I always wondered about this. Do companies tie the credit card to an identity to block or do they just block the cc number?

If the latter, seems like a small friction point for a consumer. Given how often cc numbers change and how many an (American) consumer has, this won’t block anything unless you are charging back more than once every few months.

▲

SyneRyder 4 hours ago | parent | next [-]

It's up to the company, but since many companies don't want to keep card numbers around (and some processors don't let you see the card number anyway), they're probably more likely to block on identity. Maybe flag the IP address of the transaction for "additional screening" on all future transactions, etc.

▲

master_crab 34 minutes ago | parent | next [-]

IPs are notoriously unreliable for identity pinning, particularly in this age of CGNAT.

If they can’t or don’t want cc numbers (makes sense considering how painful PCI guidelines are anyway) does that mean they need to rely on more tools from the processors or user accounts maintained by the merchant themselves?

▲

nubinetwork 4 hours ago | parent | prev [-]

CC numbers are also bound to get recycled eventually as cards expire and/or get replaced... even if you block a card, it might have a new owner 6 months or so later.

	▲	ValentineC 3 hours ago \| parent [-]
		The number space between the first 6 digits (BIN) and the Luhn check digit is 9 digits — that's 1 billion numbers that issuers can give out before a collision happens.

▲

FireBeyond 4 hours ago | parent | prev [-]

Except the banks have "helpfully" provided a service to merchants to tell them, "this card has expired, here is the new number to charge" (or expiry/CVV).

I remember getting into an argument with a bank teller about me wanting to block/dispute transactions and how they kept approving transactions. "But you have an agreement with the gym..." That's between me and the gym, not for you to facilitate on their behalf.