It is likely that their tracking systems are working just fine from their perspective. The customer is paying for all of the bytes that go back and forth from malicious port scans, ping sweeps, and the like. This might not show up on your gee-whiz windows app that tracks your pc's usage and its possible that this may not even show up on the south side of your cabls/dsl router but you can bet that your DSLAM/Cable head-end is measuring every byte, rejected or otherwise.

Over the course of a month, this can mean significant data transferred that you never see as "traffic".