3D Secure isn't exactly 2FA, at least how it was initially implemented; it was more along the lines of a static password. Plus, there are enough non-supporting online merchants that it's easy to use one of those instead if one forgets that password.

The more recent implementations work like what we usually think of as 2FA, where a one-time code gets texted or emailed. That along with a lot more merchant support (possibly mandated by card networks and/or the law) would probably result in a lot smaller of a drop, if one were to occur at all.

This is all likely moot, though, as banks in the US are reluctant to introduce any sort of friction whatsoever--either for in-person transactions or otherwise.