Is that really a sensible security process? I know that anyone with physical access to the card can use it anyway online but it makes it easier to clone a card if you can just get the PIN of the internet by typing few numbers into a website.
Ideally I would like to see the security code on the back of the card replaced with a two-factor authentication system where the app gives you the code to put on the website when making a transaction. (Discussed extensively on other posts). To then make the PIN available to anyone that can see the numbers on a card defeats the purpose of all this added security.
By all means, give us a secure in-app facility to retrieve our PIN. Please, do not link it to information on the card!