On 5/22/07, Andres <[EMAIL PROTECTED]> wrote:
I think a lot of 'funny business' happens in the land of number porting. Our company is a customer of XO and we in turn have our own customers. A few weeks ago one of our customers ported a number away from our network (an XO DID), into some other network. We were shocked that this could happen. We called up XO and demanded an explanation. They dug up the LOA Letter which obviously did not have our signature and all that XO could do was apologize. They tried to get the number back but it was impossible. I could not believe this. It could have been our main sales number or any other critical number. After this incident, we lost all respect for the number porting process.
if you want to see how to not do porting, in ireland where I currently reside, I ported my mobile number from one carrier to another. The proof? my word that it was my number, they didnt even require me to have my handset. Because its prepaid there is no bill or proof that its mine, other than perhaps I have the SIM associated with it. The port happened within an hour. The only trace that my old phone was ported was that its sim was no longer valid for service. It is my belief that all the documentation required, LOAs etc, arent verified very much, and porting is more or less an automatic response, unless a carrier gets upset and decides to refuse further ports. Customers complain after the fact, but it can be harder to un-port a number than it can be to port it away in the first place. With prepaid accounts, online voip accounts, etc proof can either be easily faked (printing out a webpage for example ...) or just not verified in the first place. Going after someone after the fact can be just as difficult since there is no physical requirement to be in a friendly jurisdiction and damage can be done very quickly. Think about say porting away a credit card customer service tollfree. If there is a terminating POTS or some other way of routing calls to that call centre, they could record the calls for processing later, gathing infoto commit large scale fraud. When you call in to your credit card company you have to give everything required to authenticate yourself to the company, which would not be in the hands of fraudsters. I think the eavesdropping attack is far more likely than taking a competitors number and routing it to your call centre, and proceeding as if the customer really called you. Mischief makers could just route the numbers around like that to cause havok and none of the parties that got their 'lines crossed' have any knowledge or understanding as to what happened, but who would believe that? The system is weak, although its hard to do anything better and still provide some level of security. The best that could possibly happen would be to have something by physical mail be sent but its not hard to play games with that and still obfuscate the identity of the person even though you know the address the request was sent to. It would also cause a delay that many would find unacceptable since it seems that many want to port same day and not wait upto 3 weeks for the mail. Online faxing, VoIP, and remailing services all provide someone in potentially a foreign country to look like they are within the same country, and fool most due diligence procedures. -- Trixter http://www.0xdecafbad.com Bret McDanel Belfast +44 28 9099 6461 US +1 516 687 5200 http://www.trxtel.com the VoIP provider that pays you! _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz
