Here's an interesting scheme. Some credit/debit card merchant accounts can arrange to get updated card info if your card expires and/or gets replaced. So if the merchant is a bad actor and doesn't charge your card directly but just tracks your updated card info so it can be used fraudulently elsewhere, you, your bank, and the card company will never know they were the source. And the card is linked to your bank account, you can replace it ad infinitum and the bad actors will get the updated info for the new card every time. The only way to break out of this is to close your bank account and open a new one.
lxgr|7 months ago
In an ideal world, all merchants would be using tokenization already – then the bank could offer you a UI where you can just kick out the merchants you don't want to have access to your payment credentials anymore before reordering a new card. (If tokens were mandatory, like they are e.g. in India, you wouldn't even need to reorder the card in the first place, but that'll probably never happen in the US – too many legacy systems.)