https://stripe.com/docs/billing/migration/strong-customer-authentication

If I read it right, it means that the EU is forcing a 2-factor authentication flow for every single payment, recurring or not.

I'm running a SaaS business (https://talkjs.com). My reading of this is that we have to send every EU customer we have an email each month that goes "Hi! It's time to pay again! ^_^" with a link. They then have to click that link, login to our site, and then go through a 2-factor payment authentication flow. This means they need to have all the required gear for that on them, which depending on their bank will often mean having a special bank-issued debit card reader ready that can generate unique one-time auth codes.

Our customers will get one such email every month for every service they use. If they're a SaaS-heavy business like we are, they'll get tens of these emails each month, driving them mad and away from us, to any alternative that can help them escape from this madness.

Am I reading this right? Is this stuff really this insane? Does anyone have more insights here? Mitigation strategies?