Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!samsung!think.com!barmar
From: barmar@think.com (Barry Margolin)
Newsgroups: comp.org.eff.talk
Subject: Re: ANYONE CAN FIND MY CREDIT CARD BALANCE & LAST PMT
Message-ID: <1991Apr11.184329.11411@Think.COM>
Date: 11 Apr 91 18:43:29 GMT
References: <959@camco.Celestial.COM> <6750020@hp-vcd.HP.COM>
Sender: news@Think.COM
Organization: Thinking Machines Corporation, Cambridge MA, USA
Lines: 19

In article <6750020@hp-vcd.HP.COM> johne@hp-vcd.HP.COM (John Eaton) writes:
>I am assuming that the same PIN is used for calling card as well as Cash
>advances from ATM's. If someone finds your card and tries to get a cash
>advance then he only has three guesses before the ATM eats it. If he can
>have his computer call in and brute force the PIN via phone then he will
>probably be able to get cash off of your card.

Well, he can, even though the balance inquiry service doesn't use the same
PIN.  All he has to do is program his computer to try to make long distance
phone calls with my card number.  When he gets "Thank you for using AT&T"
he knows he has cracked it.

Hopefully AT&T keeps track of the number of wrong calling-card PINs given,
and disables the card after too many.
--
Barry Margolin, Thinking Machines Corp.

barmar@think.com
{uunet,harvard}!think!barmar