I am not a shop, but I do believe the OCUK shop is a shop.
Can't see any way to 2FA my store account?
Your store account will probably flag up any attempt to ship to somewhere other than your billing address for verification manually (and quite possibly block it completely), the card issuers will randomly ask you to submit a code that is emailed/texted to you before completing the checkout* even if it's to your card address, and will do so with increasing regularity if it's either a large purchase or something unusual for your card account.
Basically the store has anti fraud measures already both at the store level and at the banking level (and the banks have spent fortunes on their antifraud systems), so the most someone could realistically do if they got into your store account is look at your orders, they would run into multiple issues if they then tried to get anything out of it by say placing an order, even if you've saved your payment method.
Effectively the store already has something like 3 or 4 levels of authentication, password, card address vs shipping address**, and the banks antifraud system (including one time codes), it's just that you don't notice them.
Meanwhile on the forum the only thing stopping someone from committing fraud with a compromised account in MM was their normal password.
*Verified by visa, Secure code etc are/were forms of 2fa, now they're actively asking for a code that is sent by mobile phone or email instead, and I've had such requests on my home deliveries at £50 from Tesco despite having used that service for the last 5 years to the same address.
**Many retailers will only ever ship to the card holder address unless you jump through some extra hoops.
