Really really, it's like that here. I guess it's somehow cheaper to write off fraud than updating everything? Probably some actuary sweating the day the scale tips the other direction.
It's incredible how lax the rules are for how verified the CC information needs to be for a transaction to clear. There was a HN article about it not that long ago, w.r.t. dealing with Stripe or one of the other big processors. Stuff like the CVV can be wrong, the issued name can vary by some heuristic, etc.
