That if you lose access to all of the 2FA methods you have available, you should just lose access to your account and there be no way to recover it.
If there is a way to recover it, that has to be secured too and, there are only a limited number of ways you can do that (and the more that are enabled, the harder it is to secure). Most services with 2FA offer a set of one-time codes that you can write down and store securely at multiple locations (safes in different places, safe deposit box etc). It is not that hard to avoid losing access if you care. If you don't care enough about the account to do this, just accept losing access, cancel the card payment authorisation and, lose it.
Companies should not grant access to accounts with 2FA by letting you call support unless they at least take proper steps to ensure that you are the account owner, which is pretty impractical in most cases (it is either too costly to be worth it or, too hard to do well enough). Demonstrating that you are the account owner to recover it if you have lost 2FA access should at least require a visit, in person, with photo ID being checked with the relevant authorities (for example the passport service examining your passport to check it is not a forgery) and, multiple people who can attest that you are in fact the person in the photo, to recover an account, for which they would presumably have to charge hundreds of dollars. It seems easier to just not offer recovery in most cases.
Unless you have written backup codes, there should not be a resolution possible. You either remember to changes phone #s before you change them, or you are locked out. Deal with the phone company.
If you're sending me a bill, you need to provide a way for me to resolve an issue such as this. "There is not a resolution possible, we will continue billing you in perpetuity thank you good day" is not acceptable. (It's AWS and they do, so maybe it is, but... try building a new service that isn't AWS with that attitude, and see how far it gets you!)
I kind of see chargeback as a potential resolution for this. If you lost access to your account and can't shut down billing via the normal route, you could still stop payments from your bank or credit card. That is the ultimate source of truth anyway, in regards to payments, so you could "prove" who you are by stopping all continuing payments to the service.
So say I do this, and later my account is sent to collections. Can you think of a worse possible outcome when your phone is dropped in the toilet if you have no scheme for 2FA recovery?
My cloud-hosted business gets shut down, credit score tanks, because of the combination of my butter fingers and your secure authentication scheme! Might as well not employ any CSR drones at all if you're not going to handle this case. Maybe I'm exaggerating, but this is not a great strategy for customer satisfaction or retention.
To the extent that in a dispute situation, who pays the bill =/= whomever holds the keys, my preferred customer service strategy would tend to favor who is paying the bill.
I haven't heard of hosting companies sending anyone to a collection agency. It could happen, sure a but I think it's more likely they just cancel your account and suspend all continued hosting (which, if you believe 2fa should be impossible to circumnavigate, this is probably the ideal outcome). From there you would probably open a new account and start over.
I could see the argument either way on if this is the most optimal solution or not.
If there is a way to recover it, that has to be secured too and, there are only a limited number of ways you can do that (and the more that are enabled, the harder it is to secure). Most services with 2FA offer a set of one-time codes that you can write down and store securely at multiple locations (safes in different places, safe deposit box etc). It is not that hard to avoid losing access if you care. If you don't care enough about the account to do this, just accept losing access, cancel the card payment authorisation and, lose it.
Companies should not grant access to accounts with 2FA by letting you call support unless they at least take proper steps to ensure that you are the account owner, which is pretty impractical in most cases (it is either too costly to be worth it or, too hard to do well enough). Demonstrating that you are the account owner to recover it if you have lost 2FA access should at least require a visit, in person, with photo ID being checked with the relevant authorities (for example the passport service examining your passport to check it is not a forgery) and, multiple people who can attest that you are in fact the person in the photo, to recover an account, for which they would presumably have to charge hundreds of dollars. It seems easier to just not offer recovery in most cases.