Of course Stripe would oppose it. It stands to lose transaction volume.
I haven't researched this law more closely, so I might be missing something, but... this requirement seems mostly sensible? I might disagree with details, but I support the premise.
The vast majority of online purchasing UX I see in the US makes it possible to charge a credit card with just possession of a card and some public records searches about the card owner's residence. Requiring a second out of band verification from the payment account owner would be a very sane way to prevent stolen payment info.
Sure, it might drop conversions by 25%, but given how getting your information stolen from someone who probably has your payment info is not a matter of "if" but "when" in today's climate, maybe it's time we modernized how we pay for things online.
I completely agree. Just because it's difficult, and may bring short term draw backs, doesn't mean we shouldn't take steps to better ensure consumer protection.