It a combination of things. Sure you can photocopy a card if you can get access to it for long enough but
requiring a pin forces the customer to go to the card reader or the card reader to be brought to you. This
reduces the window when the card can be photocopied or the magstrip being fraudulently read. Add to
that the CC# is tagged as requiring a pin so you can't just put the details onto a blank and use it.
Online transactions still need the CCV.
No security is perfect.