>Sometimes it’s the public library, where no login is required; sometimes it’s Starbucks, where the person must purchase a 2-hour connection from AT&T.
There are data retention policies for places like this. Granted, at most you’ll be able to get mac addresses and timestamps, perhaps with a log of all tcp connections or something similar. This might be able to help law enforcement figure out who this is, but generally it would be difficult to find out as we dont keep a national registry of mac address ownership (not that it would make a difference).
>which have amounted to less than $100, I’m pretty much shit outta luck when it comes to ever proving anything, yes?
Not really. Your credit company would give you the money back and do a chargeback on the vendor who took the stolen card info. Merchants have almost zero rights when it comes to things like this, especially if they are not performing due diligence. Merchants should also always be asking for the CCV value on the back of the card, which they are not allowed to store. So if the thief gets a database of names, cc numbers, and expiry dates, a well run merchant store will not allow him to make a purchase without the CCV value. Ive noticed places that sell “virtual goods” always ask for it.
If someone is running around with your cc card and its ccv, he could potentially do a lot of damage, but you could still contest it. At that point this isnt an internet problem but a credit security issue. The attacker could waltz into lots of stores which never check ID or anything. Same thing here. Even with video camera footage of the guy , he’s unlikely to get caught.