\'oversight\' leaves phone customers open to fraud
Anyone who can call because of a security breach-
Loggingsystems in hotels or offices also have access to secret numbers that should protect cardholders from fraud.
Over the past two years, BT has issued nearly a million prepaid cards to telephone users.
Owners can make phone calls over any phone and charge their account.
BT warns cardholders that payment must be made for unauthorized calls.
However, more than a month after being told about the bug, BT still does not warn existing or potential cardholders.
Like any credit card, if the toll card falls into the wrong handle, if someone sees or overheard the number, they can call through the operator to collect the bill from the cardholder\'s account.
But these are risks that most cardholders should already be aware.
What most people don\'t know is that a call made directly from a hotel phone or a large office can also provide the opportunistic with the code needed to make an unauthorized call.
Each cardholder has a secret personal identification number or PIN.
To make a call, the cardholder dials 144, then enters the key in the account number printed on the card, then enters the PIN, and then enters the phone number.
The dial-up system is that many private switches in hotels and offices now have an electronic call recorder that can register and print all numbers for all extension calls.
The office uses a recorder to prevent employees from making private calls.
The hotel charges guests for their calls.
Dermod Quirke, editor of telecom regulatory review, found that the recorder also recorded the full recharge card authorization code, including the PIN.
Chick used his toll card in a small hotel in northern England.
An alert receptionist asked about a long string of numbers that appeared on the print output used by the hotel to calculate the Quirke bill.
Most cardholders will not be so lucky.
In many hotels, guests do not see the printout of the recorder.
The person who calls from the office phone will never see the switch print out.
But an opportunistic who has access to the recorder can take note of the prepaid card numbers and use them to make a toll-free call or sell the numbers to someone else.
Cardholders will not have any knowledge of unauthorized calls on their cards until they receive the bill.
Although the Telecomms regulatory review alerted BT to this issue, the company has not yet begun to advise customers on risks.
\"We are looking into this,\" the company said.
We plan to make the public aware that this problem has come up.
We will also have a conversation with the hotel and give them a warning on security issues.
BT said it is discussing a new card system with AT&T in the US and KDD in Japan.
In the US and Japan, the \"phone card\" call is made through the operator, so the switch only records the code needed to reach the operator.
In order to adopt these Safer Systems, BT must restructure its toll card system.