Learning techniques allow the automatic inference of the behaviour of a system as a finite state machine. We demonstrate that learning techniques can be used to extract such formal models from software on banking smart cards which - as most bank cards do - implement variants of the EMV protocol suite. Such automated reverse-engineering, which only observes the smart card as a black box, takes little effort and is fast. The finite state machine models obtained provide a useful insight into decisions (or indeed mistakes) made in the design and implementation, and would be useful as part of security evaluations - not just for bank cards but for smart card applications in general - as they can show unexpected additional functionality that is easily missed in conformance tests.