Well, I would trust a notification of a text message than a submission of a form from a potentially phished account. Then the issue is stolen cards, and ramp-up of merchants and payers is a good way to limit risk.
I think this is a user issue. People don't currently pay with there phones. There are a bunch of options for it.
Stolen cards is a huge issue. I actually think being a smaller "Penn students and surrounding businesses" type of play would make it easier...there's less incentive for the online-only stolen card gangs to take over.
This isn't US-specific, but according to the PayPal interview in Founders at Work, the problem is fraud.