In the EU (but not the UK), banks will send you a text for EVERY credit card transaction. If there's a problem, you can contact the bank. It's also free.
Are you really telling me, in this day and age, that we can't have suspect transactions result in a text to your phone that you can then authorise - even before the web page refreshes?
Banking is so in the 1950s of computing that it's laughable. It's done deliberately in some circumstances to profit from charges, fees and the timings of clearing payments. But you can't claim fraud if you haven't taken SIMPLE measures against it.
Like asking the user to confirm suspect transactions using a secondary method (that can be phone for old people without mobile phones, text for those with phones, maybe even the bank's secure app if you so choose). Declining a card transaction because it comes from an unusual place is no longer a metric to decide on the suspicion assigned to a transaction. I've purchased from all over the world, especially in the run-up to Christmas when Amazon, eBay et al only stock the normal boring stuff and I want something a bit different.
In one instance, my Italian relative came over, went to a DIY store with us, paid for the transaction and KNEW BEFORE WE'D HIT THE DOORS that he'd been double-charged on his bank account. A text came through, then another, in a foreign country, before he'd even left the shop. And we were then able to cancel the second transaction.
Why the fuck isn't just this standard practice?