Path: utzoo!telecom-request Date: Thu, 11 Apr 91 18:11:20 GMT From: Barry Margolin Newsgroups: comp.dcom.telecom Subject: Re: Pacific Bell "Airport" Credit Phones Message-ID: Organization: Thinking Machines Corporation, Cambridge MA, USA Sender: Telecom@eecs.nwu.edu Approved: Telecom@eecs.nwu.edu X-Submissions-To: telecom@eecs.nwu.edu X-Administrivia-To: telecom-request@eecs.nwu.edu X-Telecom-Digest: Volume 11, Issue 285, Message 2 of 10 Lines: 57 In article STEVEF%WRQ@mcimail.com (Steve Forrette) writes: > But for the credit cards, it is even more silly. The phone dials a > seven digit number into some computer verification system somewhere. > The remote system answers with a short tone, then the phone sends the > dialed number. Another remote tone, then your credit card number is > sent out. This is all via DTMF and with the caller hearing the whole > process. The credit card procedure takes many seconds to complete. This sounds like it is emulating the procedure used by credit card verification devices that are normally connected to POS terminals. It's often much easier to implement a device that emulates an existing device than to get a new protocol adopted. Sure, a more appropriate protocol would be faster, but time to market is always important. > Now, let's say I wanted to have some phun, and recorded the process at > the payphone. At home, I could decode the digits by playing them to > my voicemail board, or by using a test device of some sort. Then, > from any phone, could I not call the seven digit number that the > payphone did, enter the number I wanted to call, then my credit card > number, and have the call billed to my credit account? Presumably, > the charges wouldn't be too outrageous, since I'd be "using" a Bell > payphone to complete the call, right? And as long as I used only my > own credit card, would this even be considered phraud? Some of the tones that it sends are presumably the vendor's ID (find a store that still uses the voice method of credit card verification, and notice that the cashier first tells them the store's ID number before telling them your credit card number), because credit card companies charge vendors a service fee. If you were to replay the tones, you would be fraudulently claiming to be PacBell, and incurring charges to them illegally. > Here's a scenario for you: Let's say I were far away from the airport, > and called the secret number it calls for credit card calls, send-paid > from some other payphone. If I entered my credit card number and > called someone, it would establish a pretty good alibi that I was at > the airport at the time of the call, would it not? This assumes that the ID number that the phone sends identifies the specific phone or location. I suspect it only identifies PacBell in general. It might work to establish an alibi that you were in PacBell's service area, but probably not much more specific than that. > And since when did Pacific Bell get in the business of accepting major > credit cards for phone calls, anyway? They're just a business, so why shouldn't they? Especially in airports, where many of the patrons are not from your service area so are unlikely to be good prospects for a PacBell calling card. Barry Margolin, Thinking Machines Corp. barmar@think.com {uunet,harvard}!think!barmar