If it wasn't me who made the transaction, they won't be able to prove it because such proof cannot exist by definition. They can (and most likely will) try to claim otherwise, but best they can do is say that they've scanned something that resembled my eyes to them. It's like with cloned cards (or even EMV proxy attacks) - yea, they've read the magstripe that read as my card, but they can't counter the fact that I was not physically present in that store paired with a statement that I haven't made that transaction.
Also, in my experience, when a fraudulent transaction happens, banks tend to not challenge it much. When someone impersonated my card (I'm not sure but I suspect it was a BIN stuffing attack, since it was a sock drawer card) they just handled it without any issues.
3-D Secure shifts the risk/convenience balance and adds additional security checks, but it doesn't make customers liable for fraud.
Also, in my experience, when a fraudulent transaction happens, banks tend to not challenge it much. When someone impersonated my card (I'm not sure but I suspect it was a BIN stuffing attack, since it was a sock drawer card) they just handled it without any issues.
3-D Secure shifts the risk/convenience balance and adds additional security checks, but it doesn't make customers liable for fraud.