That's got worrying implications if it turns out the fraud is caused by penetration of back-end systems if the merchant gets hacked, though. Guess I'm glad all "Card Not Present"s end up pinging my watch (that's how I got wind of the latest fraud last year).