The short version is that these mechanisms train consumers to provide their private account data to anyone claiming to be the card issuer. The problem is that there’s no way for the user to know that the data is being transmitted to the vendor rather than an imposter.
It makes you wonder what requirements were given to the people that designed the process. From my experience these verification processes cause a not insignificant drop-off in the success rate of payment processes, ie. fewer sales. With that (and the security problem) in mind it’s a fair bet that this particular family of verification mechanisms won’t last that long.