>Understand this is an issue in the merchant's processes, not with Bitcoin
Sure, but the end result is the same. It's irrelevant whose fault it is.
Or, reversely, nothing prohibits buying with credit cards online to be done differently and be safe from such fraud (e.g one-off credit card numbers with token generators).
But in the real world, credits cards are used the way we know, and merchants accepting bitcoin still ask for those details.
No it is not: with Bitcoin, an attacker knowing your billing info cannot steal your coins. With your CC info, he can make fraudulent purchases (obviously).
Even virtual credit cards are not safe from fraud. Some transactions over the maximum spending limit or expiration date might still go through [1]. This makes none of them truly single-use since multiple charges can go through. Also, they are a PITA to use especially if you want to regenerate a one-off CC number for every transaction (which nobody does - there is no such thing as a "token generator" as you claim). For these reasons banks have been in fact discontinuing virtual CC services over the last few years, eg. see [2].
By contrast, a Bitcoin transaction is truly a one-time payment that is cryptographically authorizing a specific payment amount to a specific address, and nothing more.
Sure, but the end result is the same. It's irrelevant whose fault it is.
Or, reversely, nothing prohibits buying with credit cards online to be done differently and be safe from such fraud (e.g one-off credit card numbers with token generators).
But in the real world, credits cards are used the way we know, and merchants accepting bitcoin still ask for those details.