Imagine shopping at the store in the late afternoon. Your last pair of jeans just got a hole in them so you go to the local Kohl’s to get a couple new pairs. You hand the checkout clerk your debit card but there’s a problem. Your card has been rejected. You call your bank later that day and find out that they shut down your account after someone in New York used your debit card information to buy a six-dollar pack of cigarettes.

This is no fictional story. This happened to me in 2015. Similar instances of debit card fraud occur all the time. According to the Creditcards.com website, “31.8 million U.S. consumers had their credit cards breached in 2014.” It’s estimated that about ninety percent of the victims paid for replacement cards. At about $12.75 per card, roughly $364.9 million was spent on replacing cards that had to be deactivated due to fraud in 2014.

“How did this happen?” That’s the question I asked myself back in 2015 when my debit information was stolen.

The first and most obvious way debit fraud can occur is by direct means. The Joliet Police Department posted a photo to their Facebook page Wednesday of a debit card thief. The post said that the thief “stole the victim’s debit card and used it at various liquor stores in Joliet before the card could be reported stolen to the bank.” According to the Identity Hawk website, some people keep the pin number to their debit cards inside their wallets or purses. “If a purse or wallet is lost or stolen, the thief has all the necessarily information to begin stealing from the victim and merchants alike.”

Unfortunately, your debit card doesn’t have to be physically stolen for someone to steal and use your debit information. I found out my card information had been stolen while my card was still in my hand. Thieves can use “skimmer” technology to read the information stored on the magnetic strip on the back of a debit card. According to the Identity Hawk website, “Skimmers can easily fit in the palm of a hand, and it only takes a moment for the device to skim and store your name and other account information.”

Direct observation is another way debit card fraud can occur. If someone sees your card, they can use it to make online purchases without needing a physical card. A dishonest waiter or clerk could take a photo of a credit or debit card and use it to place fraudulent charges.

According to the Consumer.ftc.gov website, there is also the possibility that card information can be stolen when a retail store or bank website is hacked into. However, the chips being implemented into most debit cards today should help prevent this type of theft.

None of these scenarios were the cause of my debit fraud from 2015. How did my debit card information get stolen? Embarrassingly, I spent small amounts of money online trying to win a free PlayStation 4 from a not-so-reputable website. I’m ashamed to admit it but I fell for an online scam. I’ve learned to be careful where I shop online because there are plenty of sites out there that can steal your information. I got lucky that my bank caught it quickly and that there were no serious repercussions.

The blog.credit.com website says to take proper precautions when shopping online. The website suggests “using secure payment websites, never storing payment information in your Web browser and only enabling NFC or RFID payment at the moment of a transaction.” Beyond that, you should check your account activity regularly or set up transactional monitoring with your bank or credit card issuer. Sometimes the only thing you can really do to prevent fraud is watch your debit account and catch unusual behavior before major damage is done.