Conference back40::soapbox

>                      <<< Note 770.0 by NETCAD::CREEGAN >>>

> (One guess who stole it.)

	Clinton?

	Not another scandal..... geeze....

re .0:

Citibank has gone one better.  They'll put your picture on the card.  Surely
you've seen their ad campaign.

re "whodunit" - surely some lowlifes have learned the parking lot of the place
is a good place to find unattended and often unlocked cars waiting to get
worked on or waiting for the owner to pick it up.

    She should've had her purse with her.  DUH.  
    
    Been there, done that.  Learned the hard way.

    
    	RE: .4
    
    	Well, it wasn't HER fault.  The baby was supposed to be keeping
    	an eye on it for her.
    

I have a citibank mc with my picture.  You call them ask for the form and they
send it to you  in the mail.  You fill it out and include a picture of yourself
that they put on the front of the card.

No charge.  Everytime I use it people ask me why all cards don't do this.

I guess it doesn't help for phone orders, but it's a start

   .5  aagagagoogooga.

| <<< Note 770.6 by CADSYS::FENNELL "Nothing is planned by the sea and the sand" >>>


| I guess it doesn't help for phone orders, but it's a start

	Well, the jetson's phone is pretty close, so soon it will be ok....

    RE: .0

>    ... she
>    isn't going to endorse the back of it.  Instead she is going to
>    write in on the space, "Request picture ID".   

    I've been doing this for about 7 years, and it doesn't do any good. 
    I've only once been asked by a restraunt for ID (less than 1% of the
    time) and only about 10-15% of the time elsewhere.  Some places always
    ask for ID (WalMart), which means you know to avoid those places if you
    have a stolen card.

    I did have one person ask why the signature on the back of the card
    (which had printed "Ask for Photo ID") didn't match the slip I just
    signed.  

    -- Dave

    I hardly ever notice clerks flipping the card over to look at the
    signature anyway...

    At a Sears auto department today they made my friend sign the credit
    card slip over an electronic pad that displayed his signature on a
    screen facing the clerk.  I expect they could also store it, send it to
    different places, have it stolen, etc.  I wonder how safe that is?

    .11
    
    They try to do that to me, too.  I say no.  They take the slip out of
    the electronic gadget and let me sign it with an ordinary pen.

    Me too.  They have no more right to digitize your signature than to
    know your SS number.  It never ceases to amaze me that people express
    all sorts of paranoia about the government while giving info to
    private enterprises with gay abandon.  

      Thats some kind of abandon!!!

    re: digitized signature
    
    We talked about this here a year or so ago.  If they really want it,
    all they have to do is run a scanner over it after you've signed it
    with an old-fashioned pen.  It doesn't matter if you resist, they've
    got the signature one way or the other, and they'll do what they
    want with it.
    
    Given today's technology, your signature is worth squat.  Of course,
    that works both ways.  If anyone tried to produce a phony receipt or
    contract or whatever with my "signature" on it (that I actually didn't
    sign), I'd laugh at them, "BFD, I've got a scanner, too, ha-ha, see
    you in court", etc.
    
    Chris

    
    	Why did the woman leave her pocketbook in her car ?  If
    	I ever do that, I take my wallet out and make sure the
    	pocketbook is not in full view.
    
    	re: signatures - the last two times I presented credit cards
    	without signatures, I had to present my license, and was told
    	to sign the card before the cashier would accept the charge.
    
    

    credit card fraud can be lumped in the category with phone card fraud
    -- it happened to me  - I received my phone bill one month and found a
    pile of calls to Hong Kong and Germany.  I thought how could that
    happen?  I rarely make long distance calls from a pay phone...and I
    still dont know.  The phone company was quite
    good about the whole thing and wiped the calls off my bill without the
    20 question routine.  who do you think pays for the fraud of these few bad
    apples that spoils the barrel?  we all do.  it's a low down dirty
    shame.
    
    /p.
    
              

	My favorite kind of abandon! 

    Isn't there credit card insurance with the card? Some do allow this
    incase of fraud or stolen cards.
    
    

    .15
    
    The difference is that a "live" digitized signature can capture
    biometric and biomechanical data as well as a simple pixel ink facsimile.
    One day you'll walk into court to find that there was overwhelming
    circumstantial evidence to prove that it was you and only you that drew
    the mystery $100 from the ATM.  They'll have your fingerprints, signature
    meta-data, retinal scan and body odor sample to prove it.
    
    People of earth awake! Your personal identities are being secretly cloned
    by the triangular commissars.
    
    

    |the triangular commissars.

    Is that like the Trilateral Commission?

    That's it.  I knew there was three of the buggers.

	What I hate is when they go off and ask for your home address, even if
you pay cash. I always say no, skip that. They say they need it for their sale.
I then say go without it, or get no sale. 


Glen

    **NEWS FLASH**
    
    Citibank and Sears don't do jack if you pay cash.
    That's what I do. No picture ID, no signing anything, no
    phone numbers.....
    
    Y'all beef about electronic survellience and scanners and the
    buggy-man while charging stuff and writing checks and using ATM
    machines (and cellular phones).  Go figure.
    
    MadMike

    re: Note 770.17 by TROOA::SUMMERS
    
    Do you have a cellular phone?  I'll bet you do.  Next question is,
    did you use it near an airport lately?
    
    I could have your phone number and everything else within 1 minute
    of you turning the thing on.  Then I'll have until you get the bill
    to call all over the world looking like you.  What phone companys
    do now is say "Hey, Summers... you calling Tokyo right now?  From LA?"
    No!?  They kill your account immediatly.
    
    It's called "cloning" and it's easy.
    
    MadMike

    re: Isn't there credit card insurance with the card? Some do allow this
    } incase of fraud or stolen cards.
    
    Credit insurance protects the card issuer in the event you can't
    pay your bill anymore.  They'll pay themselves the minumum payment
    due until you get a job, or croak, or go bankrupt or whatever.
    
    If your card is lost or stolen, and you cancel your account right now,
    anything getting charged from that time on is UNAUTHORIZED by you
    and therefore, you're not obligated to pay for it.  That's why
    the store will call in a charge for a pack of gum even.  The whole
    deal is "authorized" purchases.  Once you notify the card company,
    you're off the hook.
    
    This is a benefit of having only ONE GOOD CARD.  In case bad things
    happen, you call one person, not 25 different places.
    re: Checks... if you carry only one or 2 checks in your purse/wallet,
    the potential damage for mis-use is minimized.  Plus joe CROOK won't
    have complete financial details of the person he just ripped off.
    
    MadMike  

    re:.24
    
    I have been assured by my mobile phone network providor that at this
    moment in time it is not possible to clone a digital phone. Nor is it
    possible to use a scanner to "tap" what you are saying. 
    
    Therefore don't use analogue phones, if you have one change it, and go
    digital. My phone company make a profile of calls and locations I phone
    from. If I suddenly call from the other side of the country, when I
    have just called from my house, or car, then it is stopped,and I am
    called. 
    
    As a last resort I have phone insurance that covers that sort of crap
    anyway.
    
    Steven F.

    A friend of mine suddenly had strange charges on his phone credit card,
    and the company asked him where he had used the card lately.  The only
    place was from an airport in Texas.  The phone company said that was
    likely the place where he got the number ripped off, by people who
    stand around near phones just for that purpose.  They look over your
    shoulder while you punch in the code.  They sell the numbers, which can
    then be used until the next bill comes in.  It's BIG business.
    
    So don't let anyone see what you're punching in, or hear when you say
    your number.
    
    As for cell phones -- cloning is such a problem that they have cut off
    much of the cell phone access in New York City for a while.  I forget
    exactly what they did, but I believe the only way you can make a cell
    phone call in NYC now is to use your credit card.  The company I talked
    to about getting a cell phone told me that people with receivers just
    wait in places where they can pick up the ident strings from people's
    cell phones when they periodically identify themselves to the local
    cell, or when people make a call.  LIke they might hang around on
    overpasses over busy interstate roads where people are likely to make
    calls, especially when they are stuck in gridlock at rush hour. 
    Airports, train stations, etc. are also good places.
    
    It is easy to reprogram a cell phone chip with the stolen info, thus
    producing a clone that is good until the bill comes in or it is
    otherwise detected.  Seems like encryption would easily prevent
    cloning, I wonder why they haven't done that?

        re.28

    The method you are talking about for cloning only applies to analogue
    phones. Digital phones are not susceptible to clonning. 
    We have the same problem over here in the UK. It is really bad at the
    Airports, and in central London.
    
    Steven F.

There are no digital phones available in most of the United States.

We do not have GSM, and it is not planned.

There is a little bit of 1.8 GHz digital beginning to be available;
but it's useless outside Washington, D.C. so far.

/john

    bummer hey
    

    re: .30
    
    John,
    
>There are no digital phones available in most of the United States.
    
    You mean that the ad with the headline 'DIGITAL PCS' REALLY was a
    half-page ad for our PCs that AT&T wireless placed in the Dallas
    Morning News recently, and not for a digital phone? Or are they lying
    about the phone being digital?  Or do we now make phones and didn't
    tell anyone??
    
    Do you mean that there are plenty of digital phones and not a whole lot
    of digital cells or am I confused about the whole thing?
    
    Bob

Maybe that's the second or third city in the country with digital PCS.

