nick at ccl4.org
Wed Oct 14 21:47:10 BST 2009
On Wed, Oct 14, 2009 at 08:39:32PM +0000, the hatter wrote:
> On Wed, 14 Oct 2009, Avleen Vig wrote:
> >Here in the US, when you place a credit card order online, you almost
> >always have to give the phone number associated with the credit card
> >account, and that is definitely verified by the CC company / bank.
> >I see no problem with this really.
> Of course, being a security question, you wouldn't want to set it to
> something that anyone with a phone book can look up.
I suspect also that's why they don't like mobile numbers. My mobile knows its
number. And even if it didn't, all you'd need to do is use it to call your
mobile (or the one you nicked earlier) and get the number from the caller ID.
So if you steal that and my wallet, you've defeated the security check, if the
security check is "what is my mobile number?"
Really, it's s/mother's maiden name/consistent other name/
and s/landline/memorable phone number that is not your mobile/
More information about the london.pm