The data in the system they used should have identified the vendor, and all of those purchases should have been a red flag to any reviewer,
But an entire account isn't. To buy from Amazon, you are not allowed to use a private/personal account, and the account you use would be subject to review. Buying on your personal account is another red flag.
In my audits, I would look for obvious signs. Most purchase card holders are held to $3,000 or less. The rules for these micro-purchasers actually make fraud easier, because they are often allowed blanked authority for supplies (not so much services).
The limits for most cardholders are $2,000 for construction (rare), $2,500 for services (often), and $3,000 for supplies (quite regular). This is single purchase. With no authorization to split a purchase.
So if your supply order is $3,200, you have to go up the food chain to find a cardholder with a limit to cover that (usually a purchasing agent or contracting officer). Those purchases would require a purchase order and full chain of custody (separate received receipt, as well). The micro-purchaser cannot split the purchase and pay $3,000 and then $200, that's against the rules. It's relatively easy to detect and pull samples for this very thing. Basically, multiple purchases to the same vendor on the same, or nearly same date, and close to the limit, or in some really stupid cases, half of the total, so two equal purchases show up.
I required screen prints from Amazon and other similar vendors showing account details that cannot be faked as easily as a printed invoice.