I had a job which involved this sort of thing.. although most of my experience is from preventing it on the purchase end rather then the cardholder end.
anyway, 3 ways they can get your card that I know of
1) hacked sites
most sites are not supposed to store card data on, but lots of them do. Sometimes people are able to get the databases to that site. Alternately, somebody can get root access to a server and reconfigure it to store your address, cc number, expirey and the security code on the back.
2) trojans / spyware
There can actually be a long period of time before a virus is detected by antiviruses.
3) physical copying
this can either be a "mouth" over top of the atm slot that copies the data on the magnetic stripe, or just a gas attendant swiping your card through a handheld reader and making a clone. I am pretty sure that cards copied this way can only be used in person (swiped) and cards with the info online cannot be swiped.
regardless at the end of it all, just keep track if your billing statement and look for any suspicious tranactions. Both me and my girlfriend have had our cards copied (mine recently and hers years ago) and both times the bank caught it before it even showed up on my statement.
Oddly enough, both cards had a 1$ charge on it from some charity followed by a large transaction that did not go through. On my card they tried to buy 10 macbooks from the apple store. On my girlfriends they tried to buy furniture from a store in singapore.