[Sca-cooks] Fwd: Pennsic Credit Card Problems?

Terry Decker t.d.decker at worldnet.att.net
Thu Aug 28 10:56:06 PDT 2008


If the transactions were on land lines, you got to run a physical tap to 
collect the data.  If you were wireless, it is possible to trap the data, 
but that's a slow, time wasting process, when you can hit a server and steal 
the entire purchaser file in a matter of minutes.  I doubt if any of the 
merchants at Pennsic were storing the data on the server in the back of the 
tent and unless everyone was using the same source for the credit card 
readers, I would rate wardriving a low priority.

If you were using a local bank as a clearing house, it is much more likely 
that the bank's servers were compromised, either externally or internally. 
It is also possible that someone merchanting at Pennsic was passing the 
cards through a second reader to trap the data, another possibility that is 
much more likely than a wardriving phreak.  If the theft was at Pennsic, 
there should be a lot of SCA-folk complaining in the next few weeks.

The scenario Alys describes makes me suspect that hers was among the 40 
million card numbers that were lifted about six weeks ago from, IIRC, 
Marshall Fields computers.  As I recall, purchases at T.J. Maxx, Marshall 
fields and Barnes and Noble may be part of the compromised data.

The reproduction of the credit cards says the outfit that used the 
information was a professional team of thieves who have the equipment and 
the card blanks to burn duplicate cards.  They buy clean card numbers in 
batches, which makes me think the theft of the credit card information may 
not have occurred at Pennsic.


> Anyone heard of similar problems?
> Devra
> -----Original Message-----
> From: Elise Fleming <alysk at ix.netcom.com>
> To: Devra Langsam <devra at aol.com>
> Sent: Mon, 18 Aug 2008 10:18 pm
> Subject: Pennsic Credit Card Problems?
> Hi, Devra.  I'm writing because you are pretty much the only Pennsic
> merchant that I know to be able to contact - and one where I used my 
> credit
> card at Pennsic.  Have any of the merchants heard anything about credit
> card numbers being stolen off unsecured lines at Pennsic?  I discovered
> today that my credit card number was used five times while I was at 
> Pennsic
> (at BP stations and ToysRUs, all listed as being in Florida), and the
> person(s) supposedly had the card present at the time of transaction,
> according to the credit card company.  This was impossible because my card
> was always with me and I still have it.  I asked on the Midrealm's e-list
> if anyone else has had problems with their number being "stolen" while at
> Pennsic.  One person mentioned "wardrivers" who apparently can suck out 
> the
> numbers from unsecured lines, and I'm assuming that what the merchants use
> at Pennsic are unsecured lines.  The credit card company will be sending 
> me
> a copy of all the transactions so I can tell them which ones I dispute, 
> and
> they have cancelled my old card and are issuing a new one.  Is there a
> merchant e-list where people can be asked if they've heard of any problems
> like this?  Have you heard anything?
> Alys
> Elise Fleming
> alysk at ix.netcom.com
> http://home.netcom.com/~alysk/
> _______________________________________________
> Sca-cooks mailing list
> Sca-cooks at lists.ansteorra.org
> http://lists.ansteorra.org/listinfo.cgi/sca-cooks-ansteorra.org

More information about the Sca-cooks mailing list