It won't work when you drive from Dallas to Houston, though.  Still need
analogue in 99.9 percent of the country.

/john

    What is it that makes digital unclonable?

    
    when i was working at kate's hallmark over this past year, i can say
    that i always checked the signatures on credit cards and receipts.  and
    if i didn't think it matched, i asked to see a license.  and
    occassionally, someone would come in with a new card, unsigned.  i'd
    have them sign it and also produce a photo i.d. for verification.  and
    once, i had a customer who, on the back of her c.card, signed "please
    see license".  i though that was great.  and since i knew i always
    checked signatures (to the best of my ability), i have also noticed how
    many other clerks out there don't.  it's almost like they got the sale,
    so they don't care where the money comes from.
    

    re:-1 I think, don't quote me, it uses a spectrum of frequencies, and
    changes through these. So you only get a fraction of the signal at a
    certain frequency. Not long enough to pick up the Ident , and certainly
    not long enough to clone, or record the converstaion.

	I had gotten a call from Citibank once. I was going to be in a wedding,
so I thought it would be cool to buy a tux. So I did. I also got the shoes,
the whole get-up. I bought the wedding gift on it at this real nice glass shop.
They called me to ask if someone had stolen my card. They had only seen
purchases of t-shirts and jeans. :-)

    re: .33
    
    So combining what you are saying with the fine print in the ad, I
    suspect that this is a digital cellphone with automatic switch-over to
    analog where digital is not supported.  The fine print did say
    something about some of the features only being available in the DFW
    area.
    
    Thanks for helping clear that up.
    
    Bob

    If the cell receiver can follow the changing freqs, why couldn't
    another receiver?  I don't see how you could prevent it without
    password generated encryption of some kind.

    re:.39
    
    Dunno

It isn't because it's digital that it's unclonable.

It's because the GSM authentication protocol is encrypted.

Even in the analogue system, the authentication protocol is digital.

The older protocol invented for cellular phones fifteen years ago simply
sends the phone number and the phone serial number (in a digital modem
stream), and the two have to match.  So if you eavesdrop with a digital
modem you can pick up all the information you need.

In the GSM authentication system, there is an encrypted challenge/response,
sort of like Kerberos.

/john

>In the GSM authentication system, there is an encrypted challenge/response,
>sort of like Kerberos.
    
     So you are effectively prevented from using your own phone?

    > So you are effectively prevented from using your own phone?
    
    Promotes greater safety on the highways.

>  <<< Note 770.28 by RUSURE::GOODWIN "Sacred Cows Make the Best Hamburger" >>>
>    It is easy to reprogram a cell phone chip with the stolen info, thus
>    producing a clone that is good until the bill comes in or it is
>    otherwise detected.  Seems like encryption would easily prevent
>    cloning, I wonder why they haven't done that?

Because they have a bullet-proof scheme for making sure no one ever steals
info transmitted on a cell phone: a law making it illegal to listen.

We (radio hobbyists) tried to warn people ten years ago when the idiots in
Congress passed this. Hey, it was cheaper than doing a little work to make
the cellphone network truely secure with encryption, so enjoy your low rates.
They'll last until theft becomes so widespread that an encrypted system has
to be built anyway, as predicted.

    
    You'd be surprised what credit card thieves will do to take full advantage
    of you.  To make a long story short, I have a friend who had a (one of 
    many) credit card stolen from a locker at his health club.  A few days
    later, he received a call from a representative from that Credit Card 
    Agency (purportedly), questioning why he had repeatedly attempted to 
    exceed his purchase limit and were therfore performing a standard security
    check.  They gave him examples of the purchase items, which he didn't 
    recognize, and then asked him if its possible that his card had been 
    stolen.  He checked his wallet and sure enough, it was missing.  The 
    credit rep said not to worry, and that they would freeze his account, etc.
    until further notice.
    
    A couple weeks later, another representative from this credit agency
    called and asked similar questions.  My friend explained that he
    already had this discussion with a rep sometime ago, and they had
    assured him that it was taken care of.  
    
    The first credit rep was actually the thief, who had apprently looked
    in the phone book, got his number, called him and claimed to be from
    the agency.  This bought him some time to spend more of my friend's
    money.  In the end, my friend owed the agency $500.  
    
    Unreal.
    
    JAW
    

    
    
    Haven't read all the replies, but I know that if there is a money
    system such as credit cards then there will be a way to beat it.
    
    There are some semi-smart individuals in this conference..how would you
    design an intruder-safe cash system that is still affordable?
    
