The PIN is allowing the card reader to access the card. The same kind of technology is used in a phone SIM card, the SIM card is requesting a PIN code so the phone can read it.
Online we don’t have a card reader we only have an software API. PIN for websites wouldn’t make sense here. Instead we use the 3 digit code which proves we have the card in our possession. We also use a billing address we shows we know the account holder details.
In Person
Card -> Reader (We have the card, just need the PIN)
Online
Card -> API (Prove you have the card, also do you have the billing address?)
This form of security is Something we have and Something we know.
Latest Answers