>>-----Original Message----- >>From: asterisk-biz-boun...@lists.digium.com [mailto:asterisk-biz- >>boun...@lists.digium.com] On Behalf Of Trixter aka Bret McDanel >>Sent: June-16-09 8:14 PM >>To: Commercial and Business-Oriented Asterisk Discussion >>Subject: Re: [asterisk-biz] fraud detection & verification like >>craigslist >> >>On Tue, 2009-06-16 at 19:34 -0400, JARROD LASH wrote: >>> They are most likely looking up the TN in LIDB. Since its so easy to >>> buy a DID online anymore and spoof caller id they are probably trying >>> to make sure this isnt happening because of all the fraud and whatnot >>> on craigslist. >> >> >> >>I want to change tack on this a bit, aside from someone who either set >>up the system, was involved in the discussions on how they are going to >>implement it, etc we can never know for sure how they are doing it. >> >>So how about this why dont we discuss ways that would be useful in >>identification verification, and related things. Basically discuss >>what >>could be used to implement a system like what craigslist does. >> >>As mentioned, there is LIDB which includes a special billing number (my >>guess is most providers set this to the master number of the account >>holder - ie the provider), class of service (which may or may not be >>set >>to a standard pots line but might be set to something else), calling >>name (often not set for VoIP), and the account owner which is most >>likely set to the provider the telco assigned the DID to. >> >>there are CNAM queries, if you are connected properly and someone calls >>in you can potentially get the BTN (billing telephone number, which can >>be the main providers number - this is often only available via SS7), >>ANI II digits (this is often going to be of little value). >> >>So what else can you do? How would you weight each thing, I envision >>the only realistic way to accomplish this is by assigning points, >>either >>a high or low score (depending on what has points of what value) would >>mean its a pass, below/above that threshold its a fail. >> >> >>-- >>Trixter http://www.0xdecafbad.com Bret McDanel >>pgp key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x8AE5C721 >> >> >> >>_______________________________________________ >>--Bandwidth and Colocation Provided by http://www.api-digital.com-- >> >>asterisk-biz mailing list >>To UNSUBSCRIBE or update options visit: >> http://lists.digium.com/mailman/listinfo/asterisk-biz
Something like maxmind.com does... A simple callback could be easy and deters 99% of fraudsters, no hack wants to talk to someone when trying to screw them over. Maxmind pushes it by adding around 15 variables like free or not email, geo ip location vs npa-nxx etc but just a callback is nice. We have a project that should rise this winter that will not only revolutionize the way Voip providers work, but would fix that problem as well _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz