They are essentially crypto chips. Basically when the card is made the bank generates a secret key (random gibberish) and your account number, the bank keeps a copy of both of these. They program these into the chip. The chip can use the contacts to talk, and it can perform some cryptographic hash function. Importantly once the chip is made by the bank, it’s designed to never tell anyone it’s secret key, it stays in the chip forever.

When you buy something the process is something like this (simplified):

1. They ask the card for your account number and tell the bank how much the order is and give the Bank you account number, and the bank gives the store a random number (a token).
2. The store asks your credit card for the hash, it gives the card the amount and the token
3. The card generates the hash, which is something like hash(key + token + amount) and gives it to the store.
4. the store sends the hash to the bank and the bank runs the same computation, if it matches they accept it

hash() is a special algorithm that can’t be reversed (you can’t figure out the key if you see the hash), since the amount and token are used to generate the hash, the hash is different for every transaction, even if it’s the same amount. Because of all of this, a person who sees everything between the card and the bank still can’t copy anything because all the data is good for only one transaction and it can’t be used to running additional transactions.