I really wish they had multi-factor authentication like bank transfers have. The only credit-cards that I use are prepaid ones, for the reason you just mentioned.
Confirming online debit and credit card payments with a one-time password has become a standard practice in the EU. These solutions are also available in the US, are they not being adopted by banks there?
It's not just in Europe, even here in West Africa OTPs (and hardware tokens) have been standard practice for years. I always feel weirdly unsafe interacting with US-based companies/payment processors.
They do in Europe. Since 9/13 it is mandatory for online transactions with some exceptions. The implementation is up to the bank, so can take different forms.
In my case my bank has an app which will show the transaction and I can then accept/reject. My mom's bank's implementation looks very much like TOTP though I haven't investigated if it is.
Here in Poland there is also an instant electronic transfer called BLIK, where you confirm the payment as well. What is sent is a temporary numeric code to the terminal (it can be typed in as well as sent over NFC or QR code) and it is similar to automatic escrow. Disputes work differently depending on the bank though.
And in some banks they're starting to roll out OTP 3D Secure etc. confirmations even for PoS terminals above certain value. Most terminals support it, it's just a hold on transaction.