Kristi -- Thanks for looking into this. Being an on-line merchant is hard in these days of cybercriminals. My card that was compromised was not stored anywhere else, but I use a very low balance debit card for on-line purchases to minimize potential losses. From the comments in this thread, it does not look like an isolated event. A "man in the middle" hacking attack -- where purchases and related info are relayed through a hacker hiding in malware and posing as Rendo -- seems the most reasonable explanation since Rendo does not store cards on its site and all the unauthorized purchases seem to have happened around the same dates. If this is a man in middle attack, (and I have no idea whether that's true) and the man in the middle malware remains undiscovered on Rendo's servers, then wouldn't sending card and personal details to you through e-mail also send it to the hacker?