I actually rely on this self destruction, I have a scrap of paper in my wallet with "Pin Numbers" written on it along with 3 random four digit numbers, gives me minor peace of mind that if my wallet is lost and found by someone that wants to try and use them, hopefully they'll lose them to an atm rather than using them online.

I like that idea.

Unfortunately it doesn't prevent them using them online as well. At least for my cards, if I lock out the PIN I can still use them for non-PIN purchases.

Ah, in the UK it is standard for the machine to keep your card after three incorrect pin attempts. (at least I think it's the standard?)

I'm in the UK as well. I was actually thinking of Chip & PIN transactions, but you may be right about cash points.

Good point. wasn't thinking about that.

Awesome idea :)

A tiny number of digits combined with the standard, visible input system is a recipe for 'shoulder surfing' attacks. I'm not proposing a superior system, just pointing out that brute-force attacks are not the only thing to beware.

Unless you buy online, in which case you just need the "last 3 digits on the back of your card".

That's different to the PIN. CVV is for cardholder not present transactions, PIN is for one's where you're there.

Also CVV needs the 16 digit card number, card holder name and expiry as well..

I'd almost guarantee that trying to brute-force a CVV number will get your card blocked real fast.

I got an email from my credit card after a single CVV failure, because the guy at the Apple store entered it wrong.

it's not a password, and it doesn't give the same insurance. There were some proposal of at home card readers in the 2000, but it never got very far, it was not really practical to secure either. I think the current trend of scratch credit card could be onto something for online buying, it's a temporary credit card number valid just for a few hours, and then it's deleted from the bank system.