[asterisk-biz] fraud detection & verification like craigslist

[Trixter aka Bret McDanel]

On Tue, 2009-06-16 at 19:34 -0400, JARROD LASH wrote:
> They are most likely looking up the TN in LIDB.  Since its so easy to
> buy a DID online anymore and spoof caller id they are probably trying
> to make sure this isnt happening because of all the fraud and whatnot
> on craigslist.



I want to change tack on this a bit, aside from someone who either set
up the system, was involved in the discussions on how they are going to
implement it, etc we can never know for sure how they are doing it.

So how about this why dont we discuss ways that would be useful in
identification verification, and related things.  Basically discuss what
could be used to implement a system like what craigslist does.

As mentioned, there is LIDB which includes a special billing number (my
guess is most providers set this to the master number of the account
holder - ie the provider), class of service (which may or may not be set
to a standard pots line but might be set to something else), calling
name (often not set for VoIP), and the account owner which is most
likely set to the provider the telco assigned the DID to.

there are CNAM queries, if you are connected properly and someone calls
in you can potentially get the BTN (billing telephone number, which can
be the main providers number - this is often only available via SS7),
ANI II digits (this is often going to be of little value).

So what else can you do?  How would you weight each thing, I envision
the only realistic way to accomplish this is by assigning points, either
a high or low score (depending on what has points of what value) would
mean its a pass, below/above that threshold its a fail.  


-- 
Trixter http://www.0xdecafbad.com     Bret McDanel
pgp key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x8AE5C721