The 3 digit payment auth code is the big joke here
Paying by card at a payment terminal is now officially less safe than internet banking.
All you need to harvest is info that can be sen by all staff or which is easy to harvest via spyware anyway.
So why haven't the card issuers moved to a 10 digit auth code (at least for all large transactions) where each terminal asks for the nth, n + xth, n + xth numbers in the sequence where x is random?
Presumably because it might slow us down in our breathless rush to spend without hesitation. Much worse than fraud then.
Oh and btw, in the States the STILL haven't moved to Chip & PIN, instead of a PIN entry they use mag strip and have expensive touchpads that you put your signature into!