Yes, a lot of people don’t know, but the law was changed so that merchants are able to bill new credit card numbers on the same account as long as they show your bank or credit union that you agreed to the charges, i.e. you entered your cc information on a page showing the intended charges and clicked agree. It’s absolutely imperative to make certain you read everything on the page, even the stuff that looks like a footnote. I wound up “buying” a year of Office 365 I had no use for from Microsoft because I didn’t read that it was being tacked onto a OneDrive account I needed for work. A hundred bucks…poof.
If the merchant fails to offer any means of canceling the recurring charges they tricked you into, you have to try to contact them. Email is best, as you can save the emails you send even if you never get a reply. If they provide no contact information, document your discovery of the fact in detail, describing all the places you tried to find contact info (merchant’s site, google search, ect…). If you do get a response but the merchant won’t cancel the recurring charges, keep those emails. If you get a response saying the recurring charges have been canceled, keep that email (and if you talk to them on the phone, ask for an email confirmation, but email is always better because you can easily document your asking them).
If you can’t get them to cancel or can’t get them to respond, it’s time to call your bank using the number on the back of the credit card and let them know you want to open a dispute on the recurring charges because you’re unable to cancel. The level of help you’ll get here depends on your bank’s customer service. Most major banks will help you open the dispute, but you’ll spend a good deal of time on the phone. Credit unions and other member-owned banks are more efficient, and better to bank with all around.
The bank will provide an email to which to send your documentation of your attempts to cancel the recurring charges. They’ll also place an internal flag on the account so that if that merchant does attempt to charge it again, it won’t automatically go through and a human will have to review it. As long as they’re diligent, they quickly review the documentation you provided and should block the charge.
If the merchant does agree to cancel the recurring charges, but then charges your card anyway, you’ll call the bank using the same number, but this time you’ll open a fraud claim instead of disputing the recurring charges. Depending on the bank, most will credit back the charge to you and eat the loss (since they have no way to get it back from the merchant) while they investigate. Since it’s a merchant you previously allowed to charge your cc at some point in the past, they’ll want to you to send them documentation showing they agreed to cancel the recurring charges, and this is why you want an email confirmation. The bank may also send you a form to physically sign and mail back affirming the charges are fraudulent. If so, make sure to do so or the charge will be re-applied to your card if it was refunded.
It’s all a ridiculous hassle and there’s no easy way to find this information. A far better solution is to do what @Cunk did and use a temporary pre-paid credit card, as this isn’t tied to any account after you use it up and close it.
Either way, never ever give checking or savings account information to a merchant if you can possibly avoid it.
In the unlikely event that a merchant charges a cc they somehow got a hold of but which you never provided them, that’s fraud.
The credit bureaus are a pure undiluted evil menace, but they don’t have the full information needed to charge any credit card which the holder hasn’t provided them. Banks report any activity with them under your identity on an account-by-account basis to one or more of the three bureaus at the banks’ discretion. Banks aren’t required to report your activity, but most do report things like credit line changes, overdrafts, opening and closing accounts, and so forth.
The credit bureaus don’t ask for and the banks don’t give them the full numbers of the account which would be needed to charge them. However, someone with your personal information and SSN can open a fraudulent account under your identity, as Western Union did to millions of its own customers and identity thieves do all the time. That’s why this data breach by Equifax is so bad.
The irony is that the only way to find out if someone has opened fake accounts under your identity is to check for the impact on your credit score with the three bureaus. One could argue that Equifax had an incentive not to keep people’s identifying information secure, since this breech makes millions of new customers for them and they’ll make tens to hundreds of millions off of it by exploiting the very people they’ve put at risk. As I said, pure fucking evil.