No, the laws are different- and more consumer friendly in the US- so the US consumer behavior is different.

Back when credit cards were first starting out (which happened in the US) the US Congress passed a law- the Fair Credit Billing Act of 1974- that consumers were only liable for $50 of losses as long as they reported the missing credit card within 60 days of the end of the fraudulent billing cycle. This was back when credit cards purchases were all made on paper with the machine that went "kachunk" and transferred a carbon copy of your card- everything was done completely offline. That law has not been changed, in fact, most banks completely waive the $50 and don't hold card-holders liable for anything reported (basically, annoying a customer over $50 isn't worth it to the bank). Thanks to the internet, suddenly cards got a lot easier to steal and a lot easier to exploit- but banks are still on the hook for all losses reported within 60 days of the end of the cycle. The result is that American banks have invested an enormous amount in real-time monitoring of credit card transactions, and are doing lots of stuff to monitor this- they care deeply since ultimately they are on the hook- but the consumer doesn't care. This is why US card's from the consumer perspective are so much laxer, because our banks have invested far more on the back-end because the consumer is held harmless in a way they aren't with European cards.

As a totally separate issue, the EU has regulated the amount of interchange fees that card-companies can charge, but the US has not capped them. The result is that US card-holders can get significant kickbacks for using cards (especially true for the top decile of wealth), in a way that is functionally impossible with EU issued cards that have capped interchange fees. There is a big lawsuit happening now to try and allow merchants to only accept low-fee cards (the standard VISA/MC/AMEX deal requires treating all cards equally, which gives them an incentive to push people to higher interchange cards). We will see what happens with that suit, but until then, American high-spenders can have much higher rewards on their cards, which also encourages greater use of the cards- and making them have less friction than the EU versions.

> I don’t get it, do US citizens prefer being defrauded over what is perceived as a slight inconvenience?

Do you think we are requesting to have less secure payment methods or something?

No, we don't "prefer to get defrauded", but things like this are a matter of negotiation between the card issuers and the merchants.

IIRC, MasterCard SecureCode and Visa's verified-by-visa were more of a thing in the US maybe like decade or two ago? I think NewEgg and B&H did support it at one point? Afterwards, everyone has simply disabled the thing, and you simply get a wave-through by most issuers when shopping on foreign sites, where you get redirected to issuer's website, then back to the online shop, without having to type or confirm anything.

Back when it was a thing, it was quite a nightmare, where you had to register for a 3ds account, often separate from your normal online account, and keep a separate password etc. Then those iframe windows look exactly like the phishing websites, too.

Honestly, it's much ado about nothing. If the transaction is suspicious or likely fraudulent, today, you already get an SMS or an alert within bank's app on your phone. All you have to do is confirm and retry the transaction a minute later. This works for both in-person transactions, as well as remote ones, with the same flow, unlike 3ds, which only works for online shopping.

> I don’t get it, do US citizens prefer being defrauded over what is perceived as a slight inconvenience?

The general idea is that if the conversion rate drop of a given security mechanism is higher than the average fraud rate, it doesn't make financial sense to deploy it.

However, at the industry-wide level, this is a pretty classical coordination problem, in that conversion rate only drops because there still is a simpler alternative around unless all merchants and banks were to enforce 3DS at the same time. If there's nothing more convenient left to move to, users will for better or worse have to learn the new, more secure thing, and conversion rates will go up again.

This is what the EU has done with mandating 3DS for many payments, but even there regulators have recognized that a 100% coverage is counterproductive, and there's a sweet spot somewhere in the middle.

As more evidence for the same general idea: US credit cards don't have PINs, because any individual bank introducing them would see a huge drop in usage rates since customers would just use their competitor's card without a PIN instead. In other markets, all cards have PINs (whether due to regulatory invention or card network incentive), and people have just gotten used to them.

FWIW, HSBC USA Mastercard uses 3D secure if it's something you want and you're in the states.

How much is lost to fraud that would be prevented by 3d secure, 0.1%?