One rule - YOU NEVER GIVE YOUR PIN OVER THE PHONE. or in fact any personal details. especially if they ring you.
Web and Phone verification is different. Web can be via CVS number at the back of the card plus previously defined password. Some companies provide a one time key system. Over the phone is more difficult. Again they ask you part of a password such as the 3 and 7th letter or ring/text back to your mobile phone
The important point in this is that the Pin itself is useless without the card. Unlike magnetic strips there has never been any example of a chip being skimmed and duplicated. Unfortunately cards still retain magnetic strips so that they will work in places like the states. This means cards can still be skimmed, copied and used. but if the card is skimmed in Europe and then used in the States it is is pretty easy to prove that it was not you.
Card security is like any other security. It is as strong as the weakest link. Unfortunately that is the USA at present