You are kinda right, but it depends… In usual integrations, merchant checks if 3d secure is offered for a card. If yes - they show 3d secure window. If nope - they continue without it. That’s the most common integration logic.
However, some merchants choose to automatically reject transaction if user has a card without 3d secure enabled. After successful 3d secure check, responsibility for fraud is shifted to a bank - if customer claims they didn’t make the purchase, but 3d secure was completed, then merchant doesn’t need to give the money back. I may be oversimplifying, but more or less that’s the whole point of not allowing any transactions without 3d secure enabled & successful.
While I don’t know if that’s the case with Papa John’s, we had some reports that Monzo wouldn’t work with those merchants that force 3d secure (don’t chase me for links, I had seen it scattered in multiple places and I don’t remember keywords to search for).