They can force-post right past Privacy.com's veil, NYTimes did it to me. Here's what Privacy's support rep had to say about it:
> Hi, Firstname
> I've been reviewing your dispute and wanted to touch base with you to explain what happened.
> It appears that the disputed charge is a "force post" by the merchant. This happens when a merchant cannot collect funds for a transaction after repeated attempts and completes the transaction without an authorization — it's literally an unauthorized transaction that's against payment card network rules. It's a pretty sneaky move used by some merchants, and unfortunately, it's not something Privacy can block.
This is my speculation, but I think privacy.com isn't actually in the middle as thoroughly as we think they are. They're just making up a new card number that still corresponds to my same old account, and they're responding to verification queries saying "yup, that's the right name and address, verifies just fine!", which provides the privacy they claim to.
Note, their name isn't SpendingLimit.com.
This shook me plenty and I no longer use them for anything I actually need a spending limit on. They're still good for their namesake privacy, with a very limited scope (i.e. scummy merchants), but it's a very thin veil and easy to pierce.
> Hi, Firstname
> I've been reviewing your dispute and wanted to touch base with you to explain what happened.
> It appears that the disputed charge is a "force post" by the merchant. This happens when a merchant cannot collect funds for a transaction after repeated attempts and completes the transaction without an authorization — it's literally an unauthorized transaction that's against payment card network rules. It's a pretty sneaky move used by some merchants, and unfortunately, it's not something Privacy can block.