Based upon these experiences it sounds like Visa hasn't improved their security since 2016?
https://mashable.com/article/visa-ca...-security-risk
This is a major issue unique to Visa's security, as the team found that MasterCard's online fraud protections detected the guessing attack after 10 attempts or fewer, even spread out over multiple sites.
Unsure this approach works anymore or even if it was used in the cases above.
I'm laughing at Visa's marketing though:
At Visa, we have been developing our AI in payments for more than 30 years, investing more than $3 billion in AI and data infrastructure over the last 10 years to enable the safer, smarter movement of money and proactively identify and prevent fraud. We help banks confirm that you actually are the person making the purchase, whether you’re buying a new car, tickets to a concert or football game or simply checking out at the grocery store. With our AI-driven risk solutions, we help reduce fraud ($27B in 2022),² prevent breaches and protect the integrity of the entire payment ecosystem
Source:
https://corporate.visa.com/en/sites/...nsactions.html
Where did those billions really go?
But as someone mentioned, it is good to use Apple Pay and Google Pay out in the physical and online world if those are available as an option. These use tokenized credit card numbers which means that the merchant cannot get your real CC number.
A protip: the Aktia Finnair Visa app has a one-time-use CVV generator which you can find by clicking the card image in the app, card details, and then show more. Which can be handy in online payments. (The older Aktia MC digital credit card used to have this but has been replaced by AY Visa card now.)
As for who to put on the police report, I would put the merchant first and foremost as I don't know them and suspect they aren't following the credit card processing policies. Aktia and Visa could also be alternatives since they didn't detect and prevent the transaction.