Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!wuarchive!ukma!usenet.ins.cwru.edu!tut.cis.ohio-state.edu!n8emr!colnet!res
From: res@colnet.uucp (Rob Stampfli)
Newsgroups: comp.org.eff.talk
Subject: Re: ANYONE CAN FIND MY CREDIT CARD BALANCE & LAST PMT
Message-ID: <1991Apr14.180829.17125@colnet.uucp>
Date: 14 Apr 91 18:08:29 GMT
References: <6750018@hp-vcd.HP.COM> <1991Apr10.161630.3499@sequent.com> <1991Apr10.210855.6250@athena.mit.edu>
Organization: Little to None
Lines: 14

In article <1991Apr10.210855.6250@athena.mit.edu> janson@athena.mit.edu (James A Anderson) writes:
>in order to reduce the exposure to unauthorized access, erroneous PIN's [given
>over the phone] are handled as if they had been entered at an ATM: once three
>errors have been made, no access is permitted.
>that restriction remains in effect for 24 hours (both by phone and at an ATM)

This causes a new potential for abuse, though.  Suppose I dislike you for some
reason.  With the mere knowledge of your credit card number (which I could get
if you ever use your card in my store) I can effectively prevent you from
using it at any ATM for an extended period by simply making a few phone calls
per day.  And, there is very little chance I would ever be caught, if I took
some relatively simple precautions.
-- 
Rob Stampfli, 614-864-9377, res@kd8wk.uucp (osu-cis!kd8wk!res), kd8wk@n8jyv.oh