Skimming
Yes, they did. BUT, making this newly acquired data useful, it would have to be the same as the entrance criteria for another application/system. Also, it would need that the"thing I have" (the card) was allowed to be different from the "who I am"; that is that the connection is not tested at time of authentication. Better ways are biometrics (heartbeat,retina,fingerprint) that can be tested at the point of entry. Incidentally, the use of biometrics actually readers the carrying of cards unnessary.