It could be because such customers have installed some malicious extensions to their browsers.
A browser’s extension usually has the full access to a browsed web page, it could identify a bank card form on the page and collect the data.
Interestingly, Stripe provides an IFRAME defence from it:
Stripe Elements make collecting payment details more secure and help prevent malicious actors from stealing any sensitive information.
We generate a secure iframe and isolate sensitive information from your site—eliminating entire classes of attacks—while still giving you full visual control.
2Checkout does not provide such defence for a customized bank card form placed on a Magento checkout page: 2checkout.com/documentation/payment-api
2Checkout provides other methods to defence from the malicious browser extensions:
It works with browser redirections (like old-way payment gateways):
It uses an IFRAME defence, but it is a composite IFRAME, it works in a popup and it is not customizable:
I can implement any of methods 1 or 2 in my extension.
It will cost $490 and will take 3 days.
3. A custom solution
The both solutuon have own drawbacks, so I can integrate your website with another payment provider instead of 2Checkout.