"decades ago"

Granted, I'm mostly familiar with the Scandinavian bit of Europe, but you can't do jack shit with banking without 2FA which is tied into the national population register.

They decided in the 80ies or 90ies that "relying on knowing secret fixed magic numbers" was not ideal for authenticating people, and sat down and worked out solutions to that problem.

In the UK direct debits don't require 2FA (but do require approved forms either online or on paper) but you can also very easily get a refund for any direct debit taken from your account so I assume it's simply not worth the scammers' time.

The way SEPA direct debit mandates work is absolutely mind boggling.

You'd expect it to work like Paypal, where you have to sign in to your account to authorize the direct debit mandate and also have the option to revoke it there.

No, the way it works is that you have to print out a form, fill it out and send it to the payee who you are granting the direct debit mandate, e.g. your landlord. Your landlord then sends a copy of the direct debit mandate to your bank and the bank authorizes direct debit payments immediately without asking you.

If you want to revoke the direct debit mandate, you have to send a form to your landlord that you want to revoke the direct debit mandate.

This is mindbogglingly stupid, since the payee has no obligation to process your revocation immediately and can take their sweet time.

Canceling a direct debit mandate has no impact on your obligation to pay rent. It makes no sense that you have to inform the payee and let them gatekeep the revocation. It also makes it possible for unscrupulous people to request a direct debit mandate without your knowledge.