1. Someone places an order online
2. Each day it was someones job to PRINT out the orders WITH CREDIT CARDS NUMBERS
3. That person would then hand key them into the AS400 system, if they didn't finish them they left a stack of orders on their desk overnight
tech supports, janitors, salesman, etc... basically anyone could stroll by, glance at the order on top and get your CC number and your billing address, everything they need to use your card. This was at a multi-million dollar ecommerce site too, not just some 5 order a day place, we're talking hundreds of orders a day, just sitting around.
As a consumer you cannot prevent your credit card information from being stolen in this manner, all you did was key it into a browser now its on someone's desk waiting to be keyed in. Since that experience what I did was contact my bank and get a credit card that I specifically use for the web with a $1000 limit, so the most I could get hosed for is a grand or less if there is a balance. I'm sure alot of people out there enter in their cards with 10, 20, 30 thousand dollars available. Why take the risk, get a small card just for the net, $250, $500, $1000 limits. This is also helpful for gas stations, restaurants, etc.
I know a few people first hand, one waiter and one full service gas pumper who would copy CC numbers down from customers cards and then use them that night to order whatever they wanted, it worked and they got away with it.