When a financial institution gets credit card data submitted to them, there is a description that is essentially free text. It can say anything.
It's supposed to say who made the charge, and contact information about it. However, it can contain any information.
If a thief (no other way to describe them) obtains credit card information, they can submit the information and fill out the text any way they want. They can put NASA, they can put Queen of England, they can put UNICEF, they can put Roku, they can put anything ... heck, they could put your name. In this case, they put Roku. They're thieves, so a lie on top of theft is kinda par for the course.
What likely happened is that someone compromised a system that had that your credit card information, and some thief (maybe the same person, maybe a different person) ended up with it. They submitted information and put Roku in the description.
Roku didn't do this. Some thief did and then lied about it.
From the Roku end, go to https://support.roku.com/contactus and fill out what you can there.
On your end, report it as fraud to your financial institution.
Also: tagging @Jeremiah-Roku who is a forum contact for billing.
DBDukes
Roku Community Streaming Expert
Note: I am not a Roku employee.
If this post solves your problem please help others find this answer and click "Accept as Solution."