wmartin@ALMSA-1.ARPA (Will Martin -- AMXAL-RI) (01/25/89)
The recent discussion on PINs on cards in cleartext, and the Moderator's Note in Digest #23 on treating a Calling Card like a credit card (in regard to the individual being responsible for the first $50 in illicit charges on that card if it is stolen) prompts this note: First off, here in SW Bell territory, the PIN has *always* been on both the cardboard SW Bell calling card and the plastic AT&T card. So I was a bit taken aback when reading the posting of the individual who was outraged that the PIN was on his new card. I would contend that NOT having it on the card was the exception, and his telco was merely coming into line with the other BOC's in putting it on the card. (This is not a claim that having it on the card is a *good idea*; it just is how things are.) As regards equating calling cards with credit cards, I think I differ with the moderator on this. Also, I would be interested to see references which state that the calling card actually does fall under the federal credit-card regulations. As I recall, I never did request a calling card. It was sent to me by the telco on their initiative. I seem to recall that credit cards sent by an issuer when there was no specific request or application for them made by the individual do NOT fall under the $50 rule, but that those are specifically exempted. Also, I don't think that credit cards can legally be sent out to non-requesters, like they used to be. (If you recall, years back, firms like oil companies would send out credit cards en masse to college graduating classes and suchlike groups. That no longer happens. I think that was made illegal.) Since I haven't changed phone service in many years, I have no way of knowing how calling cards are now distributed. Maybe some others on the list can post their experiences; do you get a calling card in the mail automatically without requesting it when you set up new phone service? Or do you have to specifically request one to receive one (in writing or just verbally)? The other aspect that makes me wonder if calling cards are legally equivalent to credit cards is the fact that there is usually a secondary element of identification with the use of a credit card. In person, there is a signature. For telephone orders of merchandise to be shipped, some firms will ship only to the address-of-record of the credit card holder. (This latter admittedly breaks down, especially with regard to having gifts shipped to other people at Christmas, etc.) Plus there is a verification or check with the credit card company for charges over a certain dollar amount. Calling cards have no such secondary identification, nor do they have the verification process. (If they DID have the PIN issued separately, and require the user to type it in to complete the call, like an ATM requires for a transaction, then they *would* have a secondary identification, of course.) I believe that the calling-card-number info is stored and then run through the billing process in batch mode daily, right? So the use of a stolen calling card or an illicitly-acquired number would only be detected after-the-fact in that batch run. (I may well be wrong on this -- maybe there is a massive central on-line database to catch illegally-used calling card numbers as they are used. Is there? There would have to be one for each LD carrier, I guess...) All this leads me to contend that calling cards are not legally the same as credit cards. Therefore, we cannot maintain that regulations referring to credit cards apply to calling cards. However, that doesn't mean that tarriffs or contracts do not contain wording that may actualy result in the obligations of a calling card holder being similar to those of a credit card holder. But that would then differ with each issuer. Will Martin
edell%garnet.Berkeley.EDU@ucbvax.Berkeley.EDU (Richard Edell) (01/27/89)
According to a copy I have of "Regulation Z - Truth in Lending" (published by the Board of Governors of the Federal Reserve System) public utility credit is exempt from Regulation Z (Section 226.3.c); and it is this regulation (Section 226.12 - Special Credit Card Provisions) that provides the consumer protections we're talking about (card must be requested, $50.00 limitation of cousumer libility, etc.). If Regulation Z is the only source of these protections and if public utility credit is exempt, then these protections do not apply to consumer credit. But, I guess you can call Calling Cards credit cards. (Note: this exemption only applies to public utility services (not equipment) for which the charge are regulated by any government unit.) -Richard Edell
steve@apple.com (Stevie Lemke) (01/29/89)
Sorry if this has already been discussed (don't know how I could've missed it, but anyway...): Is the four digit PIN on a calling card computed from some sort of algorithm or is it randomly assigned for each phone number? It just seems strange that just about any phone anywhere can instantly tell if you dialed the correct PIN that corresponds to your calling card number. I realize computers are really fast these days and all, but I just thought it might be some sort of algorithm or something. However, that brings up the issue of what happens when someone discovers your number and you have to request a new one, so they can invalidate the old one. I've never had this happen, so I'm not sure what the procedure is. The only thing that got me thinking about this was this: I have a calling card from GTE for my home phone. I recently called AT&T to ask them for one of the magnetic (plastic) cards since my paper one doesn't work in the neat AT&T phones with card readers. I gave the AT&T employee my phone number, but not my LD PIN. She said the card that would be sent to me would have the same PIN as my GTE card. I was wondering if this was some sort of "PIN-sharing" they have worked out, or if they use this "algorithm". I guess it must be a database, but does anyone have any more positive info. on this? ----- Steve Lemke ------------------- "MS-DOS (OS/2, etc.) - just say no!" ----- Internet: steve@ivucsb.UUCP AppleLink: Lemke ----- uucp: apple!comdesign!ivucsb!steve CompuServe: 73627,570 ----- Quote: "What'd I go to college for?" "You had fun, didn't you?"
karl@ddsw1.mcs.com (Karl Denninger) (01/29/89)
In article <telecom-v09i0036m02@vector.UUCP> comdesign!ivucsb!steve@apple.com (Stevie Lemke) writes: >X-TELECOM-Digest: volume 9, issue 36, message 2 > >Sorry if this has already been discussed (don't know how I could've missed >it, but anyway...): > >Is the four digit PIN on a calling card computed from some sort of algorithm >or is it randomly assigned for each phone number? It just seems strange that >just about any phone anywhere can instantly tell if you dialed the correct >PIN that corresponds to your calling card number. A few years back I knew a person who had a matrix (on paper) of the mapping for these numbers. It was _SIMPLE_; only one or two digits of the "PIN" controlled whether the number you entered worked, and those digits mapped to your phone number. The algorythm was also 'dense' in that more than one mapping was valid (I got curious about the table and mapped my own phone number -- the number calculated did NOT match the one the Telco had issued but BOTH worked!) Thus it was possible (but highly illegal) to bill calls to numbers like "1-555-000-0000"! These calls would COMPLETE -- who knows where the bill went to. I assume that eventually these calls would end up in the "no such account" bin, and someone would get interested in them..... The worst part of this, of course, is that given a person's phone number you could bill calls to their line (!) Supposedly the information came from a group of people at a local university that had done a computer analysis on a large number of valid CC #s to derive the algorythm. Who knows if that part was true..... or where they got the "large number of valid CC#s" to start with..... for all I know he figured it out himself. I've no idea if this kind of thing is possible anymore - - but some years ago it certainly was! I would assume the telephone companies have something better than a simple digit-mapping scheme now if it is still based on an internal computation at all. -- Karl Denninger (karl@ddsw1.MCS.COM, ddsw1!karl) Data: [+1 312 566-8912], Voice: [+1 312 566-8910] Macro Computer Solutions, Inc. "Quality solutions at a fair price"
johnl@ima.ISC.COM (01/30/89)
In article <telecom-v09i0036m02@vector.UUCP> comdesign!ivucsb!steve@apple.com (Stevie Lemke) writes: >Is the four digit PIN on a calling card computed from some sort of algorithm >or is it randomly assigned for each phone number? ,,, It's random. My cousin who runs a little telco in western Vermont had to write a program for his computer to make up PINs for his few customers who want calling cards. The PINs are all stored in a huge replicated data base. He said that there is a very complicated multi-step procedure to get his updates into the data base. As has been noted before, AT&T shares calling card numbers with the local operating companies, other LD companies generally don't although they are starting to now. Regards, John Levine, johnl@ima.isc.com