home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!munnari.oz.au!spool.mu.edu!telecom-request
- Date: 2 Jan 93 11:36:23 EST (Sat)
- From: johnl@iecc.cambridge.ma.us (John R. Levine)
- Newsgroups: comp.dcom.telecom
- Subject: Re: Good Opportunity For Fraud
- Message-ID: <telecom13.3.1@eecs.nwu.edu>
- Organization: I.E.C.C.
- Sender: Telecom@eecs.nwu.edu
- Approved: Telecom@eecs.nwu.edu
- X-Submissions-To: telecom@eecs.nwu.edu
- X-Administrivia-To: telecom-request@eecs.nwu.edu
- X-Telecom-Digest: Volume 13, Issue 3, Message 1 of 12
- Lines: 31
-
- > [Zounds! The whole calling card number is on the mag stripe.]
-
- I think you will find that historically with telco calling cards there
- hasn't been a distinction made between a "non-secret" part, the first
- ten digits, and a "secret" part, the last four. In years past when
- calling fraud wasn't such an issue, the check code was so simple that
- the operator could validate it as the call was placed by checking a
- little cheat sheet. If a calling card number was compromised, the
- telco would issue an entirely made up number in which the fourth digit
- was a 1.
-
- The only use to date that I have found for the mag stripe on a calling
- card is in the card reader phones found mostly at airports, which read
- the whole calling card number and stuff it down the line at the
- appropriate time as you're making a phone call. These phones are
- already hard enough to use, and I suspect that if they read ten digits
- from the card and asked you to enter the other four by hand, nobody
- would use them at all.
-
- If you are concerned about the security of your calling card, leave it
- at home. Every phone I've ever seen that reads calling cards also
- lets you punch in the number by hand. Admittedly, then you have to
- look out for shoulder surfers, but I guess this again proves that
- there's no free lunch.
-
-
- Regards,
-
- John Levine, johnl@iecc.cambridge.ma.us, {spdcc|ima|world}!iecc!johnl
-
-
