There have been many card fraud news reports out here in SoCal lately, and I've read a couple of articles from a trade association I belong to (IEEE).
In SoCal, thieves have begun making custom inserts that go over the ATM slot, where you put your card. As you pass it into the ATM machine, it reads the tape on the back of the card and stores it on a flash drive. Optionally, a camera can record your PIN number as you type it in. After a few hours, the thieves collect their skimmer and they've got all the data they need. The ones they showed (collected from the police evidence locker) were a good fit, and difficult to spot unless you were looking for it.
From IEEE articles, some of the credit card processors have been hacked, and trojans put on their servers that process the transactions. Apparently the encryption isn't as good as the banks would like you to believe. They can collect thousands of transactions, along with the card info, and upload it to their own servers. They sell it to credit card fraud groups.
I'm probably more paranoid than most when it comes to my debit card and credit cards - especially now. Way back before I'd ever heard of e-cigs or this place, I was on a business trip to New York. I tried to use my debit card to pay for something and it was declined. I knew that wasn't right. I called my bank and found they'd frozen my account because they had three withdrawals, all within 5 minutes, all for my daily withdrawal limit ($500) in San Diego, Los Angeles and Santa Barbara. Since there was only one card ever issued by my bank, they knew that should be impossible. They froze my account to keep any more withdrawals from happening. I got the money back, but never found out where my info had been stolen. I now only use my credit card for internet purchases, I never use my debit card as a debit card, and when I need to withdraw cash I only use ATMs physically attached to a bank branch and I check it out completely before I put my card in.
Welcome to the digital age.