SCA (strong customer authentication) should indeed move the liability for fraudulent purchases to the issuer. Wording in contracts may still mention other things. We had to, for one specific payment service provider, explicitly tell them to only allow card purchases using SCA since we had problems with stolen cards. With some PSPs we could just refuse certain ECI codes. Been a few years for me and YMMV but if chargebacks are causing headaches it might be worth looking into.