Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!seismo!husc6!rutgers!ames!ucbcad!ucbvax!SEISMO.CSS.GOV!utah-cs!stride.stride.COM!unrvax From: unrvax@stride.stride.COM.UUCP Newsgroups: comp.dcom.telecom Subject: Submission for comp-dcom-telecom Message-ID: <8705220549.AA17027@stride.Stride.COM> Date: Fri, 22-May-87 01:49:01 EDT Article-I.D.: stride.8705220549.AA17027 Posted: Fri May 22 01:49:01 1987 Date-Received: Sat, 23-May-87 17:37:08 EDT Sender: daemon@ucbvax.BERKELEY.EDU Distribution: world Organization: The ARPA Internet Lines: 56 Approved: telecom@buit1.bu.edu Path: stride!utah-gr!uplherc!nrc-ut!nrcvax!ihm From: ihm@nrcvax.UUCP (Ian H. Merritt) Newsgroups: comp.dcom.telecom Subject: Re: TELECOM Digest V6 #51 Message-ID: <920@nrcvax.UUCP> Date: 18 May 87 18:19:48 GMT References: <8705142333.AA23356@media-lab.MIT.EDU> <8705150113.AA25364@media-lab.MIT.EDU> Reply-To: ihm@minnie.UUCP (Ian Merritt) Distribution: world Organization: The Frobboz Magic Telephone Co., Inc. Lines: 44 > > Date: Wed, 13 May 87 10:40 EDT > From: "Steven H. Gutfreund" > Subject: Phone card scam > > Does anyone have some reasonable technical suggetions about what > could be done (I realize that a lot of ideas are shot down by the > Long Distance Carries because of marketing and simplicity reasons) > > - Steven Gutfreund > >Sure. Hundred digit credit card numbers. Ok, twenty digits ought to be >enough. Especially with the spiffy AT&T phones that automatically >punch in your AT&T credit card number for you, there really isn't any >reason (beyond convience for people at manual phones) not to use big >numbers. > >At each central office, keep a list of every authorized credit card >number. (How hard would that be? Figure 100,000,000 valid credit card >numbers, 20 digits (10 bytes) each. With only BCD compression, this is >only 1GB of storage, which could easily be distributed on a weekly >basis. (Or looked up directly via some sort of packet switched >network.) You could veryify a number in less than a second.) Actually, that's exactly how the verification is done now. The AT&T CCIS (Common Channel Interoffice Signalling) network is employed for the inqueries to regional database sites (I don't recall thje AT&T term for them), and TSPS that handles the Calling Card service for them actually does the inquery for each attempt to use the card. The only thing you have suggested that would change the system is the additional digits. The problems are that it would be a bitch to memorize all that and difficult at best to type it all in error free. Remember there are often times you don't have your card with you to 'conveniently' insert into a handy-dandy slot phone, and such phones are not always available. I for one never carry my card; I just key it in from memory. I think it would be better extend the current scheme to a 7 digit PIN # (instead of the current 4). This would allow several new features I won't attempt to list here, it would improve security, and as mosty people have developed the ability to remember telephone numbers, the pin, being just another 7 digit number, would be easy to remember (without a card). Cheerz-- --i