The problem with that kind of attack is that it's easily traceable and easy to spot. That guy needed a merchant account to carry it out. To get that someone had to show their identity to the processor. Also, once it's discovered you can easily find out who else was affected.
It also takes some time to get that money out of the merchant account. I've yet to hear someone actually doing that in practice because it only sounds if you don't think too long about it.
It also takes some time to get that money out of the merchant account. I've yet to hear someone actually doing that in practice because it only sounds if you don't think too long about it.