cs4304ak@evax.arl.utexas.edu (David Richardson) (04/05/91)
(followups to alt.privacy. Change this if you need to). (X-posted to soc.college due to content). In article <959@camco.Celestial.COM> bill@camco.Celestial.COM (Bill Campbell) writes: [Bill called First Omni Bank & gave them his credit card number, & they gave him his balance. [The implication was that they didn't ask for other info to verify his identity - DWR]. ] >There's nothing to keep anyone with the phone number and an >account number from getting this information. How common is >this? Is there no protection from this? This brings up a very good point, for which I have a possible solution: Businesses which give out private information over the phone should have some way of identifying customers. It should be something not likely to be found with the primary identification (such as a credit card #). This means that anything commonly carried in a wallet is out (such as address, drivers license, etc.). I propose using whatever the customer wants to use, be it a PIN, a mother's maiden name, etc. On a related topic, our school in in the discussion stage of phone-in registration. When asked if he would pay a small extra fee to register over the phone, a student said "...but someone may abuse it by using another person's ID number." In this case, a PIN would probably be best. By the way, my credit card has a telephone-balance inquiry, & it required your 5-digit zip code (not to hard to get if someone steals your wallet). A BBS I use requires your mother's maden's name if you forget your password (I gave it my cat's name on the registration sheet). -- David Richardson U. Texas at Arlington +1 817 856 6637 PO Box 192053 Usually hailing from: b645zax@utarlg.uta.edu Arlington, TX 76019 b645zax@utarlg.bitnet, SPAN: UTSPAN::UTADNX::UTARLG::B645ZAX -2053 USA The Lord is my shepherd, I shall not want.