Credit card companies monitor activity and can block purchases or the card itself if it detects something it considers to be outside of normal activity. If you hardly ever use your card, then use it to make a substantially large purchase at a car-parts purchasing website (which I would wager sees more of this than brick & mortar stores), this could happen. Here it sounds like they had a reasonable presumption to do so (even though they were incorrect).
Consumers are liable for no more than $50 of purchases due to credit card fraud, $0 if reported prior to the fraud itself (if you lost a card, reported it, and was successfully used afterwards).
According to FTC, Credit Card Loss or Fraudulent Charges:
"Under the FCBA, your liability for unauthorized use of your credit card tops out at $50. However, if you report the loss before your credit card is used, the FCBA says you are not responsible for any charges you didn’t authorize. If your credit card number is stolen, but not the card, you are not liable for unauthorized use."
Note that the credit card companies are liable for the damages, so it is in their best interest to monitor activity for fraud and block potentially unauthorized activity - even if it means an inconvenience to the customer. Well, it's an insurance claim - so its between them and their insurance co. But you get the idea.
Fraud happens when someone steals the card number, it's that simple. Anyone you physically hand the card to or is capable of intercepting it during a transaction. All it takes is one bad person, and I would say doesn't necessarily mean a business itself is at fault.
Why was the name of the vendor redacted?