> Something like maxmind.com does...
>
> A simple callback could be easy and deters 99% of fraudsters, no hack wants
> to talk to someone when trying to screw them over.
>
what we did at a company I worked for pushing mobile commerce was to
create a profile at setup and do voiceprint stuff on the callback.
Granted this was more for banking and they didnt want a stolen phone to
authorize a transfer, but ... It would read a series of numbers and
you would have to repeat them back, and the voice printing software
would catch someone trying to record/playback the individual numbers.
Of course for simple verification calling someone back and confirming
they do whatever (enter DTMF or talk to someone or whatever) does not
stop someone from getting a disposable sometimes free VoIP number, or a
prepaid disposable SIM card, answering the call, doing whatever, then
discarding the number after their fraud is done. So if its for anything
of real value (in the craigslist case its craigslist reputation and thus
visitors, paypal is for banking type stuff ...) you may want to do more
than just a simple callback, since that only verifies they have access
to the phone at that moment in time and could make it difficult to
actually verify who is there.
--
Trixter http://www.0xdecafbad.com Bret McDanel
pgp key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x8AE5C721
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz
Posts
No comments:
Post a Comment