Steve Forrette <STEVEF%WRQ@mcimail.com> (04/09/91)
I was at Oakland International last week, and took a closer look at the Pacific Bell "airport" payphones. You know, the special ones, that accept coins or mag stripe cards, and have the LCD display (the ones that were in "Die Hard 2," supposedly in DC). Not only does the mag stripe reader take RBOC and AT&T calling cards, but it takes Visa, MasterCard, American Express, Diners, and JCB. This is the first RBOC payphone that I know of that takes commercial credit cards. When you use it, it's quite a Mickey-Mouse setup. If you use a calling card, the phone simply dials the number, waits for the ka-bong, then sends the card number and PIN via DTMF. It would take me longer to get the card out of my wallet then dial the numbers myself. And of course, that's assuming that I wanted to waste space in my wallet for the calling card anyway. But for the credit cards, it is even more silly. The phone dials a seven digit number into some computer verification system somewhere. The remote system answers with a short tone, then the phone sends the dialed number. Another remote tone, then your credit card number is sent out. This is all via DTMF and with the caller hearing the whole process. The credit card procedure takes many seconds to complete. Now, let's say I wanted to have some phun, and recorded the process at the payphone. At home, I could decode the digits by playing them to my voicemail board, or by using a test device of some sort. Then, from any phone, could I not call the seven digit number that the payphone did, enter the number I wanted to call, then my credit card number, and have the call billed to my credit account? Presumably, the charges wouldn't be too outrageous, since I'd be "using" a Bell payphone to complete the call, right? And as long as I used only my own credit card, would this even be considered phraud? This assumes that the number that the payphone called does not have Caller ID. Since Pacific Bell has SS7 mostly deployed in the Bay Area (although CLASS features aren't offered yet), it is conceivable that they can tell if the calling phone is really the payphone at the airport, since this use of Caller ID would clearly be for internal telco use. But, for some reason, I don't think that this is the case. I'd bet that I could use the above procedure to call from home. Here's a scenario for you: Let's say I were far away from the airport, and called the secret number it calls for credit card calls, send-paid from some other payphone. If I entered my credit card number and called someone, it would establish a pretty good alibi that I was at the airport at the time of the call, would it not? You know, sometimes I'm thankful that most of us Digesters aren't crooks! :-) :-) And since when did Pacific Bell get in the business of accepting major credit cards for phone calls, anyway? Steve Forrette, forrette@cory.berkeley.edu
John Higdon <john@zygot.ati.com> (04/11/91)
Steve Forrette <STEVEF%WRQ@mcimail.com> writes: > And since when did Pacific Bell get in the business of accepting major > credit cards for phone calls, anyway? When was the time before last that you went to the airport, Steve? Those major-credit-card-accepting stainless steel phones have been around for a long, LONG time. Like maybe pushing three years in the San Jose and San Francisco airports (I don't ever use Oakland). Re: your theory about the DTMF sequence working from lines other than the official payphone lines: yes, it does. John Higdon | P. O. Box 7648 | +1 408 723 1395 john@zygot.ati.com | San Jose, CA 95150 | M o o !
johnl@iecc.cambridge.ma.us (John R. Levine) (04/11/91)
In article <telecom11.281.7@eecs.nwu.edu> is written: > I was at Oakland International last week, and took a closer look at > the Pacific Bell "airport" payphones. ... My experience with those phones while waiting for a plane at San Jose one day is that half of them don't really work. That is, they can't read the stripe on any of my credit cards. > And since when did Pacific Bell get in the business of accepting major > credit cards for phone calls, anyway? Many BOCs have card reader phones, though none anywhere near as space age in appearance as Pac Bell's. Ameritech has a model that replaces the dial pad on a regular WECo payphone with a thing that has a touch pad, a card reader, and some other buttons used to select your favorite carrier. The coin slot works, too. In other places there are some coinless models that have a long card slot down the right side through which you swipe your card and buttons at the bottom. These phones are all programmed differently. For example, US West phones accepted non-AT&T calling cards such as MCI and Sprint's long before the ones around here (NYNEX) did, even though they're physically the same. (You could dial the call yourself, but that's much less fun.) All of them let you charge long distance calls to bank and T&E cards, and they all do so with a flurry of DTMF digits. They handle various telco calling cards pretty reasonably. For example, when I used my Sprint FON card at O'Hare earlier this week, as soon as it read my card it dialed three digits, presumably a speed dial code for Sprint's 800 access number. Then it waited while I dialed my number, and dialed the card number when it heard the burst of dial tone prompt. For an AT&T or LOC card, it does the same thing except that it doesn't dial anything before you enter your number. All in all, it's slightly faster than dialing by hand, assuming I'd have to get the card out of my wallet anyway to read the number. (Hey, I have five different calling cards and I can't always remember all the numbers.) Regards, John Levine, johnl@iecc.cambridge.ma.us, {spdcc|ima|world}!iecc!johnl
barmar@bloom-beacon.mit.edu> (04/12/91)
