Most online merchants now utilize a security feature known as "Address Verification Service" or "AVS". AVS is a security feature for online merchants allowing them to only authorize credit card transactions for merchandise to be shipped to the same address which appears on the consumers credit card billing statement.
If the address does not match that of the credit card billing statement the transaction will automatically be declined. In other words, if someone gets your credit card number, expirations date and CVV code (the three digit code on the back of the card) the only way a transaction can be authorized online is if the merchandise if shipped to the SAME address that your credit card billing statement is currently sent to.
This is what makes credit hijacking so dangerous.
When a criminal hijacks your credit they call up the banks (posing as you) and change your address on your credit cards with your personal information (i.e. last for of SSN and mothers maiden name) as if you were moving. They then proceed to order thousands of dollars in merchandise(online or over the phone) to be shipped to the "new" address. Because they changed "your address" on your credit cards they will bypass the AVS security from online merchants and the charges will be approved.
The only real defense against credit hijacking is to establish a personal security code with all your bank accounts and credit cards. This is a form of security which goes beyond your SSN, Zip Code, Date of Birth or Mothers Maiden Name to give you a whole new tier of personal security.
This is a unique number or group of letters and numbers which you create and give to every credit card provider you have. For example. The number could be as simple as "JACOB2801" which is a combination of your best friend as child and the numerical address of the home you lived in growing up.
By establishing this auxiliary passcode with all your credit card providers no one will be granted access to your accounts without it providing it to them. Since you are the only one who knows it and it is non public it is truly secure. I have yet to find a credit card company which will not allow you to create a such a passcode and added layer of security.