I’ve done some work in this area before (considering optional user fraud controls) - this is an area where user preferences vary widely - infact in one of the user research sessions, the user was so unconcerned with fraud they were completely perplexed as to why we would introduce optional fraud controls (“managing fraud is your job, why would i care what authentication levels are there, are you saying your product is insecure?”) - they were also of the opinion with cards/online fraud that it didnt really matter as they could always get the money back from the bank and a new card!
I guess the fundamental point that user had there was that as the consumer is protected from fraud losses by the bank/visa/mastercard rules, why would they want anything that would introduce potential friction to the payment journey