That sucks.
He might have had ID. Your name is on your card, however, the acquirer (the bank that your transaction gets sent to from the stores POS) doesnt check the name against it against the card issuer's records, they just check the account number with visa to make sure there is available credit.
So I could clone your card and print one up that says "Jason Poopybutthole" on front, with the name "jason poopybutthole" encoded on the magstripe, then make myself an ID that says "jason poopybutthole".
Or, i could just make myself an ID that says "Charlie Shrem". Even if they check ID's, how confident are you that some 6-dollar-an-hour footlocker goon is going to be able to spot even a bad fake.
And if i don't have a PVC printer to make an ID and a new card, i can just encode the mag strip onto a used visa gift card... the kind that doesnt have a name on it.
In reality, CNP cards aren't a ton more secure, and any security advantage they have over traditional cards is going to be gone as chip skimmers get as sophisticated as swipe skimmers are now.
What most likely happened to you is that you ran your card through a skimmer. Most likely place is a gas station. Second most likely place is an out of the way ATM machine. At this point, theyre nearly impossible to detect.
image below from krebs:
The skim probably happened a long time ago, and your data was just sold to someone in SF on a dumps website or DNM or something. You actually got really unlucky. Most credit card issuers will not allow POS purchases that far away from the CH address.