Maybe it depends on the country, but here in the EU with the latest regulations we have MFA for payments, with either an SMS, or authorising in the bank's app all payments over a certain sum. So the merchant, the payment processor and the bank are a 100% sure it's you.
The only case remaining is "i did initiate the transaction, but the merchant scammed me by not providing what was agreed".
You need to steal someone's bank card, know their phone number and operator, socially engineer your way through it, execute a payment and validate it with the code received by SMS, before the victim realises either their card is missing or their SIM card no longer works? That's a stretch, and in any case that's why most banks do MFA with their app.
The only case remaining is "i did initiate the transaction, but the merchant scammed me by not providing what was agreed".