Sure there are problems - where there is money there is crime - but statistics from PayPal (which has a very obvious reason to want to address these concerns) suggest the majority of UK adults still think the internet poses a considerable risk.
And, according to Silicon.com
A credit card number has never - to our knowledge - been intercepted in flight. This is because, to use an analogy, it is like trying to shoot down the smallest, fastest moving bird through a thicket of trees.
To further the analogy, it's far easier for the criminals to wait therefore until all these birds are sat in one big coop with all the other birds and then try to find a way to take them all rather than wrestling with the complexity of taking them one by one.
As such, the database is more commonly the target than the transaction. And databases are at risk whether it is an ecommerce site or a high street shop processing the transaction.