> This is one of those levels of monitoring that only gets put in place after such an event.

For a website, yes. But honestly the credit card people and their infrastructure should probably _also_ watch out for this. They'd be in a much better place to detect these.