Working in information security, I see this a lot in security practices for US companies. The client says "let's block all traffic from outside the US" because they don't do business outside the US. Then come to find out they have contractors in India... and a partner datacenter in Singapore, and oh yeah their factory in China. And now the CEO is on vacation in Costa Rica and can't get on the VPN. And oh shit, there's the field office at one of their suppliers in the UK.

I say this as an American who has never lived outside the US but who deals with international clients regularly: the US seems uniquely inclined (in my experience) to think that everything they need falls within their borders, and everything outside their borders should be treated with suspicion. I've never had a German client want to block all traffic from South Africa. That's just an observation, I make no judgements as to why that is.

I did have an American university for a client who said "we cannot block or otherwise discriminate traffic from anywhere, since we have students or staff in every country outside of North Korea" which is a refreshing outlook IMO.

Do you know if this mainly a Visa/Mastercard issue or does this affect American Express as well? The latter isn't a network of banks and seems to be less restrictive towards international payments, but I could be wrong.

FWIW, I paid with AMEX (using Stripe not PayPal) and it went through right away.