Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sun-barr!lll-winken!telecom-request From: bicker@hoqax.att.com (Brian Charles Kohn) Newsgroups: comp.dcom.telecom Subject: Re: AT&T Card PIN Disclosed Message-ID: Date: 13 May 91 20:20:00 GMT Sender: Telecom@eecs.nwu.edu Organization: AT&T Bell Laboratories Quality Process Center Lines: 42 Approved: Telecom@eecs.nwu.edu X-Submissions-To: telecom@eecs.nwu.edu X-Administrivia-To: telecom-request@eecs.nwu.edu X-Telecom-Digest: Volume 11, Issue 356, Message 7 of 12 In comp.dcom.telecom, Jeremy Grodberg wrote on 9 May 91 22:20:30 GMT.: > I called AT&T to ask them to change [my PIN]. I had set my PIN over the > phone originally, and although I was somewhat worried about this, I > I was able to > believe that they were taking good security measures. Anyway, I > called and told the service rep that I had forgotten my PIN, and > wanted to change it. Again I was taken through the most rigorous > identification process of anyone I've done business with over the > phone, including banks and stock brokers. The service rep asked what > PIN I had used, at which point I was stunned; after a brief pause, I > said "I'm not supposed to tell anyone my PIN, you literature says that > real AT&T reps will never ask you for it." I believe the warning refers to the fact that no AT&T rep will ever call you and ask for it. In this case, you called them. It is assumed that you know who you called; That is not the case when you receive a call. > [many people use the] > same PIN all over the place, and allowing AT&T employees to see > customer's PINs, and access to their credit records and telephone > records, could be an invitation to fraud. One should never use the same PIN for more than one thing. Most BBSs, for example, allow the SYSOP to see your password. (UNIX will be our salvation, eh?) Brian Charles Kohn AT&T Bell Laboratories Quality Process Center Quality Management System E-MAIL: att!hoqax!bicker (bicker@hoqax.ATT.COM) Consultant PHONE: (908) 949-5850 FAX: (908) 949-7724 [Moderator's Note: Another thing I think our original correspondent neglected to note was that when calling *any* credit card organization to discuss changing your PIN, there is going to have to be some verbalization of the old PIN itself. Usually, discussions about the PIN itself are the only reasons the PIN need be recited, however. PAT]