Something you have, something else you have, and, uh, something else you have
John Gilmore
gnu at toad.com
Fri Sep 17 19:43:33 EDT 2010
> I don't know how NZ banks do it; in the US, they use the phone
> number you're calling from. Yes, it's spoofable, but most folks (a)
> don't know it, and (b) don't know how.
No, they don't use the phone number to validate anything. I routinely
ignore the instructions to "call from your home phone". I call in from
random payphones to "activate" my cretin cards, and they activate just
fine.
Perhaps there's a database record made somewhere with the phone number
of that payphone -- but the card is active, and I could be stealing
money from it immediately.
Note also that their ability to get that phone number depends on the
FCC exemption that allows 800-numbers to bypass caller-ID blocking.
If the FCC ever comes to its senses (I know, unlikely) then making
somebody call an 800-number will not even produce a phone number.
John
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list