Re: I used to work for RACAL secure payments.
"When we found out they wanted Micro$oft in ATM we all giggled out loud."
Yeah, and you got Java instead. How's Oracl€ working out?
Two things. As a former auditor, I know that most accountants know way more about security and risk assessment than your average dev (who at the end of the day usually isn't a security specialist). It's a pillar of the CA qualification worldwide. I don't want to get fussy about this, but risk assessment is based on balancing risk, the fact that risk cannot ever be completely eliminated, and the cost of taking one route compared to another (cost measured in money, but also time, and social costs).
The other thing is that like your lawyer, accountants don't make technical policy decisions. They make decisions about their own department, but they don't make decisions for other departments. They present financial information and other people make decisions based on that.
But let's be honest here. Chip and pin has dramatically reduced fraud and is far more secure than the magnetic strip and signature. I don't know what went on during the development, but if it's like any other large interorganisational project I bet it was a mishmash of tradeoffs and bargaining between a whole bunch of different agents. That's never going to produce a perfect result, but it's certainly produced a result that's achieved a measurable drop in stolen card fraud.