My Capitol One card was compromised and used for some $20 charges that Capitol One caught. I thought the low cost charges were odd. Would have expected higher fraudulent charges. The card never left my hands and is still in my wallet. It's a fairly new card. With a chip. The fraudulent charges were online. I went online, the merchant requires a CCV. Where did they get that? Do not believe I used it at any place that was not chip enabled. Tough to remember every charge activity even looking at statement. I am leaning towards the card was compromised as being made or in mail. Card has been replaced so not worried about new fraudulent charges. Curiosity I guess. I am in computer security for mainframes but not this end of things.