Because the banks and vendors are liable for unauthorized charges in the US [1], not the user. The banks/vendors handle the fraud in aggregate on the backend. They could roll out fraud prevention at the end-user level, but they choose not to; which means it is probably not worth it for the issuer relative to the extra user convenience (and extra charges).
In contrast, in many places in Europe the user is responsible for unauthorized charges. Regular people care a great deal about not being wrongfully charged as that is almost always proportionally worse, so they demand robust end-user protection so they will not be wrongfully charged.
This is kind of a case of, “everybody would drive safer if instead of a airbag you had a bunch of knives that shoot out and kill you if you get in a crash”.
In contrast, in many places in Europe the user is responsible for unauthorized charges. Regular people care a great deal about not being wrongfully charged as that is almost always proportionally worse, so they demand robust end-user protection so they will not be wrongfully charged.
This is kind of a case of, “everybody would drive safer if instead of a airbag you had a bunch of knives that shoot out and kill you if you get in a crash”.
[1] https://www.law.cornell.edu/wex/fair_credit_billing_act_(fcb...