why usual purchases with a card need something memorable (PIN code), but online purchases have their secret code printed right on the card?

5.51K views

The way I understand, the usual (non-contactless) payment is a prime example of 2FA: you present your card, and then either sign or enter PIN code. First option ticks something you have (card) + something you are (the person who can white a signature matching the card’s one), second – something you have (card) + something you know (PIN code).

I get that online purchases can’t match the signature – but why between PIN and CSC you’d pick the latter as a security measure? It reduces the security to single factor (if I steal a wallet I can spend all the money on the card until it’s blocked, having the object is all I need), and doesn’t even add any speed to the transaction. What’s the benefit of CSC as the verification?

In: Technology