no, but it is _tremendously_ more difficult than email or even ID scans (unless you're doing actual verification, which is both more expensive and complicated than just charging a nominal fee or even just attaching a Card object to a stripe customer). Just getting to stand on top of an extremely robust existing system (payments) gets you so much adjacent help in keeping bad actors out, or at least getting it down to a human-team manageable level. It can be the difference between a viable business and not.

› extremely robust existing system (payments)

It is not, indeed.

The first part is its goal: identity is secondary, the main purpose is money. It means a customer can put a fake name and address as long as the money part is considered OK. Most PSPs won't check the cardholder name (it can be used for fuzzy scoring, but exact match is a fool's errand). Address is usually only required for physical goods and won't be checked otherwise. And 3DSecure will shift the blame enough that the PSP won't need to care that much about the details.

The second part is the whole mess that comes with payments. You'll become a card testing pot in no time, and you'll be dealing with all the fuss just to check identities, you'll soon be rising the token payment to a significant amount to cover the costs, and before you realize it half your business has shifted into payment handling.