The Idea of a PIN as a cardholder verification method relies on the two sets of data involved (card number and PIN) not being transmitted in the same way.

For online websites, it’s easier to use some other form of verifying the cardholder, such as with a billing address, CVC2 code, or two factor authentication, than to create some standardized way of transmitting pins in a secure fashion separate from the card number.

For security there are 3 basic kinds of keys/locks
1 something you know (PIN password, birth date, first pet)
2 something you are (fingerprint, retina scan)
3 something you have (your cellphone number, a token generator, a keycard)

In person you use 1 and 3, 1 is PIN and 3 is your credit card itself.
Online you cannot use number 2 easily, and number 3 is not yet widely implemented, maybe later we will need a token in order to make a purchase online.

The important bit here is that you do not want those 3 methods to ever mix.
You do not want to send something you know, like a pin to a third party who also has your credit card number and who is not your bank.

A wokaround commonly implemented is that online retailers usually charge you a certain ammount, then ask you to login to your bank and find the ammount charged, finally they deposit the money back to your account.
This way, something you know is the secret ammount, and something you have/know is the card number and cvv.

It boils down to the difference between debit and credit. Debit is meant to be like taking cash directly from your account. This purchase does not take extra time to post to your account. It can be used in store, at the ATM or even at (some) banks. Credit is as it sounds, it is a temporarily posted transaction, where the bank card pays the amount and then through a process, it finally posts to your account. This is where your PIN and the CVV number on the back come in handy. The PIN means you are making the purchase in person, low to no threat of fraud. The CVV says you have the card in hand but are using it via credit. Since there is a lot of fraud online, this helps your bank be able to differentiate possible fraud on your account. If the PIN number is used, in most cases, fraud is not a concern. If it is done as an online/credit purchase and you file fraud, they are able to give you a temporary credit for the amount, order you a new debit card, and not have your account effected for long.
Long story short, your PIN number is like an ID for your debit card. So share it with no one! Hope it helps!

The PIN is allowing the card reader to access the card. The same kind of technology is used in a phone SIM card, the SIM card is requesting a PIN code so the phone can read it.

Online we don’t have a card reader we only have an software API. PIN for websites wouldn’t make sense here. Instead we use the 3 digit code which proves we have the card in our possession. We also use a billing address we shows we know the account holder details.

In Person

Card -> Reader (We have the card, just need the PIN)

Online

Card -> API (Prove you have the card, also do you have the billing address?)

This form of security is Something we have and Something we know.

Essentially, most debit cards are honored by one of the major credit card networks(visa, MasterCard, etc). That means you can process a transaction without your pin and visa or whoever is associated with your card will honor it. When you put in your pin, that is processed by a different network your bank uses. Look at the back of your card and you will typically see what these networks are. This is why you are able to run debit as credit, something you should always do unless you have no other option.

Your payment card PIN is something that is known only to you and to your bank. When you use a payment terminal or ATM, it is communicating directly with your bank, so it’s OK to send your PIN, because only your bank will see it.

When you are making a purchase online however, you aren’t communicating directly with your bank; you are sending your payment information to the merchant, who then later relays the info to your bank. You can’t send your PIN in that case, because the merchant would be able to see it, and you don’t want that.

Instead, when making online purchases, you enter your name, card number, CVV code and zip code. It’s OK for the merchant to see those things in order to process the payment, and merchants can even save the details for future payments