That's different to the PIN. CVV is for cardholder not present transactions, PIN is for one's where you're there.

Also CVV needs the 16 digit card number, card holder name and expiry as well..

I'd almost guarantee that trying to brute-force a CVV number will get your card blocked real fast.

I got an email from my credit card after a single CVV failure, because the guy at the Apple store entered it wrong.

it's not a password, and it doesn't give the same insurance. There were some proposal of at home card readers in the 2000, but it never got very far, it was not really practical to secure either. I think the current trend of scratch credit card could be onto something for online buying, it's a temporary credit card number valid just for a few hours, and then it's deleted from the bank system.