in europe 2fa is mandatory for all (or almost all) online purchases, especially first time purchase from a merchant when your card hasn't been authorized. Sites using stripes' link get away with no 2fa most of the time, but not all the time.
Make it mandatory on visa/mastercards level, and you won't loose much sales, as all transactions would require it and people will have to 2fa everywhere.
Yeah, and this is actually a huge pain for visitors. I was in Europe a couple months ago and couldn't buy stuff like train tickets online. Why? Because everything wants to verify with a text, and I couldn't do that because I had gotten a European SIM card because my US plan doesn't do international roaming.
There are several colliding problems there (cheap cell phone plan, 2fa being via text, online purchases requiring 2fa) but it still illustrates to me the pain of doing simple stuff in the modern tech space. I wish the powers that be would work harder on solutions that don't require extra work from the people doing small, normal stuff. It would be better to have a lot more fraud occur but a lot more of the perpetrators pursued and caught. A lot of anti-fraud measures seem to be largely about passing the buck to someone else instead of actually eliminating the humans who are driving the fraud.
