GregM:  I do get it, and I know what they are trying to do, but they shouldn't be and there should be no need to do so.  

You said that "the merchant should already have it, so I would be questioning why they do not have it" which doesn't really fit with "I know what they are trying to do".

GregM:  Its not up to the merchant, if the Bank approves it (doesn't block it due to it being stolen), then its on the bank, not the merchant.

I've done some more digging on this, its pretty rare for merchants to ask for this.  Typically its because the bank has approved it, but for some reason they don't get the code.  I don't really see how this happens thou.  They should go through the proper channels, not ask you as the cardholder to obtain it.  As for ID, there is nothing on them to do this, so again, any fraud would be on the Bank.  Since this isn't very common, I don't think banks actively do anything to stop this, but they should be reporting through the card schemes so the merchant can be advised to stop the process.

Very wrong.  If the card is reported stolen, the bank claws back all transactions since the point the card was supposedly stolen, and it's on the merchantsnot the bank.  In fact, since they're also slammed with a chargeback fee and no longer have the goods or service either, merchants are triple slammed.  The bank only takes the loss on Card Not Present transactions where 3DSecure authentication was attempted or Card Present transactions where you can somehow prove beyond a shadow of a doubt that the real cardholder made the transaction (which is impossible, since the merchant agreement forbids requiring ID with credit transactions, so you can't conclusively verify a customer's identity).  And I actually have a merchant agreement, and have read it.