identity theft. So what to do? Fortunately, it is possible to have very safe online transactions.
Most online risk comes from trusting your credentials (e.g., credit and debit card numbers) to third parties. The best way to avoid that problem is with a controlled payment number service like Citi Virtual Account Numbers. PayPal is another good option. Or use an electronic payment service like USBank Bill Pay Online. Regardless, to minimize this risk, change your credit and debit card numbers at least annually.
Bill Pay Online is more secure than paying by credit card, debit card, merchant EFT (ACH), or even paper check, because you initiate and have control over the entire payment process, unlike a credit or debit card where you can't easily stop someone from charging you.
Online banking is a different matter. If you follow recommended security practices (strong, unique* passwords, changed regularly) online banking through https connections to banks with good security policies does not increase risk over regular banking. ATM machines are actually the weakest link in the banking chain (example).
The best way to follow good password practices is to use a password manager like KeePass, which is free, cross-platform, and open source. (Open source is essential to ensure good security. See Manage Passwords on PC, Android, and more.) Use automatic cloud sync (e.g., Dropbox, Google Drive, OneDrive) to backup your password file and sync it to multiple devices. (Because your password file is securely encrypted, there's essentially no cloud risk.)
* Never, ever, use the same password for more than one purpose.