In article <telecom11.281.7@eecs.nwu.edu> STEVEF%WRQ@mcimail.com (Steve Forrette) writes: > But for the credit cards, it is even more silly. The phone dials a > seven digit number into some computer verification system somewhere. > The remote system answers with a short tone, then the phone sends the > dialed number. Another remote tone, then your credit card number is > sent out. This is all via DTMF and with the caller hearing the whole > process. The credit card procedure takes many seconds to complete. This sounds like it is emulating the procedure used by credit card verification devices that are normally connected to POS terminals. It's often much easier to implement a device that emulates an existing device than to get a new protocol adopted. Sure, a more appropriate protocol would be faster, but time to market is always important. > Now, let's say I wanted to have some phun, and recorded the process at > the payphone. At home, I could decode the digits by playing them to > my voicemail board, or by using a test device of some sort. Then, > from any phone, could I not call the seven digit number that the > payphone did, enter the number I wanted to call, then my credit card > number, and have the call billed to my credit account? Presumably, > the charges wouldn't be too outrageous, since I'd be "using" a Bell > payphone to complete the call, right? And as long as I used only my > own credit card, would this even be considered phraud? Some of the tones that it sends are presumably the vendor's ID (find a store that still uses the voice method of credit card verification, and notice that the cashier first tells them the store's ID number before telling them your credit card number), because credit card companies charge vendors a service fee. If you were to replay the tones, you would be fraudulently claiming to be PacBell, and incurring charges to them illegally. > Here's a scenario for you: Let's say I were far away from the airport, > and called the secret number it calls for credit card calls, send-paid > from some other payphone. If I entered my credit card number and > called someone, it would establish a pretty good alibi that I was at > the airport at the time of the call, would it not? This assumes that the ID number that the phone sends identifies the specific phone or location. I suspect it only identifies PacBell in general. It might work to establish an alibi that you were in PacBell's service area, but probably not much more specific than that. > And since when did Pacific Bell get in the business of accepting major > credit cards for phone calls, anyway? They're just a business, so why shouldn't they? Especially in airports, where many of the patrons are not from your service area so are unlikely to be good prospects for a PacBell calling card. Barry Margolin, Thinking Machines Corp. barmar@think.com {uunet,harvard}!think!barmar
Jim Gottlieb <jimmy@tokyo07.info.com> (04/12/91)
STEVEF%WRQ@mcimail.com (Steve Forrette) writes: > If you use a calling card, the phone simply dials the number, waits > for the ka-bong, then sends the card number and PIN via DTMF. > But for the credit cards, it is even more silly. The phone dials a > seven digit number into some computer verification system somewhere. The phone that has always intrigued me is the AT&T Card Caller Plus. It handles credit card calls the way most handle calling card calls. It just dials 0+ and enters some form of your credit card number after the ka-bong. I have always meant to tap the line of one to see what it dials but have never gotten around to it. If I could figure out what it dials, then anyone could place a credit card call through AT&T simply by dialing 0+. I once tracked down the guy at AT&T who designed that phone, but he wouldn't tell me :-(.
johnl@iecc.cambridge.ma.us (John R. Levine) (04/12/91)
In article <telecom11.285.2@eecs.nwu.edu> you write: > This sounds like it is emulating the procedure used by credit card > verification devices that are normally connected to POS terminals. Nope, the verification terminals use 300 baud ASCII with the classic and extremely cheap 103 FSK modem encoding. I know because a few years ago when I was at Javelin Software I programmed one of the PCs on our network to emulate one of them to verify and submit phone order credit card transactions from the order database. For payphones, they use DTMF since phones already have DTMF generators. Regards, John Levine, johnl@iecc.cambridge.ma.us, {spdcc|ima|world}!iecc!johnl
Nigel Allen <ndallen@contact.uucp> (04/13/91)
In Volume 11, Issue 285, Message 1 of 10, John R. Levine writes: > My experience with those phones while waiting for a plane at San Jose > one day is that half of them don't really work. That is, they can't > read the stripe on any of my credit cards. If your employer uses a magnetic card system (rather than conventional metal keys), you may find the magnetic stripes on your credit cards and telephone calling cards damaged quite often. (If this is happening, not only will you find it hard or impossible to use card reader phones; merchants who call for authorization on your credit card purchases will have to punch in your card number manually, and you won't be able to use a banking machine.) Credit card issuers and telephone companies realize that the magnetic stripe on their cards wears out for a number of reasons. If you have a card that won't work, just call the issuer and say that the magnetic stripe is damaged, and that you would like a replacement. As well, it's a good idea to carry your building access card (CardKey (R) or whatever) separately from your credit cards. Nigel Allen ndallen@contact.uucp
dag@uunet.uu.net> (04/17/91)
In article <telecom11.293.2@eecs.nwu.edu> ndallen@contact.uucp (Nigel Allen) writes: > In Volume 11, Issue 285, Message 1 of 10, John R. Levine writes:> > As well, it's a good idea to carry your building access card (CardKey > (R) or whatever) separately from your credit cards. When I worked at UC Santa Barbara a number of years ago one of the researchers was carrying a magnet from the third floor of Physics to the Free Electron Laser in the basement. The magnet was quiet powerful, I think it was used to aim the beam, in anycase, it erased not only all of his credit and atm cards, his digital watch failed to work as well. It's it fun to live in the technological era? :-) darren alex griffiths (415) 708-3294 dag@well.sf.ca.us