The way I understand, the usual (non-contactless) payment is a prime example of 2FA: you present your card, and then either sign or enter PIN code. First option ticks something you have (card) + something you are (the person who can white a signature matching the card’s one), second – something you have (card) + something you know (PIN code).
I get that online purchases can’t match the signature – but why between PIN and CSC you’d pick the latter as a security measure? It reduces the security to single factor (if I steal a wallet I can spend all the money on the card until it’s blocked, having the object is all I need), and doesn’t even add any speed to the transaction. What’s the benefit of CSC as the verification?