1、CEPT T/SF*btl*E 92 232b414 0012b08 523 (3 TSF68 Page E 1 Recommendation T/SF 68 (by correspondence 1990) INTERNATIONAL VALIDATION OF AUTOMATIC TELECOMMUNICATIONS CHARGE CARDS Recommendation proposed by Working Group T/WG 7 “Services and Facilities” (SF) Text of the Recommendation adopted by “Telecom
2、munications” Commission: “The European Conference of Posts and Telecommunications Administrations, 1. 2. 3. 3.1. 3.2. 3.3. 3.4. 3.5. 3.6. 3.7. CONTENTS LIST INTRODUCTION . . . . . . . . . . . . . . . . . . . . . . . . . . , . . . . . . . . SCOPE TELECOMMUNICATIONS CHARGE CARD SERVICE . . . . . . . .
3、 . . . . . . . . . . Background . . . . . . . . . , . . . . . . . . . . . . . . . . . . . . . . . . . . . . CCITT Recommendations . . . , . . . . . . . . . . . . . . . , . . . . . . . . . . . . Card Technologies . . . . . . , . . . . . . . . . . . . . . . . . . . . . . . . . . . . Input of card data
4、 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Validationofcarddata . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . International validations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Recommendations . . . . . . . , . . . . . . . , .
5、. , . . . . . . . . . . . . . . . . . 2 2 2 2 2 3 3 3 4 4 Edition of April 10, 1992 CEPT T/SF*b8*E 92 2326414 0032609 4bT T/SF 68 E Page 2 1. INTRODUCTION This annex describes the Telecommunications Charge Card (TCC) service and considers the implications of international intervorking of the TCC ser
6、vice with reference to validation and fraud protection. It then recommends action by CEPT members to allow international validation of automatic TCC services. 2. SCOPE A history of the service is given and current card technologies explained. Details are given of how card data can be entered into a
7、system and validated on a world wide scale so as to offer a useful service to the customer in a fraud free environment. Current CCIT documents are explained and the way forward proposed. 3. TELECOMMUNICATIONS CHARGE CARD SERVICE 3.1. Background Telecommunications Charge Cards have been available fro
8、m Administrations for many years. In some countries the service evolved in the early days of the telephone service when payphones were not widely available. The service allowed business travellers to make calls from a telephone other than their own and to transfer the call charges to their own bill.
9、 The use of the card in countries other than the country of origin has been slower to develop as a bilateral agreement is required between Administrations to allow this to happen. However, a typical holder of a card today is able to use the card in over 120 countries to make calls back to the countr
10、y of card origin. (To simplify this text, “external” will be used to refer to the use of TCCs outside the country of origin.) Because international use of the card requires a degree of standardisation, CCITT Recommendation E. 116 was produced (see section 4). This Recommendation has been the basis o
11、f external use of charge cards for many years. Until the 1980s all charge card calls were placed via the operator. The caller asks the operator for a charge card call and quotes the card number verbally. After a suitable check of the cards validity, the operator connects the call and records the det
12、ails for subsequent inclusion on the appropriate bill. During the 1980s, some Administrations introduced automatic charge cards. These cards can usually still be used via the operator, but, in addition, the caller may set up the call by automatic means. In this case the receipt of the card data and
13、its validation is by a machine .rather than by an operator. CCITT Recommendation E. i 18 has been written to standardise the operation of automatic telecommunications charge cards so that they can also be used externally. It is anticipated that more Administrations will issue automatic cards in the
14、future. A serious problem which Administrations face is the fraudulent use of cards. There is a need to ensure that the card validation system used is the best that can be made available so as to minimise potential losses. This is particularly true when cards are used externally and is the main reas
15、on why external calls are restricted by E. 11 6 to call back to the country of card origin only. Despite this, there is a real customer need for the restrictions on card usage in other countries to be relaxed so that internal calls and third country calls can be made externally. CCITT Recommendation
16、 E.113 has been produced as a first step towards the achievement of the removal of restrictions while maintaining adequate fraud control. This area requires further study. 3.2. CCITT Recommendations The following Recommendations covering the use of Telecommunications Charge Card appear in the CCITT
