simsong@MEDIA-LAB.MEDIA.MIT.EDU.UUCP (05/15/87)
Date: Wed, 13 May 87 10:40 EDT From: "Steven H. Gutfreund" <GUTFREUND%cs.umass.edu@RELAY.CS.NET> Subject: Phone card scam Does anyone have some reasonable technical suggetions about what could be done (I realize that a lot of ideas are shot down by the Long Distance Carries because of marketing and simplicity reasons) - Steven Gutfreund Sure. Hundred digit credit card numbers. Ok, twenty digits ought to be enough. Especially with the spiffy AT&T phones that automatically punch in your AT&T credit card number for you, there really isn't any reason (beyond convience for people at manual phones) not to use big numbers. At each central office, keep a list of every authorized credit card number. (How hard would that be? Figure 100,000,000 valid credit card numbers, 20 digits (10 bytes) each. With only BCD compression, this is only 1GB of storage, which could easily be distributed on a weekly basis. (Or looked up directly via some sort of packet switched network.) You could veryify a number in less than a second.)