    John
    

    Nothing is fool proof.  You can break into anything if you put your
    mind to it.  IMO:  Foreign governments will be "players" in heisting
    money in the (near) future.  Industrial and economic espionage.
    For protection on the personal front, keep away from electronic
    systems.  Use cash.  Of course, that brings up other "problems",
    but they can be remedied if you think about it.  You can't steal
    something if you aren't using it.  Think of the places of failure:
    
    wallet/purse.  Home.  Financial institution.  Working backwards,
    at the financial institution you are protected up to $100K.
    Park large summs there.  Home, hidden safe.  Electronic records
    are on a computer maybe?  Use encryption, and have backups.  Or,
    use removable media and put that in the safe with the spare cash.
    On your person, carry ONLY what you need.  (example:  Drivers license,
    1 visa card, a check or two and $20 cash).  Or $100 cash and no
    credit/checks.  whatever.
    
    On the non-electronic front:
    Keep in mind, the United States has a unique printing press for
    printing federal reserve notes.  There is only one other country in
    the world with the same type of press.  Iran.   

>    Keep in mind, the United States has a unique printing press for
>    printing federal reserve notes.  There is only one other country in
>    the world with the same type of press.  Iran.   

well if Iran has the same type of press the Federal Reserve press isn't unique,
is it?

  .48  ;>

Sometimes things like this just jump out at me.

    For "has a unique printing press," substitue "has a narrowly-missing-
    being-unique-by-virtue-of-the-fact-that-there's-another-one-somewhere-
    else printing press."

    
    	Or just use "penultimate".
    

    SPEW!

    There is a principle used by the gaming industry to help keep money
    straight -- always keep two databases, not accessible to the same
    people, which must always agree with each other.
    
    Example, you walk into a casino and buy a smart card with $100 on it (I
    don't know if this is generally available yet, but I was working on a
    prototype for a while), and what you get is a little smart card with
    your $100 on it in the form of credits.  A copy of the $100 on your
    card is also on the casino's database on their central computer.  
    
    When you walk up to a slot machine and plug in your card, the balance
    on your card is compared with the balance in the central computer, and
    the two have to match or you can't use the card.  Your card requires a
    PIN to be used.  It also has an internal password that is changed each
    time you write to it.
    
    If the same technology were used for your VISA card, nobody would be
    able to use your visa card unless they had the physical card in their
    possession.  That would cut down a lot on the theft of card numbers.
    
    But that would leave a problem for purchasing things by phone or mail.
    There ought to be some way to fix that, but it would probably take some
    hardware at home to read and write your card. 

    Alright madman... unique style press.  Found only in the US and Iran.
    
    Howboutthat?

    > unique style press.
    
    All styles are unique.  Each one is different from all the others.
    
    \hth

    .54
    
    
    I believe Carte Bleu in France already applies that technology.  The
    have a test installation in one town where you can use the card for all
    transactions - a cash free zone.

    When my daughter came back from Paris she had a smart card they use
    there for public phones.  Said they use smart cards for all kinds of
    things like that.
    
    There are other European countries that use smart cards a lot too.  How
    come the US is so far behind in things like these?
    

    I still have the "smartcard" I used for BT phones in the UK last time I
    was there.  Convenient, surely, but not secure; there's no PIN or other
    mechanism to prevent a thief from using the card.

    No, phone cards and subway cards wouldn't need much in the way of
    security.  But a bank card would.  The ones we were programming for the
    casino project had some internal smarts such that if you accessed one
    with the wrong PIN, it would self destruct, and never be accessable
    again.  If you got past the PIN OK, then if the balance on the card did
    not match the balance in the host computer, the software would not let
    you use the card, either to put more money on it or to play it in a
    slot machine.  We were planning to add some DES encryption to the
    system eventually, so it should be fairly tamperproof.  The casinos are
    frequent targets of high tech thieves, which somehow never seemed all
    that unfair to me, all things considered.  :-)
    

    Why does the US not have smart cards?
    
    This one's for you Shawn.
    

    
    	RE: .60
    
    	Self-destructs upon entering wrong PIN?  Hopefully you'd get
    	more than 1 chance [3 is a good number] to account for typos.
    
    
    	RE: Colin
    
    	Too easy.  That's like asking why Poland doesn't use Smart
    	Cards.
    

    >Self-destructs upon entering wrong PIN?  Hopefully you'd get
    >more than 1 chance [3 is a good number] to account for typos.
    
    It's not actually the PIN that causes self destruction, it is an
    internal password that gets changed each time software accesses the
    card.  That same software will give you 2nd chances with the PIN, but
    if the software screws up calculating the card's internal password, as
    a hacker's program might, then the card is invalidated for good.

    >>That's like asking why Poland doesn't use Smart Cards.
    
    you can be a real bonehead, shawn...
    
    
    
    

I've never been to Poland, but many Romanian pay phones use a smart card.
I think Poland is more technologically advanced than Romania.