I don't know why people get paranoid about this, in the US and most Western countries payment processing has minimum security requirements and you have blanket protection from fraud by credit card companies anyway. All of this means in practice consumers are very safe putting credit card details on websites. The websites that don't have the skill to meet minimum security requirements find a payment processor, so a hacker wouldn't get it from website, they'd have to get it from a processor like Stripe or Paypal.