It's not really an attitude. I get that legitimate orders go that direction too. It's a flag to check into the order further. Same for vacant-looking addresses, mail-shop boxes, and so on...many are legit orders, many aren't.
With credit card fraud, the merchant holds 100% of the liability. They lose the item they shipped, the shipping costs, the associated revenue, then some chargeback fees on top too. So, they check on things that could be fraud.
I believe this is further along in other countries, but in the US, you lose a lot of sales as legit customers don't remember their 3DS passwords. I see stats quoting pretty high 3DS adoption in the US (30+%), which seems odd to me personally as I've never been prompted to use it.
3DS to me is still a Nintendo handheld game platform. I've never been asked to use anything other than 2FA — usually pretend 2FA in the form of a text to a mobile number. My hardware 2FA mostly sits unused, because almost nobody asks for it.
With credit card fraud, the merchant holds 100% of the liability. They lose the item they shipped, the shipping costs, the associated revenue, then some chargeback fees on top too. So, they check on things that could be fraud.