A while ago (admittedly 4 years) I worked on the ATM side of an EMV chip and pin implementation. Yes the chip can lie to the terminal and yes the terminal can lie to the bank. But all results of a transaction from the card/chip result in the generation of a small cryptographic token generated using the cards view of how the transaction went. The information included in the generation of this is variable but should at least include things like whether the card thought PIN verification was sucessful or not, the transaction amount and whether the card thought the transaction was succesful or not.

This is normally printed on the receipt and either sent online to the bank or uploaded later in a batch transfer. If the system has been implemented sensibly it shouldn't be difficult to prove that this has happened. For an online transaction I don't really see how it can happen at all in a well implemented system.

For any large project read this Black swan theory. Something completely unexpected will probably ruin your plan, as others have said it's more about knowing what to chop to hit a date. Also for any large project the cumulative effect of errors in estimating soon add up to make the plan almost irrelevant.

wooosh

Wasn't Linus Torvalds from Finland? Doesn't that mean Europe can at least claim some responsibility for the Linux kernel?