Many of the keys sold on key reselling sites are bought with stolen credit cards. It usually works like this:
Someone obtains stolen credit card data (can be easily bought on the dark web)
The stolen credit card data is used to buy keys from official key sellers (or directly from the developer of they offer them)
Those keys are then sold on key reselling sites
The credit card owner notices that his credit card data was stolen, contacts his credit card company and does a charge back. 5.The official key seller has to pay back the money + a charge back fee.