payment system fraud, etc.

Jerrold Leichter jerrold.leichter at smarts.com
Sun Jul 10 00:25:15 EDT 2005 

| Jerrold Leichter <jerrold.leichter at smarts.com> writes:
| > In doing this calculation, be careful about the assumptions you make
| > about how effective the countermeasures will be.  The new systems
| > may be more secure, but people will eventually come up with ways to
| > break them.  The history of security measures is hardly encouraging.
| 
| I'm not sure I agree with that, and I'll tell you why.
| 
| Take the case of NAMPS cell phone fraud. At one time, phone cloning
| was a serious problem. The main issue was that people could simply
| listen in on call setup and get all the information they needed to do
| phone fraud. Once strong crypto was used to authenticate mobiles with
| the deployment of digital cellphone networks, mobile phone cloning
| fraud didn't just shift around, it almost completely vanished....
It's very difficult to get a "clean" experiment on something like this.

There is no doubt that going from NAMPS to digital cellphone networks raised 
the cost of phone cloning or related methods for getting uncharged/mischarged 
service considerably.  However, at the same time, the cost of *legitimate* 
cellphone service fell dramatically.  When you can get 500 minutes of free 
calls to anywhere in the US for around $40/month (with various hours or calls 
to customers of the same carrier free on top of that), just how much does it 
pay to clone a phone?  Overseas calls probably provided some incentive for a 
while, but soon their prices dropped radically, pre-paid, cheap phone cards 
became widespread (and were probably stolen) - and more recently services like 
Skype have reduced the cost to zero.

The only remaining reason to clone a phone is to place untraceable calls - but
you can do as well by buying a pre-paid phone and the number of minutes of
airtime you need, paying cash, then tossing the phone.  (Using a clone phone
for this purpose was getting rather dangerous toward the end of the NAMPS era
anyway as the providers started rolling out equipment that recognized the
transmission signatures of individual phones.  Generally, this was aimed at
preventing clones from operating, but it could as well be used to recognize a
given clone regardless of the identification info it sent.)

A better history to look at might be satellite TV subscription services, which
took many generations of allegedly secure cryptography to get to wherever they
are today (which as far as I can tell is a non-zero but tolerably low rate of
fraud - the cost of entry to satellite TV subscription fraud these days is
very high).
							-- Jerry


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list