The vast majority of payments fraud is caused by the regulatory environment. Use cards with chips that can be read by commodity PCs and phones using published open standards and then require the card to be physically attached to a device to authorize a new merchant and criminals can no longer make fraudulent credit card charges without stealing the physical object or breaking strong cryptography.

The only reason we don't have this already is that the law makes it so hard to start a competing payments network -- in no small part as a result of KYC requirements -- that the incumbents are insulated from real competition and then don't have to fix the flaws in their systems.

Meanwhile you don't actually need everyone to do it, all you need is someone to do it and then that both becomes a competitive advantage in the market and allows any victim of official misconduct to use that one.