[danpalmer]

Verified by Visa and Mastercard 3D Secure were an attempt to implement something similar to this, but were a disaster. I recommend the paper "Veried by Visa and MasterCard SecureCode: or, How Not to Design Authentication" by Steven Murdoch and Ross Anderson, who have been involved in quite a lot of the security research surrounding EMV.

http://www.cl.cam.ac.uk/~rja14/Papers/fc10vbvsecurecode.pdf

EMV has it's problems. I've worked with a few researchers who have targeted the security of it in several ways and found some quite serious issues, so I'm quite aware of the security implications. However in terms of practical criminal use, having the challenge and response mechanism with the card is a significant improvement over the static data of a magstripe.

That said, an interesting piece of British law is the fact that a signature forgery is never the responsibility of the victim. This means that if someone fraudulently signs for a payment, you are not responsible for the charges at all, whereas if someone watches you enter your PIN, or you tell it to someone and they subsequently use it to make payments, this is your responsibility. The grey area for a while was that the companies behind EMV said it was 'uncrackable' (never a good idea) and refused to take responsibility of charges that some users claimed had been made without their PINs being revealed by them. Anderson, and the Cambridge security researchers demonstrated a proof of concept a few years ago that showed how it could be used without knowing disclosure of the PIN, and since then card companies and banks have been a little more receptive to taking on the responsibility.