That you were able to spot the billmelater emails is remarkable.
As far as I can see the fraud activity is centered on your billmelater acct.
Aside from closing the billmelater account I'm not sure there is much else to do. You've checked your banking accts for fraudulent activity - I suppose it would be prudent to say keep a close eye on it's activity although it is not connected with this event in any way shape or form. You've filed a fraud alert with the big 3 which is a good move.
Be aware that billmelater has a fraud reporting form located here
note:"Please use this form if you are disputing a charge to your account. We must have your dispute in writing. This will enable us to begin researching and resolving it for you immediately.
Personal observations:How do I change my User ID, Password or Secret Question and Answer?To change your Password or secret question and answer, login and select "Manage Account > Change Password or Change Security Question". To change your User ID, you must call Customer Care at 1-866-528-3733 (7 days a week, 9am - 11pm EST).
"And Bill Me Later has been designed with other features to help protect against unauthorized use of your account. Your identity is validated with top-of-mind information such as date of birth and the last four digits of your Social Security Number. This means you never need to enter an account number to purchase, which could be lost or stolen."
A birthdate & last 4 of SSN is not a secure method of validating who you are with anything related to finances.
Supplying a birthdate & last 4 of SSN might be easy & convenient but let's not confuse convenience with security.
Their 2 separate things that are usually in conflict with each other.
I'm assuming the actor didn't get a password reset from billmelater customer services, just changed the address which means your online billmelater account had been compromised.
That would be the ideal situation from a security view.
*If* access to the online account was assisted by customer service intervention the site needs to re-evaluate itself from the ground up.
Anyway, good thing the email account associated with the billmelater account hadn't been compromised - that along with you actually catching the billmelater emails is what saved the day, great catch on the emails.