They add a step during which you are communicating directly to the bank, not going via the retailer. This makes it harder for a malicious retailer to make unauthorized withdrawals, and also makes it harder for you to deny a transaction that involved the use of your security code. This is obviously of benefit to the bank, and so is indirect benefit to you since the bank spends less to recoup its fraud losses and can afford to charge you less / pay you more; how much direct benefit to you there is is debatable (some would even go so far as to say you are worse off, as if your security code is stolen it is harder for you to deny the transactions).