There is no gap between those things. Any fraud signal at all either causes people to get blocked, then it's a cross-merchant block, or it doesn't cause people to get blocked, then it's useless.
The gap between "block transaction" and "don't block transaction" is nonexistent and that's the only thing that actually matters. What else are you, as a payment processor, gonna do besides block a transaction? Allow the transaction but send the user a sternly worded email?