Somewhat counter-intuitively, security flaws in banking can be beneficial for customers.
The argument is simply that security is hard for clients; passwords and PINs get written down no matter how much you'd like them not to. However, if a system is theoretically secure, then the burden of security falls increasingly on the user, and getting fraudulent transactions reversed becomes ever more difficult. This makes online banking riskier for the customer.
In practice, the existence of previous vulnerabilities like this one hasn't helped customers get off the hook for fraudulent transactions because they couldn't prove the exploits were actually used against them. There's reason to believe the previous Chip and PIN vulnerability was being exploited in the wild but all the customers were still liable for all the charges.
Edit: with the previous attack, some of the banks had logs that would prove whether it was used but deleted them.
The argument is simply that security is hard for clients; passwords and PINs get written down no matter how much you'd like them not to. However, if a system is theoretically secure, then the burden of security falls increasingly on the user, and getting fraudulent transactions reversed becomes ever more difficult. This makes online banking riskier for the customer.