20-25 years ago, when the only value was the secret PIN, and "microprocessor" card just caused a dumb question, credit card online was used mainly for personal reference of customer to the point of sale of goods or services. Of course, when booking the hotel, client had to type his card number and expiration date in case of refusal to write off a fee for one night («no show»). But the Internet and e-commerce still were not in such quantities as they are now. Most operations were carried out on "mail order/phone”, in which the client reported the card number and expiration date. Then the store has made authorization of card and sent the goods.
A little easier became when the payment system, developing protection against fraud, invented the Card Verification Value or Card Verification Code (the same, the names for different payment systems). Its essence is that, based on the data card and a secret key is computed three-digit number which is recorded on a magnetic strip and the issuer, having a magnetic stripe data, can verify its authenticity (sufficiently). In five to seven years for MOTO and Internet transactions was coined CVV2/CVC2 - the same algorithm, but little other information. The resulting number is printed on the signature. All the banks-issuers required printing and checking of the CVV2, and all the acquiring banks were encouraged to ask the client and send in the request. Now the client without the presence while purchase with credit card online should have reported this number and issuer will check it.
It briefly reduced the level of fraud, but does not fundamentally change the situation. Responsibility for the operation still lay on the bank-acquirer, as scammers to previous data it was necessary to get more and this code, which is somewhat complicated task, but by no means made it impossible. In parallel with these processes in the nineties went on the rapid development of the Internet: the increasing speed of online stores (and their losses due to fraud) required the development of fundamentally different solutions. Such was the technology of 3D-secure, well-known customers under the brand names “Verified by Visa”, “MasterCard SecureCode”.
The basic principle of this technology was the refusal of entry for transit through the credit card online and processing units of any kind was the secret values. When a customer makes a purchase at the online store, after entering the card data is forwarded to a special authorization server of the issuing bank, and there enters a password for purchases on the Internet (it is by no means a PIN card). At the same time between the client computer and the server of the issuer is established an encrypted connection, and no one can spy on what is going there.