Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watmath!clyde!rutgers!ames!sdcsvax!ucbvax!MEDIA-LAB.MEDIA.MIT.EDU!simsong
From: simsong@MEDIA-LAB.MEDIA.MIT.EDU.UUCP
Newsgroups: comp.dcom.telecom
Subject: TELECOM Digest V6 #51
Message-ID: <8705150113.AA25364@media-lab.MIT.EDU>
Date: Thu, 14-May-87 21:13:23 EDT
Article-I.D.: media-la.8705150113.AA25364
Posted: Thu May 14 21:13:23 1987
Date-Received: Sat, 16-May-87 17:22:54 EDT
References: <8705142333.AA23356@media-lab.MIT.EDU>
Sender: daemon@ucbvax.BERKELEY.EDU
Distribution: world
Organization: The ARPA Internet
Lines: 23
Approved: telecom@xx.lcs.mit.edu


   Date:     Wed, 13 May 87 10:40 EDT
   From:     "Steven H. Gutfreund" <GUTFREUND%cs.umass.edu@RELAY.CS.NET>
   Subject:  Phone card scam

   Does anyone have some reasonable technical suggetions about what
   could be done (I realize that a lot of ideas are shot down by the
   Long Distance Carries because of marketing and simplicity reasons)

				   - Steven Gutfreund

Sure. Hundred digit credit card numbers. Ok, twenty digits ought to be
enough. Especially with the spiffy AT&T phones that automatically
punch in your AT&T credit card number for you, there really isn't any
reason (beyond convience for people at manual phones) not to use big
numbers. 

At each central office, keep a list of every authorized credit card
number. (How hard would that be? Figure 100,000,000 valid credit card
numbers, 20 digits (10 bytes) each. With only BCD compression, this is
only 1GB of storage, which could easily be distributed on a weekly
basis. (Or looked up directly via some sort of packet switched
network.) You could veryify a number in less than a second.)