Let the cc company do their thing. They will be following up with the arms company.

+1... let the credit card folks do their work. If an employee was double drafting or cadging numbers because of lax practices his employer can lose their merchant account with the credit card issuers. Last time I checked, no merchant account = death sentence for any on line business.

It would be interesting to know if the Lowes purchase was in store or on line. My guess is in store and while I can't speak for Lowes I know a number of major retailers require a manager override on the register to manually enter a credit card number, rather than swiping the card through the reader.

I have a bit of personal experience on both sides of that.... as both investigating officer and victim.

My own approach is to use either PayPal (I know, I know) or a card with a low credit limit (mine is $1500). PayPal does not spread your CC# around. The low limit card prevents a big run and also causes more scrutiny to "unusual" activity. I have had two incidents of fraud in the last 20 years and they were both caught in a timely fashion by the credit card issuer.

And be sure to cite your suspicions to the CC company when filing the fraud charge. Don't directly accuse, but articulate facts that lead your suspicions as it can be used to identify an avenue of investigation.

Sad to say it there is to many ways it could have been stolen. The CC could have been stolen because the retail site has no SSL "HTTPS" cert on check out. You CC could have been stolen from a shady worker. You could have a virus / Key logger on your pc. The place you bought the parts could also have a key logger or virus on there pc as well. There site also could have been hacked as well .
Someone could be hijacking info from it. It don't matter if the site stores the info encrypted anyone who codes can catch the info before it gets encrypted .This is called "Fishing" First off this is a federal issue the local police will not do much with CC Fraud. My best advice go to wallgreens and buy one of the Visa Gift box cards police call them "Fraud Cards".Because you can be anonymous. You can log on a site to activate the AVS verification code that's the 3 digits on the back of the CC with any name or billing address in them. Make your orders with that and you wont have to worry about losing more then the card is worth.
I don't want to play detective but if your card was charged in the same city/state it was a inside job plain and simple. I want to also give you advice. There was no way someone could have swiped the mag strip on your card. Now because no one swiped your strip of the card they could not re write that "TRACK" on another card. So the crook is making online transactions . Now with the online transactions there has to be a billing address were this product is being sent . You should find out. He is limited with what he can do. He cannot even buy gas unless someone is working with hem to input the numbers . So how good of a crook is he is the question ? Is he stupid enough to use his own Ip from his house to check out online ? Or is he a bit smarter ? Does he go to the local starbucks to use there internet to make the online buys ? They got cameras he could get busted if he is not smart. Is he a advance crook who is using a hacked cable modem ? There are many levels of crimes / cyber crimes . The more you do it the more they want more and get deeper into what they do. It will be the matter of time before he gets busted.

Sorry for the bad grammar. I'm not a grammar king !