Of course the situation is unsatisfactory. But I like the 3D-Secure approach.

Unfortunately the implementation is card provider specific and quality varies.

I had a VISA once where I could enter a custom phrase that was displayed to me on every "verified by VISA" dialog.

Combined with displaying the dialogue in an iframe this practice seems strike the best balance between usability and security.

Of course as coinbase would have to implement something like this by themselves, but I that seems feasible.