Tuesday, June 16, 2009

Re: [asterisk-biz] fraud detection & verification like craigslist

>>-----Original Message-----
>>From: asterisk-biz-bounces@lists.digium.com [mailto:asterisk-biz-
>>bounces@lists.digium.com] On Behalf Of Trixter aka Bret McDanel
>>Sent: June-16-09 8:14 PM
>>To: Commercial and Business-Oriented Asterisk Discussion
>>Subject: Re: [asterisk-biz] fraud detection & verification like
>>craigslist
>>
>>On Tue, 2009-06-16 at 19:34 -0400, JARROD LASH wrote:
>>> They are most likely looking up the TN in LIDB. Since its so easy to
>>> buy a DID online anymore and spoof caller id they are probably trying
>>> to make sure this isnt happening because of all the fraud and whatnot
>>> on craigslist.
>>
>>
>>
>>I want to change tack on this a bit, aside from someone who either set
>>up the system, was involved in the discussions on how they are going to
>>implement it, etc we can never know for sure how they are doing it.
>>
>>So how about this why dont we discuss ways that would be useful in
>>identification verification, and related things. Basically discuss
>>what
>>could be used to implement a system like what craigslist does.
>>
>>As mentioned, there is LIDB which includes a special billing number (my
>>guess is most providers set this to the master number of the account
>>holder - ie the provider), class of service (which may or may not be
>>set
>>to a standard pots line but might be set to something else), calling
>>name (often not set for VoIP), and the account owner which is most
>>likely set to the provider the telco assigned the DID to.
>>
>>there are CNAM queries, if you are connected properly and someone calls
>>in you can potentially get the BTN (billing telephone number, which can
>>be the main providers number - this is often only available via SS7),
>>ANI II digits (this is often going to be of little value).
>>
>>So what else can you do? How would you weight each thing, I envision
>>the only realistic way to accomplish this is by assigning points,
>>either
>>a high or low score (depending on what has points of what value) would
>>mean its a pass, below/above that threshold its a fail.
>>
>>
>>--
>>Trixter http://www.0xdecafbad.com Bret McDanel
>>pgp key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x8AE5C721
>>
>>
>>
>>_______________________________________________
>>--Bandwidth and Colocation Provided by http://www.api-digital.com--
>>
>>asterisk-biz mailing list
>>To UNSUBSCRIBE or update options visit:
>> http://lists.digium.com/mailman/listinfo/asterisk-biz

Something like maxmind.com does...

A simple callback could be easy and deters 99% of fraudsters, no hack wants
to talk to someone when trying to screw them over.

Maxmind pushes it by adding around 15 variables like free or not email, geo
ip location vs npa-nxx etc but just a callback is nice.
We have a project that should rise this winter that will not only
revolutionize the way Voip providers work, but would fix that problem as
well

_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--

asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz

No comments: