[Sca-cooks] Pennsic Credit Card Problems?

[Terry Decker]

>
> Bear suggested:
>>The scenario Alys describes makes me suspect that hers was among the 40
>>million card numbers that were lifted about six weeks ago from, IIRC,
>>Marshall Fields computers. As I recall, purchases at T.J. Maxx, Marshall
>>fields and Barnes and Noble may be part of the compromised data.
>
> Well, unless the data had been collected years ago, I don't frequent these
> stores.  Last purchase in T.J. Maxx might have been 8 years ago - and I
> usually use cash.  Ditto for Barnes and Noble.  They aren't nearby so I 
> use
> Borders/Waldenbooks.
>

Working from memory, I misspoke.  They indicted 11 people involved in the 
theft of 40 million card numbers at the beginning of the month.  The 
investigation has been running since 2006.  The numbers were stolen from 
TJX, which is the parent company for a large number of other companies 
including the ones above, Boston Market, OfficeMax Sports Authority and many 
other companies.  No one has stated the temporal range of the data.  No one 
has said how many of the card numbers have been used in frauds.

> Niccolo suggested:
>>Even perhaps a local store or marketplace where several people frequented
>>before, during or after the war.
>
> I never leave site; I don't use a credit card for gas or groceries. 
> That's
> why this has been so puzzling.  I'd heard rumors of somewhat-organized
> thieves attending Pennsic and then stealing from tents, which can't be
> locked.  I wondered if it were possible to snag all those lovely credit
> card purchase numbers from our event.  I certainly trust the folk at
> Devra's.  I had purchases for much smaller amounts at two other merchants
> around the time I bought books from Devra - and one late in the War. 
> There
> are no fraudulent charges prior to my purchases from Poison Pen, so all 
> the
> fraudulent charges took place after I was at War.
>
> Alys, with a new credit card number
>
> Elise Fleming

There is no reason to believe that your credit card information was stolen 
at Pennsic.  The fact that the fraudsters started using it while you were at 
the war is a casual relationship.

Unless all of the credit cards at Pennsic go through a single wireless 
network, which I doubt from my experiences with the Norman MedFaire, 
wardriving is highly improbable.  Your data would have been stolen at a time 
you were using your card and it was out of your sight.  In such a case, the 
person running your purchase often swipes the card through a data collection 
scanner as well as the credit card scanner.  That's the easiest way to 
directly steal the data.  If the data was stolen at the war, then there 
should be a rash of credit card fraud among the participants.

The fact that the people using your card in Florida actually had a card 
tells me they were pros and that they probably bought the credit card 
information in bulk for about $10 a card number.  They were using cards, so 
they probably had identification to match.  Neither of these is particularly 
difficult to manufacture, but they do take some time and there are expenses 
for the equipment, card blanks and legitimate looking driver's license 
blanks.  The fraudsters probably had your information several days to 
several weeks before they used it.  Using the card at BP stations and 
ToysRUs rather than to purchase big ticket items that could be resold, 
suggests that the people who cloned your card are pushing paper rather than 
using the cards directly.  Had your card info been purchased on the 
internet, it would have been used on the internet and likely been maxxed out 
in a few hours.

To repeat (boringly) myself, if your information was stolen directly, it 
will have likely been at some point when you were using the card, but it was 
out of your direct sight for a minute or two.  If it was lifted from a 
database, you will probably never know how or where they got the 
information.  Most states don't have a law to inform you when your 
confidential information has been compromised.

In case you have an interest in identity theft, credit card fraud and 
preventing them, try Frank W. Abagnale's Stealing Your Life.  In my opinion, 
it's the best general book on the subject available.

Bear