17、Blue Book: E. 116 This Recommendation covers the use of Charge Cards in the manual environment (i.e. via the operator). It was modified in the last study period to reflect the changes brought about by the introduction of automatic cards, and in particular a new numbering system was introduced. A tra
18、nsition period from the old to the new numbering scheme is specified. This new Recommendation has been introduced for the first time in the Blue Book. It covers the use of automatic charge cards. This Recommendation was also introduced for the first time in the Blue Book. It gives details of the inf
19、ormation which must be passed between Administrations in order to validate an automatic charge card in another country. E.113 opens the way to the use of cards externally to make calls other than back to the country of origin. However, this Recommendation does not give details of the CCITT 7 signall
20、ing protocols required. These protocols require further study. E.118 E.113 Edition of April 10, 1992 CEPT T/SF*b8*E 92 m 232b4L4 OOL2bLO L8L m T/SF 68 E Page 3 3.3. Card technologies There are a wide variety of card technologies available. The following list divides card types into four groups. This
21、 does not claim to be a complete list of all technologies, but is typical of those which Administrations may consider for charge card applications: PAPER (OR PLASTIC) - NON MACHINE READABLE MACHINE READABLE - MAGNETIC STRIPE - OPTICAL CHARACTER READER - BAR CODE ALTERABLE - CARD WITH STRORAGE - READ
22、 AND REWRITTEN BY TERMINAL SMART - CARD WITH INTEGRATED CIRCUIT INTELLIGENCE - STORAGE With the exception of the paper card, all of these card technologies require suitable terminals to interact with the card. However, all charge cards will have a number printed on the front which the customer can e
23、ither quote to an operator or can input to an automatic system via the telephone keypad. In this way, all technologies are compatible with E. 1 16 and E. 1 18. O O O 3.4. Input of card data For a charge card to be really useful to a customer, it is essential that the card can be used from as many te
24、lephones as possible so that the call can be made from any place at any time. It is not realistic to fit card readers to all telephones and so input of data either verbally or by dialling on a telephone keypad will be the most important methods of data input. Where a terminal is fitted with a card r
25、eader this will be a bonus to the customer making the input of data simpler and quicker. Further facilities may also be made available to the customer as a result of interaction with a card reading terminal. A typical sequence of events for the setting up of a manual charge card call is as follows:
26、Caller identifies a suitable terminal Dials access code for the operator Operator answers Caller asks for a charge card call Operator asks for charge card number Caller quotes number to operator Operator validates card number (operator may ask the caller for a secret code or validation digits in ord
27、er to carry out this process) Operator asks the caller for telephone number required Caller quotes number Operator connects call At the end of the call operator notes call details for billing The equivalent sequence for setting up an automatic charge card call is as follows: Caller identifies a suit
28、able terminal Caller dials an access code Automatic equipment answers and prompts caller for card number Caller dials card number on keypad Automatic equipment may optionally ask the caller for a PIN number at this point Card is validated Automatic equipment prompts caller for telephone number requi
29、red Call is connected At the end of the call the call details are transmitted to the billing system If the caller is at a card reading terminal, the set up sequence is similar, but the terminal may automatically read the card number and transmit it to the central equipment without any input being re
30、quired from the calle?. 3.5. Validation of card data Fraud is the greatest risk which faces any Administration.which issues charge cards. In order to minimise the risk of fraud the card number has to be validated before the call is allowed to proceed. There are many ways of validating a card and som
31、e of the main ways are listed below: CHECK OF NUMBER FORMAT, LENGTH AND RANGE. This is the simplest method to implement especially in the manual environment where operators do not have access to databases. However it offers little security and is easily defrauded. Edition of April 10, 1992 CEPT T/SF
32、*bB*E 92 m 232bV1V 0012611 01B m T/SF 68 E Page 4 ALGORITHMIC CHECK. In a check of this type, one or more of the digits in the card number or PIN is related to the other digits in the number by means of a secret algorithm. A mathematical formula or table is used to validate the number. This system g
33、uards against numbers being invented but does not prevent the use of stolen numbers. The check digit may be part of the card number, may be a separate digit or digits requested by an operator, or may be part or all of the PIN number. STOP (BLACK) LIST. This system is often combined with one or more
