As noted by kelalaka, there seems to be an implicit assumption that a "transaction" contains multiple separately authenticated messages, and that the messages are not chained in any way (e.g. by including the previous message's MAC token in the input to the next message's MAC calculation).
It's worth noting that such a scheme does not protect transaction integrity anyway — an MITM attacker could reorder, remove or replay messages within a single transaction without being caught by the MAC. The birthday attack, as described, only gives the attacker the additional freedom of replaying messages from one transaction to another one using the same MAC key, which is not much of an extension of the (already pretty bad) vulnerability to MITM attacks the scheme would have even with longer MAC keys.
In principle, birthday attacks can affect even otherwise well designed multi-message authentication schemes, if the MAC key and/or tokens are too short. The details, however, depend a lot on the scheme, and usually such attacks will require more than just a short key.
For example, let's assume that the $i$-th message in transaction $t$ is authenticated by the tag $$\tau_{i,t} = \operatorname{MAC}_{K_t}(\tau_{i-1,t} \mathbin\| i \mathbin\| m_{i,t}),$$ where $K_t$ is the per-transaction MAC key, $\tau_{i-1,t}$ is the MAC tag for the previous message in the transaction, $i$ is the message number (padded to a fixed length or otherwise unambiguously separated from the other MAC inputs) and $m_{i,t}$ is the message to be authenticated.
Then, to be able to replace the tagged message $(m_{i,t}, \tau_{i,t})$ with a previously intercepted one $(m_{i',t'}, \tau_{i',t'})$ from another transaction $t'$ and have it pass MAC validation, the attacker needs not just $K_t = K_{t'}$, but also $i = i'$ and $\tau_{i-1,t} = \tau_{i-1,t'}$. This could happen by chance, if the combined length of the key, the tag and (typical values of) the message counter was low enough, but it's a lot less likely than just two keys colliding. In practice, it would also require the tag (or the key!) to be short enough that it would be directly vulnerable to brute force forgery attacks even without exploiting the birthday effect.
Thus, while the overall point the book is trying to get across — that keys should be long enough to avoid birthday collisions — is a good principle to follow in general, I'm not convinced that the actual attack they present is a practical one, at least not against any schemes that aren't already vulnerable to much worse attacks anyway.