It adds a "something you know" (password, PIN/Password to your token generator) factor to the "something I have" (The card, with numbers on front and back) factor, so I would say it's fair to call it two-factor authentication.
I beg to disagree. The credit card is "something you know" just as much as "something you have", because when used on the web it is just a (copyable) 23 digit number. Whether you remember the number or look it up in your wallet is no different than whether you remember your password or store it on a post-it.
Other things "you have" in popular 2FA solutions are quite different, for instance your mobile phone number identity (for SMS) or your Google Authenticator.
