[michaelmior]

Shouldn't the issuer be able to figure this out on their own when they see the attempted charges coming in? It seems like the resources of the issuer would be better spent improving their own detection rather than dealing with third-party reports.

[michaelt]

Retailers might enjoy better information (account history, items in basket and suchlike), might have already borne the cost of manually checking the order, or might have better incentives (as it's them who loses money if an order was placed with a stolen card)

After all, if the issuer had been able to figure it out, the payments would have failed preauthorisation.