For example in Taiwan, in their online grocery ecosystem all the market participants use the same kind of SMS verification step that is intercepted at the card network stage (the issuing bank doesn't see this activity). So Visa and MasterCard both generate the challenge, but US card holders do not see this, and US customer support does not know what to do on the back end to support it.

I know somewhere, there is some kind of setting that interfaces with for example, Visa International, but only a credit card industry domain expert with the lingo would know the right words. I suspect I need a Chip and PIN EMV card issued, and it drops to SMS for certain online transaction types, but that's just a WAG at this time.

I've run into similar exceptions elsewhere in transactions that require some kind of national ID number tied to a delivery address for higher-value orders.

The types of risk profiles associated with many new use cases is fracturing credit card handling, but the use cases international travelers encounter is so small it isn't worth addressing just for that demographic. However, as the Net continues to bleed international transactions across borders (AliBaba is just the beginning), I think this will be a very lucrative market for the first-mover to do the Uber-like Herculean work of addressing every jurisdiction's concerns to put them all under a next-generation credit card.