> I did leave them a suggestion to hard-cap the billing instead of just email alerts
Why would they do that? Enterprise customers are just going to pay the bill, and for small customers they get a lot of good will when they make a "special exception" and don't ask you to pay for charges that someone else fraudulently racked up.
The actual cost of providing the service to the fraudsters is probably so low that they don't have a lot of incentive to prevent the fraud, as long as there is a non-zero chance that someone pays for the fraudulent charges.
Why would they do that? Enterprise customers are just going to pay the bill, and for small customers they get a lot of good will when they make a "special exception" and don't ask you to pay for charges that someone else fraudulently racked up.
The actual cost of providing the service to the fraudsters is probably so low that they don't have a lot of incentive to prevent the fraud, as long as there is a non-zero chance that someone pays for the fraudulent charges.