roy@uunet.uu.net> (01/31/90)
In article <3266@accuvax.nwu.edu>, rsiatl!jgd@gatech.edu (John G. De Armond) writes: > The reason for this is simple. All Visa/MC/Amex type and the phone > company credit cards ("phone company" means most BOC or AT&T) follow a > published standard of checksuming the digits of the card. The last > digit is a derived value based a computation of a sum-of-the-digits > algorithm. This algorithm is not a simple add-the-digits routine but > I don't have the specifics handy. This is interesting... a short time ago, I had the bad luck to transmit my calling-card number on a multi-line BBS here in Anchorage. Even though the chances of the other participants recognizing it was very small, I'm a security-concious kinda guy, so I immediately called Alascom to cancel my card. (as an aside, it took about 12 minutes and 3 supervisors to unearth the US-West 800 number I was to call. The 800 gave me a recording, and asked me to leave a message with the requisite CC data). The following Tuedsay (as this happened on Friday night), I got a call from Anchorage Telephone Utility, asking if I would like the card re-issued with a new PIN. I agreed, and my new card was sent out. The new card number is _exactly_ the same as the old one, save for the 4-digit PIN at the end. > Another interesting fact concerns the insecurity of PINs. We already > know that the last digit is computed. On most AT&T/BOC cards, the PIN > starts with a "2". Alaska PINs don't seem to start with '2', and both of my 4-digit PINs have different beginning digits. Does this mean that if I were to compute a 'logically correct' 14-digit CC number, I could slip it by the AOS sleazeballs? (not that I'm planning it, but.....:-) Roy M. Silvernail | UUCP: uunet!comcon!roy | "Every race must arrive at this #include <opinions.h>;#define opinions MINE | point in its history" SnailMail: P.O. Box 210856, Anchorage, | ........Mr. Slippery Alaska, 99521-0856, U.S.A., Earth, etc. | <Ono-Sendai: the right choice!>