I mean, if they knew where you usually shop online, probably not. I generally get the popup when either:
1: Shopping somewhere for the first time
2: Certain businesses (presumably those that are more often targeted for fraud I guess?)
I bet if they tried to use a different delivery address (and the shop passed that on) it should (I think at least) trigger a security check.
In shops especially with contactless it’s very unlikely to be stopped though. But I think the bank needs to eat the contactless losses if I remember right. I do recall there’s a maximum number of contactless payments you can make in a given time before it forces chip and pin though.