> What's different about Europe that they seem to have figured this out decades ago?
Our governments actually care about monopolies and security. The PSD2 directive was an utter pain to deal with, but at least it stopped a lot of common scams and thefts in its tracks, and it forced banks and other payment actors to open up their system.
> The PSD2 directive was an utter pain to deal with, but at least it stopped a lot of common scams and thefts in its tracks
Inded. More specifically SCA (Strong Customer Authentication) which is required by PSD2. VISA says the "SYH" (Something You Have) is either "a mobile phone, a card reader or other device evidenced by a one-time passcode".
Note however that I cannot log nowadays to any of my bank in the EU without having a big banner saying something like (paraphrasing): "WARNING: scammers are trying to steal your funds. Neither the bank nor the police nor anyone else shall ask you your PIN or to confirm anything on your card reader."
Basically: life is harder for scammers so they try to trick (mostly old) people into validating transactions over the phone.
Our governments actually care about monopolies and security. The PSD2 directive was an utter pain to deal with, but at least it stopped a lot of common scams and thefts in its tracks, and it forced banks and other payment actors to open up their system.