Humans are flawed, they fall for con tricks. We have to accept that and have a system which expects people to occasionally have poor judgement.
Mastercard's system is an example of a flawed process. The human can be fooled into giving away the key to the system. This make it useless in at least 5% of the cases. The human is just going to be fooled and make a mistake, only Mastercard compound the
mistake by creating this system where the human is screwed once they give away the key - permanently, or at least until they realise and make a new key.
If Mastercard used mobile phone authentication the consumer could be fooled - once. They would only be a victim once, and hopefully learn from their mistake, but at least their mistake would only be for the one transaction because they can't actually give
away the key.
How they ever allowed a system with a 5% failure rate to be deployed beggars disbelief.
The 5% is roughly the number of humans who make mistakes and are fooled by ever more sophisticated phishing scams. Mastercard should know this more than anyone. Credit cards and PIN numbers were invented mid-last century and they belong in a museum, and
unless Mastercard gets with the plot they'll be history too.
The Phishers Motto.
'You can't fool all the people all of the time but you can always fool some of the people.'