It's pretty annoying that they load all this pain and suffering onto the user who's just trying to make a purchase, when the company's database is often the weakest link.
This is fascinating to me. Why do we have to go through all these hoops with the bank and somehow, when the credit card # is eventually and ineluctably leaked, the thieves have no problem using it to make purchases, whiteout going through all these 3FA etc.
How is that possible?