My real-world experience over several years indicates otherwise.
There is a 'transaction date', and a 'posting date'. The posting date can wander fairly widely, although it is always _after_ the date of the actual transaction. The recorded transaction date is also guaranteed to be 'on or after' the date the purchaser has recorded. Except in cases of 'delayed' shipments, it is almost invariably (at least in my experience) within 2-3 days of that date.
In nearly 3 years, I had a grand total of 4 'suspect' transactions that required a 'non-trivial' amount of work to sort out. By that, I mean more than a minute or so. "Average" time was a few seconds per transaction.
2 were cleared up with a total of about 15 minutes work each -- a check with the card user to see if they recognized the seller (just failed to turn in a record of the transaction -- unrecognized name ), phone call to the seller, asking for info on the transaction -- which _was_ consistent with a company purchase; and' included the name of _their_ division that the purchase was made through. Confirmed as correct, by the card user for a phone order they'd placed.#3 was the company President's son using daddy's card to sign up for ISP service. That one consumed a fair part of an afternoon -- most of it in getting to the 'right people' at the (somewhat disorganized) ISP, who actually had access to the answers, and the authority to 'do something' ...
#4 was a bad charge, all around. The merchant couldn't find anything that matched it, when I called them. Forwarded that to AMEX, for them to deal with, while disputing the charge. Turned out to be a transcription error -- applied to wrong card number; yeah, the check-digit is supposed to catch things like that, but in this case it didn't ...
Reconciling circa 1000 transactions on 3 active cards generally took me less than an afternoon.
Mistaking that 'Strange Parking' charge tends not to be a problem, when the charge from 'Storage Parking' is _also_ on the statement. The fact that there are more _items_ on the statement, than there are items in the user- maintained record, *is* a little hard to miss.
Strange. I never needed anything more than the 'detail' data that came with the mailed statement.
Make that "may have", for _some_ foreign card purchases in the U.S., and you'll be correct.
The _merchant_ the purchase was made from would have to be using CardSystems as *their* charge processor. CardSystems is by no means the only player in that field. They are a fairly large one, but there are *lots* of other firms (as in "hundreds") in the same business in the U.S. They are nothing more that a 'middleman' (one of _many_ possible such agents) between the merchant and the various CC companies. The merchant 'talks' to the middle-man's computers, who 'talks' to the CC company's computers, which "talk" to the issuing institution computers (in some cases, like AMEX, this _is_ the CC company; in the case of 'bank' cards, it is not), which accept/decline the charge.
Any characteristics of the customer are wholly irrelevant to the matter of who the particular merchant uses as the 'middleman'.
For purchases made through merchants who use a different company to process their transactions, there is no possible exposure from the CardSystems security failure -- the data never went near CardSystems' machines.