How does someone go on a spending spree at Walmart online with my debit card when I physically have the card. Don’t they need my name, addr, card info incl security code? Good thing bank flagged transactions- 6 transactions ranging from $100-600*

The way debit card (and credit card) work for online transactions, only the card information is required, physical possession of card is not.

Info of the nature mentioned by you for a lot of hacked / stolen debit cards is available on the dark web. Somebody can buy it from there and go to town on a shopping website.

There are technologies available to detect whether the card info is being inputted by the genuine card owner or fraudster. It’s possible for the merchant like WalMart to use them to approve or reject the transaction respectively. But these technologies have their limitations like False Positives, False Negatives, etc., so they’re not foolproof. For all we know, WalMart does use such technologies, still the one-odd transaction has slipped through.

In some countries like India, online payments are subject to two factor authentication (2FA) where the shopper must enter not only the relatively-freely available card info but also a One Time Password (OTP) for the said transaction sent via SMS to the registered mobile phone number of the card. While this cuts down fraud significantly, 2FA has its own problems such as friction, low conversion, failed payments, and so on.

End of the day, it’s virtually impossible to eliminate card fraud. The best that a cardholder can expect is that fraud rate should be kept at the optimum level and, if fraud does happen despite everything, it should be easy to raise a dispute and request a chargeback for fraudulent transactions.

The alternative is to use a credit card since credit card provides way more fraud protection than debit card and virtually every other method of payment on the planet. More at https://www.quora.com/What-is-the-advantage-of-having-a-credit-card-if-you-already-have-a-debit-card/answer/Ketharaman-Swaminathan.

 

*: This is the original question I answered. I’m repeating it to help me make sense of my answer in case it’s moved to / merged with some other question that I didn’t answer.