> credit cards with secrets printed and shared in plain sight
This is a simplification. For all customer-present transactions cards use the secrets in a secure chip, and the transaction is authorised by the cryptographic processor in those chips signing the transaction data with a secret key. It's classic 2FA - Something you have (a card) and something you know (a PIN).
The type-in-a-number-on-a-website purchases are the weak link, and even they are usually protected by another layer of passwords (3D-secure, Verified by Visa etc).
It's quite a while (in most places outside the US) since the number on the front was the secret.
Correct, and they won't any time soon. This US is a Chip + Signature market, which still incorporates cryptographic elements on the card itself as the secret.
In a Chip + PIN transaction, the second factor is your digital PIN, whereas in the Chip + Signature transaction the second factor is your signature. It's still 2fac, but more importantly, in neither case is the secret on the front of the card.
There are three security elements aspects to the EMV standard: card duplication (your card is the real deal), cardholder verification (you are the real deal), and lending (that you still have available credit).
Having a chip prevents (or at least is intended to prevent) card skimming. EMV payments cannot be re-played, cards cannot be duplicated and neither the card nor the reader can be tampered with. The magstripe of a chip card includes a flag indicating the card has a chip so even if you duplicated the stripe, it still wouldn't work. That is a material improvement over magstripe-only cards, and the private key is embedded within the silicon in a highly tamper-resistant way. This got the US the bulk of the 'win'.
With respect to cardholder verification, the Cardholder Verification Methods range, from least to most secure (from the perspective of a bank): None (i.e. have at it), Signature, PIN and CDCVM (ApplePay, etc). The CVM is negotiated between the card and the reader on insertion (EMV) or presentation (NFC/EMV). Each of these CVMs will impact to some extent things such as how likely a transaction is to be approved vs declined, how much you're charged in interchange to make up for it, and so on.
Yes, PINs are more secure in some ways because they provide a pre-payment second factor and in some ways yield a false sense of security. For instance, if someone sees you key in your PIN, you'll have a harder time claiming fraud, and in Europe it's on you to prove that. In the US, it's on the merchant. The trade-off here is again more time. Merchants are often willing to pay a slightly higher interchange rate to get people through the line faster, and signature is unequivocally faster than Online pin (requiring another network request to decrypt/verify) and still faster than Offline pin (which only works in Europe and is capped through floor limit).
Consider this from the perspective of all the layers of security even an EMV signature payment has. Tamper-proof physical card required that cannot be cloned, tamper-proof terminal, the card yields a signed payment request to your acquirer who can flag it as fraudulent, to the issuing bank who can flag it as fraudulent, and all the way back down to the card which can itself mark your transaction as fraudulent (it's called a reversal). Then you sign. And your photograph / video is likely recorded by the merchant at the point of sale, too. PIN or no-PIN, in a low fraud rate market, the win is small but the cost in added time can be really high.
If this mattered in the US and PIN were truly advantageous, restaurants could configure their terminals to request signatures or no verification while high-ticket size merchants could still capture PINs. They could still make this change at any time, really, all the tech out there more or less supports it. During the EMV transition all this was considered, and the decision was made it wasn't worth it.
tl;dr: Sometimes the 'less secure' method get you the bulk of the security win while yielding more profit for the merchant.
Source: I worked in payments for years including during the EMV switchover :) Hope that helps!
This is a simplification. For all customer-present transactions cards use the secrets in a secure chip, and the transaction is authorised by the cryptographic processor in those chips signing the transaction data with a secret key. It's classic 2FA - Something you have (a card) and something you know (a PIN).
The type-in-a-number-on-a-website purchases are the weak link, and even they are usually protected by another layer of passwords (3D-secure, Verified by Visa etc).
It's quite a while (in most places outside the US) since the number on the front was the secret.