Data flows behind "secure" debit cards

The tech industry constantly promises "security". Is it possible for anything to be secure?

Here's something to ponder.

One of my debit cards recently got scammed. I am not sure what the scammer was after because the fraudulent transactions came in two sets, each set consisting of the identical transaction repeated 8 to 10 times on the same day for the same amount from the same merchant name. In other words, it would not take a genius to recognize these transactions as fraudulent.

What is interesting are the following facts:

• the account was less than a year old
• the debit card has never left my wallet except for when I used it at ATMs
• the only ATMs I ever used were the ones belonging to the bank that issued the debit card
• I have never presented this card to any merchant
• I have never used this card at any merchant (self checkout, etc.)

Remember, just a few years ago, we were promised that the new chip cards are so secure they will end the fraud problem. And so on for every new tech going back decades.

in order for these charges to appear on my card, presumably the scammer has stolen my card number, my address, the various codes on the card, etc. The bank's system must have approved those transactions without flagging them as fraudulent.

How did the scammer know those numbers? Why didn't the bank's fraud detection software reject those transactions? Where are the holes in the system?