The real problem is that American banks have the mindset that even a code sent by SMS is a major inconvenience to their customers, so having some/most foreign transactions fail (especially when most of their customers will likely rarely or never step foot in a foreign country, let alone buy anything from foreign websites) is an acceptable tradeoff. Make 2FA mandatory in the US (by card network rules and/or law) and the problem will solve itself.

(FWIW, I never have problems with my CSR on foreign websites. Meanwhile, I've had at least one Mastercard--which I'm pretty sure is supposed to send SMS codes if needed--simply never work. I could just be using the wrong websites, though.)