Whenever someone purchases something online, their computer's ip address gets recorded. Something similar happened to me 2 years ago. I received an email that I thought was from my bank asking me to verify my debit card info. Stupid here fell for it and I entered all of the info on my debit card. You can guess what happened next, the thieves cleaned me out. They took all the money in my checking account as well as overdrafted me almost $500!!
I was devastated but I went straight to my bank (which was Washington Mutual at the time). They were able to trace the transactions to my online banking page and were able to see the ip addresses that tapped into my account. Turns out these people were from some other country overseas!! I was refunded my money and I closed the account and switched banks after that. But my point is, if anyone purchased anything in your name, the website should be able to tell if those transactions were done on your computer or by someone else's.