If they are just as insecure as credit cards, then I can understand they're a poor choice. But why doesn't the US use more secure bank cards?

There’s no such thing as a “bank card” you talk about. It’s called “debit card” and is the exact same thing, with the exact same baseline security.

What is confusing you is probably that European banks push 3D Secure really hard, so most online transactions are further verified, and that chip&pin cards and online readers are prevalent - the same thing Americans call “Apple Pay is supported”.

All that works on debit OR credit cards.

The European (I assume, I only know the ones from Germany) debit cards are distinctly different from credit cards or the debit cards you described in that they

* don't have the credit card like information like card number, verification number or CVC code.

* They are directly linked to a bank account like you described.

* They have the account number (IBAN) printed on them. Knowledge of that number doesn't get you closer to the money in the account, though.

* To actually use them on an ATM or at a POS, you usually use chip and pin. In the POS case, the POS randomly chooses between PIN and your hand written signature as proof of ownership.

* You can't directly pay with them online, though (ignoring extra features some variants have).

* To pay online if you only have one of those cards, you usually pay by wire transfer using your account number, the pin number from above and a tan (a single use number created for this transaction only). Money reaches the recipient between a few minutes and a day later.

* Practically everyone with a bank account has such a card.

Netherland is similar. Online payment is supported not through the card itself, but by the banks through a system called iDeal, which performs a bank transfer connected to a purchase in a webshop similar to how a PayPal transaction would work, except it doesn't rely on a credit card number, but on a through two-factor authorisation process between you and the bank.

The 2FA used to be done with one-time TAN numbers on paper, but many banks switched to a special device that generates these numbers on the fly based on your account, the amount transferred and some random number, and in recent years many banks are switching to a mobile app for dedication. But authorisation always happens through some form of 2FA between you and the bank, and never relies on sending any kind of sensitive information (like credit card numbers) to third parties (merchant, PayPal, whatever).

Sadly, iDeal is only supported by Dutch banks and Dutch merchants (and international merchants that care about the Dutch market, like Steam). I really wish there was something like this that was internationally supported. Relying on sharing credit card numbers, seems really backwards and terribly insecure. Well, it is terribly insecure, as evidenced by all the panic when a company leaks a million credit card numbers. You never get that kind of panic when someone leaks a million account numbers, because in a secure system, that's simply not enough to get any money out of that account.

The current setup seems to favor the card network providers / banks. There's not really an incentive to change. Why it's like that in the first place? IDK.