The problem with these schemes is that:
a) Not every merchant uses it - as long as there are major merchants not using it, laundering stolen credit cards will be possible.
The card brands could use techniques to get the merchant to adopt those systems by (1) offering rewards for using the system (eg. possibly lower interchange rates) and (2) discouraging merchants from choosing not to use the system.
That's not how it works. The typical approach to a merchant from banks is "my way or the highway" (i.e. find someone else to process your payments if you don't agree to our fees, terminal rent and onerous conditions). Many, especially small, merchants are even refusing to accept carts outright for this reason.
b) They are a major pain to integrate into existing payment workflows => many major merchants don't use it ...
See above. There are APIs that simplify the integration and the online shopping cart providers will provide both the connectors to the service as well as the consulting to help the merchant.
That's again not how this works. The APIs do exist but their integration is your (= merchant's) problem. The bank/card issuer will not help you at all there. If this was so easy, why there would be such proliferation of services such as Stripe that outsource all this and will do the payment processing for you.
c) It is problematic for the paying client
The client sees nothing. It's frictionless and that's the point.
I don't see how requiring additional authentication from the client is "nothing" or "frictionless".
d) The system has a fundamental issue that the client has no way to validate that the security prompt on the screen actually comes from the bank's website.
See above. There are no prompts for the user to validate. But they are still protected.
Then we are likely talking about totally different things. ECB requires explicitly that all card payments will have to be authenticated by a separate channel, e.g. that code delivered by a text message. 3D Secure was designed for exactly that, as a replacement for "Verified by Visa" and other similar systems. If there is no "prompt", there is no authentication and thus no protection.
This description of 3D Secure explicitly talks about these codes (one time pad codes) and also the redirect to the secure portal where the code has to be entered by the card holder:
https://support.payfast.co.za/article/17-how-does-3d-secure-workIt is definitely no magic there, the only significant difference between 3-D Secure and the earlier schemes is that it is unified and not proprietary for each card issuer, which was an unmanageable mess.