I've just had my statement and it seems that all the fraudulent charges have been done after my visit to Rendo (that's the last entry on the statement) as everything before that is accounted for. Looking back on it I'd hazard a guess that if it was here then chances are it's a man-in-the-middle attack and they're inserting themselves at the point where the card number's going in but not immediately encrypted (SSL has been hacked before now). As I say it's purely conjecture on my part and my last experience of the store here as I'll have to go into my nearest bank and get a print out between the last entry on my statement and now, thankfully I either didn't loose a lot or none at all as my bank caught on pretty darned quick (a few low cost tester charges to see if it goes unnoticed then wham! the big charges start racking up is the usual run on these sorts of things).