[Styn]

Yeah, where I'm from (Belgium) 2fa is the industry standard by now, and fraud cases were reduced immensely when a previous employer of mine made the switch several years ago. But like you mentioned, this is not just up to devs in most cases...

[angus-prune]

How does 2fa work in practice for credit card payments?

[Symbiote]

Both my Danish and British accounts send an SMS for some purchases, usually only larger ones. I have to type it into a box on a form.

They used to use a password, but that risks people putting their bank password into some dodgy shopping site.

VISA's implementation: https://www.visaeurope.com/making-payments/verified-by-visa/

[Styn]

Bit of a late reply but almost all companies use something called a digipass, you insert your card and input a challenge code and your pin. https://i.imgur.com/10OChcv.jpg