Having been hit twice so far, I've upped my evaluation of the risk of my credit/debit cards being compromised by online vendors' inadequate information security. The latest incident was, I suspect, a result of the Adobe hack a few months ago. Both times, the bank's fraud systems spotted and stopped the incidents and told me well before I even noticed anything awry.
After the first incident, I resolved to dedicate a specific card for online purchases so at least I could carry on using my other cards if I got hit. That was a good move that made things easier after the second incident ... but I missed my chance this time around to be even more proactive. When I received an apologetic email from Adobe about their breach, or perhaps even earlier, I should have cancelled the card immediately and ordered a replacement. Next time, I won't wait for the bank to pull its finger out ...
I now have a new card, once again dedicated to online purchases. This time, I have opted for a VISA debit card on a separate bank account with no credit or overdraft facility. Treating it like an online pre-pay card, I deliberately maintain a low balance on that account, just enough for my normal small value online purchases. If - or should I say when - the card is next compromised, the fraudsters won't be able to steal $thousands, and I won't be out of pocket for the weeks it takes the banks to sort things out and refund in full (which, thankfully, they have done for me on both prior occasions - no complaints from me on that score!).
So, aside from all that, and the usual "Watch for the padlock" and "Only do business with reputable online traders", is there anything else you'd recommend me to do to mitigate the risk? It's all a bit embarrassing, me being a CISSP and all!