals and start there with deception, which is why currently organised groups are able to make this happen. You will need infra, technical expertise and a way to simultaneously cash out with all cards since fraud detection systems will kick in and nerds will make sure the attack stops.
Regarding my earlier reply, there really is no legitimate reason to clone your card. There was a better way to ask, but also a better way to respond to your question. Also I understand the sentiment since there are more areas of expertise than there are experts in security.
1.
CS101 Introduction to Computing Principles
2.
German bank loses €1.5 million in mysterious cashout of EMV cards
