It’s authentication security; ie who ever is using the payment method is who they say they are… and are authorised to make the payment.
TOTP is a time based one time password, such as you get with a digital cryptographic key validated Authenticator application or dongle… such as Microsoft or Google Authenticator.
2FA is 2 factor authentication. Having a method with just a single factor such as password or PIN is these days considered weak authentication, it’s more secure to have multiple factored authentication… further it’s better to have the authentication factors split across something owned, something known and something you are.
An OTP is a regular one time password. An OTP provided by mobile text is now not considered secure by the US National Institute of Standards and Technology (NIST)
However credit card authentication is governed by PCI-DSS (Payment Card Industry Data Security Standards) that have not aligned with NIST at this time… perhaps due to issues of alignment with how credit cards are used, and the mechanisms by which authentication is made to enable a payment.
In short a digital payment system potentially can offer a higher level of user/owner authentication than current credit/debit cards. PayPal meets that requirement for me… and @sound-hound was asking for reasons… and I was giving mine… but I work in a related industry so perhaps more aware than some.
Hopefully that makes sense… it’s all about mitigating the impact of theft of card or numbers and preventing fraudulent use.