So I got back tonight (midnight UK time) and checked my e-mails. There was one from my bank/credit card provider telling me that my internet validation password on my credit card had been changed during this evening and if I hadn't changed it to contact them. As I hadn't changed it (I had been on the river all evening) I did contact them and ------ found out that my card had pretty well been heavily used during the approx 2 hours between the password change and me picking up the e-mail. The operator to whom I spoke, and who immediately blocked the card, told me that cash withdrawals had been made from Lichtenstein (uh?) and goods purchased from a UK company that I had never heard of (vStore.co.uk). There was also a Christian Aid donation of £5 made tonight. Good for Christian Aid at least. The total amount that has been obtained on my card seems to be about £2000, all fully recovered as of now, so no personal loss and hurrah for me. This is all a new one on me as I am only an occasional Internet purchaser and those purchases have been from places like Amazon and 'reputable' sites - ie ones that have good old HTTPS urls. The majority of sites from which I do buy have a validating link to my bank that asks for a separate password, that had been changed as above, to confirm that I am the card-holder - a neat on line checking system IMO, but somehow failing in this instance. The card has never ever physically left my possession, never been used for cash withdrawals, and I have an inherent paranoia about identity and other sorts of theft. All card receipts are shredded when I have checked my statement. Apart from the weirdness of how this could have happened, I am just so impressed with the software that the card companies use to monitor regular usage and how the triggers that indicate doubtful usage kick in for cardholders' protection. What I don't understand is how the perpetrators could have managed to use my card to make cash withdrawals - chip and PIN means that they need my PIN (never used) and the physical card or its equivalent. Is nothing safe any more?