Over the christmas period my debit card was compromised. I have no idea where or how. At physical establishments (shops, restaurants, etc) I always use chip & PIN - with the PIN only known to me, that shouldn't be the source of the data leak. I do use my card for many online purchases and subscriptions, so it feels more likely that my details were leaked there.
But how? Payment services aren't supposed to store the card data (especially the security code, aka CVC) so even if they get hacked or have an errant employee, there isn't enough information available to use elsewhere.
Do I trust the online firms? Some of them - Google, Apple, Amazon, Spotify. But the others? I'm not so sure.
Ideally, I'd like to have two factor authentication for online transactions. My bank doesn't offer this service (yet?).
But Paypal do, so I may well be using Paypal for my online transactions from now on.