We can come up with all sorts of theories and bogeymen, but the truth is that we don't have enough information to make any rational conclusions about what happened here.
For example, there are software packages available free on the Internet which provide the algorhythm for generating appropriate credit card numbers for any type of credit card. It's a hit or miss proposition, and you have to kiss a lot of frogs to find a prince, but it's a big payoff when you get one right.
Another possibility -- Alpharetta, Georgia just happens to be one of the intergallactic capitals of credit card fraud and identity theft. If you EVER see an Alpharetta, Ga address for you in your credit file (and you don't live there), you'd better put fraud alerts on all your files immediately...even if you have not yet suffered any fraud. So there is a possibility that the fraud actually occurred somewhere other than Disney World. If you find the fraudulent purchases were done either in the Atlanta area, or scattered throughout major US cities, I'd bet the farm that the theft occurred at home.
It's possible that someone found your mother's purse in the room at SSR, and that they wrote the name, card number, and expiration date down and went shopping. However, there are at least two security devices on the card which they wouldn't have -- one is electronically encoded on the mag stripe (and therefore would be picked up by skimming), the other is imprinted on the card. In most transactions, the purchaser is required to provide one or the other, depending on whether the card is swiped or not.
Is it possible to get around those security devices? Of course it is. But it's not nearly as likely as someone skimming the card, stealing the info directly from the credit card company itself, getting it from a rental car contract, etc, etc.
If your mother has EVER done a single transaction with that credit card -- anywhere -- skimming is by far the most likely way the card was compromised.