Well it all started Saturday morning. I had an early gig, and had to leave at noon, but around 9:00AM I checked my e-mail. I do this daily. I noticed 3 consecutive orders made about an hour ago, so I peeked inside to see what they were.

Great! They are big ones. It's going to be a good week!

Then I noticed they all went to the same person, and that some of the disks were ordered more than once. Not many people buy more than one disk of the same title from me. And when they do, it's usually to give a copy to a friend or band-mate (thanks to those who are honest). So something is fishy here.

So I look, they are all from the same person in Texas.

The Authorization company checks the web entry automatically, if the card data matches, the computer approves the customer's instant download and then sends me a copy of the order with the card number deleted. They do include the authorization codes though. Name, address, zip code, expiration date, and security code all gave "matched" code. Then I notice they went to an e-mail address in Russia. Hmmm a guy in Texas but a Russian e-mail address. Something is even fishier here.

I check, he isn't in my database, he never ordered from me or inquired about my products in the past.

So I pick up the phone to call the customer. I figured I should be a good guy and warn him, letting him know that if he didn't place the order, he had better call his credit card company. (I would want someone to do that for me if the situation had been reversed). The phone isn't answered and the message says that the voice-mail hasn't been activated yet. The plot thickens. Obviously a new phone.

So I go to my webhost control panel, notice all the disks have been downloaded, so I cancel the password and username used on the order. If the order is legitimate, he has the software already, if it is not, posting the URL, username, and password on the net won't do any good.

I don't download customer's credit card, I don't want the card numbers on my computer. Although I'm very careful, I know a good hacker is better than I am so if they aren't on my computer, nobody can get them. I also let them expire on the shopping cart's secure server when no longer needed. So I go to the secure shopping cart control panel, check the "whois" of the ISP and it is indeed in Russia, but to a private name, not a commercial host, and I write the credit card number on a scrap of paper so I can report it. (It's since been shredded).

I figure I should be a good guy again and call the credit card authorization company. They tell me to call my Visa/MC Merchant's Account provider.

I call the Merchant's Account and they are clueless. They say call the issuing bank. I ask for the bank and phone number and they say it is the USAA bank and give me a phone number - which when I call is inoperative. I think it's been re-routed as the grammar in the phone message was poor.

Meanwhile I assume they went back to my website, with a new credit card, new address, and g-mail e-mail and ordered and downloaded the disks they didn't get the first time. Quickly I went to the control panel, noticed they have been downloaded already so I cancelled the username and password.

No time to call the banks with the new number, it's time to get ready to go to the gig. When I got home from the gig, I checked, no more action, they got what they wanted.

Yesterday (Wednesday) I get a call from my Merchant's Account letting me know that there is a fraud alert on that credit card. The money will be taken out of my account - it was nice having it there for a few days, but I knew better than to count on keeping it.

The thief or thieves are obviously pros. Doing this on a Saturday morning, opening a new phone number for the customer so I can't call him, and doing something so that I can't call the issuing bank.

So I ask? Why go through all that trouble to steal my disks? They are not really a great resale item. After all musicians are a niche of the general public ... musicians who use computers are a niche of musicians ... musicians who use auto-accompaniment software (including arranger keyboards) are a niche of musicians who use computers ... musicians who use Band-in-a-Box are a niche of musicians who use auto-accompaniment software ... and musicians who buy Norton Music style and fake disks are a niche of people who use Band-in-a-Box. So they aren't going to get rich by stealing my stuff and re-selling it. I'm not getting rich by selling it.

Wouldn't they be able to make more money downloading things that sell to the general public? The risk/benefit ratio of reselling something that is a niche of a niche of a niche of a niche of a niche must not be very good and probably not worth the effort of all that hacking, phone account manipulation and bank phone blocking on a Saturday morning. So they must have wanted my style disks and fake disks very badly for their own personal use.

I've learned long ago that it isn't worth it to lose sleep over people stealing my styles. I don't like software piracy, I don't like it if someone gives a copy to a band-mate or friend without purchasing another one, but I know that I can't stop that.

So I guess I should be flattered that someone went to all that trouble just to steal my styles.

Notes
----♫----
Bob "Notes" Norton Norton Music http://www.nortonmusic.com
Band-in-a-Box 100% MIDI-Super-User-Styles with live entered parts by pro studio/gigging musicians for that live musician feel -- for those of you who can hear the difference.