Credit cards payments are exactly just like SMS 2FA, both are insecure by design and served the purpose before the internet, trying to shove old tech into new one and expecting it to work well is just naive. Instead of spending time and resources by big corporations to create such “web environment integrity”, how about creating a better more secure, fraudulent proof system instead?