Mitigate to accumulate
I assume all online shopping sites are compromised (can be, or will be) I would have thought by now, most only use Virtual Cards for online purchases - but no, apparently not.
Certainly, if I was currently running an online shop, it would include a hefty recommendation to my customer base to use them.
All banks should offer such a service by default, but not all do (vanishingly few and by request only) nor are they all engaged in an information campaign to encourage the practice - hence the rise of FinTech services.
So, all we can do is attempt to mitigate individually. Of course the argument is that even 'virtual' cards and accounds (and the Banks and FinTechs operating them) are equally likely to be compromised. What can you do? Really only try as best you can, with the tools available.
Use a seperate debit card/virtual account only for online purchases, load it only with the amount required at point of purchase and generate a 'one-time' virtual card form that.
Is that process convenient? Nah not the most convenient really, but less inconvenient than having your bank details hoovered as a matter of course and stored in plaintext.
At best you lose that dosh only. At worst the Bank and/or FinTech offering such a service is compromised and all your dosh disappears anyway, but you might have some redress at least.
Yes, I am aware of a particular FinTech notoriously 'freezing' 'virtual' accounts with large balances in them, without apparent redress (or timely redress) That's not really best mitigating practice though - holding a large 'float' - that's convenience and security is inconvenient.
Security is hard, compromise is assured, mitigation is all we have.