Felt like he was either trolling (I put some weight into the theory due to the recent ones..), or jumping to conclusions without finding out whats going on.

True, due to the nature of the initial post I'm wondering if it might be the latter, but the former could always be possible with the recent increase of trolls on the forums. Sad to say it'd be difficult to figure out which is true since either option is a viable situation.

Possible, I guess we should not jump to conclusion too soon and start low rating the OP just yet though lol.

http://www.gog.com/support/website_help/shopping_experience

First up, you stated that the card was revealed to have stolen information as of this morning. The GOG server uses a secure network akin to any other major online supplier. The only information retained from the cards is the barest minimum in order to confirm a transaction and verify the card information, which in itself isn't enough to allow someone access.

Second, the information didn't actually go through. Chances are the information was killed as soon as verification showed it couldn't be used. We're looking at 2 situations here where a card could possibly have been stolen: First is that the servers have been bypassed, allowing theft of your information before the data was encrypted and verified. However, anyone who could do that with a smaller website like this would have so much more financial gain on a website such as Amazon.com or Google. The second possibility is that your computer has a targeted rootkit or virus that either took data of your keystrokes, or pictures, and sent it outside to another person to be used. This would also be difficult to verify however, and if was the case, your prepaid cards are going to be empty too.

Third, this is a situation where you say knowledge of the theft occurred over a single day. That is VERY unlikely that it took a single day to discover fraudulent activity, and probably came from anywhere of several weeks to a month or more before any activity actually happened where your data was compromised. Your best bet is to check with your card company and dispute any charges you didn't make yourself, and they will almost certainly refund most of the money, and replace your card.

Other than all that we can't say much that can possibly help you other than to try and consider all opportunities instead of the one directly in front of you.

You might just have a trojan on your computer, logging and sending any information you type to a web adress. Which means YOU have to be careful before accusing websites. Try using antivirus software and analyze your computer...with several different ones. Also download CCleaner and always have your firewall up.
It might come from someone hijacking your wifi so you might want to secure that as well (no WEP, use WPA2 and MAC filtering).

This is why we need gog cards.

Nah, this is why there needs to be better education on how to protect one's personal information and financial information online, and in general. But, that's just my humble opinion. :)

edit: Faenrir actually has some pretty good suggestions.

Have you ever used the card in a brick and mortar store? Most credit card related thefts occur in brick and mortar stores where the security is far less than that found online. Chances are you or a member of staff may have swiped the card in a compromised card reader. And if you have one of those cards which broadcasts its information via contactless method, that risk increases.

I don't understand the downvoting of this OP. It seems like an honest concern to me.

Regardless, as many have mentioned, I doubt it is on GOG's end.

Also, as I didn't notice it mentioned while skimming the responses, I'll note that I concur with the GOG reply that if your card is declined that you should use PayPal. There have been issues with cards being declined because the bank used by GOG is located in Cyprus (unless this was changed while I wasn't looking), and PayPal bypasses this concern entirely.

How did you learn that your credit card information was stolen?

Was there an unauthorised transaction on the card? What are the details of that transaction?

Last April we had a similar incident. Turns out the card was skimmed, probably during a vacation. When a second person also complained about fraud, Firek gave a bit more info on GOG's payment process.

As for your cards being denied, US banks do have the tendency to decline overseas transactions, especially if the payment goes through Cyprus. Your best bet is (always) to contact your bank, since they can give you more info about the transactions.

Hope you get it sorted soon, but I am willing to bet that it's not something on GOG's end, but most probably something in meatspace went wrong.

How did you learn you CC number was stolen? Are you certain it's not just CC charge from this denied transaction? I highly recommend you contact CC company in a first place and get some info about this suspicious charge.

Oh...and come back later with some feedback how it ends.

Keep in mind that the last few months payment information from millions of US-citizens has been copied/hacked using Point of Sale RAM scraper malware.

In November and December 40 million credit cards records and 70 million other account records with sensitive data were copied at Target. From the 2nd half of July till the end of October 1.1 million cards were exposed to mallware at Neiman-Marcus.

See eweek.com among others.

The FBI is expecting more advanced versions of this mallware to appear. The stolen data is already being sold on underground websites.

I would place my bets on this.

A bank can identify if a card's details have been stolen because it keeps records of how each transaction was precisely authenticated. They even know in many cases if the buyer used PIN or signature at the point of sale.

The magnetic strip on a credit card contains additional information that provides additional security information that goes well beyond simply entering a credit card number, validity date and check digits. This provides additional security from the card details simply being copied, but it doesn't prevent the contents of that strip from being cloned.

Also, credit card fraud generally only occurs several months after the details have been stolen, because thieves operate in groups that collect data in bulk and then wait a few months to pass it on to make it difficult to trace the source of the theft.

Or, it could be as Theta_Sigma said, and the OP has some kind of keylogger on their system.