Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!sdd.hp.com!hp-pcd!hp-vcd!johne
From: johne@hp-vcd.HP.COM (John Eaton)
Newsgroups: comp.org.eff.talk
Subject: Re: ANYONE CAN FIND MY CREDIT CARD BALANCE & LAST PMT
Message-ID: <6750018@hp-vcd.HP.COM>
Date: 9 Apr 91 18:11:12 GMT
References: <959@camco.Celestial.COM>
Organization: Hewlett Packard, Vancouver, WA
Lines: 22

>
>"In article <24095@well.sf.ca.us> bparr@well.sf.ca.us (Barry L. Parr) writes:
>">The AT&T Universal card offers an 800 number that will give you the 
>">balance on your Visa, using your Zip code as a PIN.  This is the
>">next best thing to no security at all.
>"
>"That seems crazy to me.  The Universal card already has a secret PIN
>"associated with it, to be used when using it as a calling card.  So why
>"do they use a different, and easily-determined, PIN for balance
>"information?
>
>Yeah, that's what I thought, too.  I send them a paper letter suggesting
>that they use the PIN instead of the zip code to authenticate the user.
----------
You absolutely do not want them to use your cards PIN for phone ID. A thief
who steals your card only gets three guesses of your PIN once it is in the
machine. He gets as many as his autodialer can punch out via the phone. If 
he can get your PIN from the 800 number then he can get all sorts of cash
from your card.

John Eaton
!hp-vcd!johne