Read Phony "tech support" / "ransomware" popups and web pages.
You may be the victim of a crime, perhaps a felony offense, but for all you or anyone knows the criminals may be well beyond the reach of your jurisdiction's law enforcement resources.
Your actions at this point can range from doing nothing at all, to erasing the Mac and reconfiguring it. Separately, it would be prudent to assume the intruder has gained sufficient information from it to effectively commit identity theft. Computer tampering and identity theft are legal matters that go well beyond the scope of this support site, and for which you should seek appropriate legal counsel. Therefore I can only offer technical guidance regarding your Mac itself, which may be considered evidence in a criminal proceeding that only you can decide to take upon receiving that counsel.
It's very likely that these scam artists are looking for nothing more than a quick buck, which they got, but it would be irresponsible for me or anyone to tell you there is nothing else to worry about. Without an in-depth, hands-on inspection of your Mac, the absence of some nefarious exploit cannot possibly be confirmed by anyone or anything. Even an exhaustive personal inspection by uniquely qualified experts would leave an element of doubt. For those reasons, at a minimum it should be immediately disconnected from the Internet (unplug its Ethernet cable and turn Wi-Fi "off") after which you can decide whether to preserve it in its present condition as evidence, or its contents completely erased, permanently removing that evidence. Decide how you want to proceed and write back.
You should report this event to your credit card company. Since the popup provided fraudulent information that you acted upon, you have justification to report the charge as fraudulent as well.
For additional actions to consider, read the following:
http://www.consumer.ftc.gov/articles/0263-free-security-scans
http://www.consumer.ftc.gov/articles/0346-tech-support-scams
http://www.ic3.gov/default.aspx