[hibikir]

If you have a brick and mortar business, probably nothing. If you are selling on the internet, and, probably put a step between you and an old school credit card processor that will do that checking for you, professionally. There's just way too much money in credit card fraud to have anything that even resembles good online protection as a small business.

Some fancy online card processors will do this for you automatically. Otherwise, there's companies that do this logic for you, and work across processors.

Ultimately, we should all get out of the business of transferring money by just entering credit card numbers, which are easy t copy. Many parts of the world are already moving to systems that require 2fa, and fraud rates drop like a rock. Good luck convincing US banks and online retailers to change everything to do this though.

[Styn]

Yeah, where I'm from (Belgium) 2fa is the industry standard by now, and fraud cases were reduced immensely when a previous employer of mine made the switch several years ago. But like you mentioned, this is not just up to devs in most cases...

[angus-prune]

How does 2fa work in practice for credit card payments?

[Symbiote]

Both my Danish and British accounts send an SMS for some purchases, usually only larger ones. I have to type it into a box on a form.

They used to use a password, but that risks people putting their bank password into some dodgy shopping site.

VISA's implementation: https://www.visaeurope.com/making-payments/verified-by-visa/

[Styn]

Bit of a late reply but almost all companies use something called a digipass, you insert your card and input a challenge code and your pin. https://i.imgur.com/10OChcv.jpg