I used an ATM card to do an online purchase from a merchant.
Shortly there after, I got some really odd Apple iTunes one dollar charges on my statement. I don't use an Apple anything nor do I use iTunes. Seems someone was trying to test the card numbers and finally got a live one - mine. Even more odd was when I went to use an ATM machine to get some cash, the note it spit out (no money came out??) saying "Account is temporarily locked. Please see the bank manager inside the bank." She showed me the Apl*ITunes (<- spelling is how the bank found it) items being charged, or being attempted.
Next statement showed some international banking charges of $0.99 and a few $29.95 fees for something billed through some odd places like billyou.com or 24hourbilling.com and so on. The Apl*ITunes tester began using my ATM to buy porn from overseas and that's why I was incurring a international banking transaction fee too. Following month, a few more were added as a monthly charge up to about $180/mo. for international porn sites. Glad someone was enjoying my card.
Bank cut up my ATM card and said not to ever use it for online transactions.
I didn't want a VISA statement or bill, so I used the ATM card instead. Opps! They issued me a new ATM card and the guy(s) still kept trying to use my old one. Bank finally credited my account since they were persistent and still using the same billing online porn billing companies which the bank had challenged and stopped the old card numbers.
Even more weird was the online paypal company that I had bought stuff from earlier on sent me a letter in the mail saying their server had been compromised and I was to inform the bank if I saw any odd transactions (which I did). They claimed the breach, probably overseas, had swiped a few thousand online card names and numbers off their server. Supposedly, they were also upgrading their sever to something more secure.
Dealing with the bank's fraud dept, I was also told not to type all 23 numbers usually required off a card in sequence, but to type a row, move back up and type some letters like in the address, followed by some more card numbers (i.e. jump around on the order page). A trojan keylogger will spot the 23 number sequence off a credit or ATM card, record it, record your ISP number to track your name, and then send it to the crook who did the trojan so he can tap directly into your your bank account by testing your numbers through something like iTunes for a small amount you may never notice. Since the ATM is direct to your account, they can clean you out quickly whereas a VISA requires "you" to make a payment from your account so they cannot get directly into your monies like with an ATM card number. Lesson learned, albeit the hard way. Not too crazy about online banking either.
It's getting ugly out there folks.