[asterisk-biz] fraud detection & verification like craigslist
Trixter aka Bret McDanel
trixter at 0xdecafbad.com
Tue Jun 16 19:13:44 CDT 2009
On Tue, 2009-06-16 at 19:34 -0400, JARROD LASH wrote:
> They are most likely looking up the TN in LIDB. Since its so easy to
> buy a DID online anymore and spoof caller id they are probably trying
> to make sure this isnt happening because of all the fraud and whatnot
> on craigslist.
I want to change tack on this a bit, aside from someone who either set
up the system, was involved in the discussions on how they are going to
implement it, etc we can never know for sure how they are doing it.
So how about this why dont we discuss ways that would be useful in
identification verification, and related things. Basically discuss what
could be used to implement a system like what craigslist does.
As mentioned, there is LIDB which includes a special billing number (my
guess is most providers set this to the master number of the account
holder - ie the provider), class of service (which may or may not be set
to a standard pots line but might be set to something else), calling
name (often not set for VoIP), and the account owner which is most
likely set to the provider the telco assigned the DID to.
there are CNAM queries, if you are connected properly and someone calls
in you can potentially get the BTN (billing telephone number, which can
be the main providers number - this is often only available via SS7),
ANI II digits (this is often going to be of little value).
So what else can you do? How would you weight each thing, I envision
the only realistic way to accomplish this is by assigning points, either
a high or low score (depending on what has points of what value) would
mean its a pass, below/above that threshold its a fail.
--
Trixter http://www.0xdecafbad.com Bret McDanel
pgp key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x8AE5C721
More information about the asterisk-biz
mailing list