34、of the other validation methods. The card number is checked against a list of known stolen cards and is rejected if on the list. The check may be manual or by means of a computer. This method is very useful as it enables stolen cards to be “stopped”, but fraudulent calls can be made until the number
35、 appears on the list. This system is sometimes called negative validation. POSITIVE VALIDATION. This type of validation is the most complex and costly to provide, but it does offer the best security against fraud. A database of all card numbers is set up and when a service request is made, the card
36、number is checked against its entry in the database to ensure it is valid and can be used for the requested purpose. A PIN number is often used in conjunction with such a check. PIN VALIDATION WITHIN THE TERMINAL. Smart cards offer the opportunity to validate PIN numbers within the terminai without
37、having to search a database. Such calls can only be made from suitable terminals so access to the service is restricted. 3.6. International validations Telecommunication Charge Cards carry the risk of international fraud unless adequate validation systems are put in place. This is the main reason wh
38、y E. 116 restricts calls made abroad only to those back to the country of card origin. However, there is a customer need to be able to make internal or third country calls when away from originating country. This requires a system of international validation to be set up. Administrations must also m
39、ake bilateral agreements before international use can start. In order to perform an international validation, it is necessary for the card and PIN number to be verified against data supplied by the card issuing Administration. Usually the card and PIN numbers are referred to a database in order to c
40、arry out the validation. There are various ways in which this can be done including the following: 1. The database contains information about the card numbers of foreign cards and so is able to make a local validation. 2. The database does not contain details of foreign cards so a message is sent to
41、 an appropriate distant database in order to obtain validation. 3. The database contains information about the card numbers of certain Administrations and so is able to make a local validation. For card numbers of other Administrations a message is sent to an appropriate distant database in order to
42、 obtain validation. 4. The database contains information about the card numbers of certain Administrations and the card numbers of other Administrations which have been validated recently within a certain time limit (to be agreed upon by bilateral agreement or to be indicated in the “Request respons
43、e” as described in E. 1 13) and so is able to make a local validation, thus avoiding message transfer time. For card numbers for which no recent validation is present a message is sent to an appropriate distant database in order to obtain validation. This validation should then be stored during the
44、time limit agreed upon in the bilateral agreement. 5. The database contains a stop (black) list supplied by the card issuing Administration. Any card number on this list cannot be used. 6. The card and PIN numbers are related by an algorithm. In this case no database is required as the validation ca
45、n be carried out in the local telephone exchange or even in the terminal. These different options vary considerably in cost and complexity to set up. Also they offer different levels of security against fraud. Administrations should make bilateral agreements choosing the method of validation which o
46、ffers the required level of security against fraud. Option 2 is complex to set up as it requires all Administrations to interconnect their databases and to provide real time validation of card numbers on request from abroad. Despite this complexity, this option appears to offer the best way forward
47、and the most security against fraud. It is recommended that this method is adopted. CCITT Recommendation E. 11 3 has been written to define the messages which must pass between databases in order to perform validations. These messages may be passed over any suitable communications link, but it is pr
48、oposed to develop CCITT 7 protocols to be the interqational standard. This method will allow the integration of charge card systems with the emerging Intellikent Network. Edition of April 10, 1992 CEPT T/SF*b8*E 92 m 232b414 0012bL2 T54 m T/SF 68 E Page 5 3.7. Recommendation O In order to allow Auto
49、matic Telecommunications Charge Cards to be accepted in the networks of other Administrations for the purposes of making calls other than those back to the country of card origin, Administrations must take the following actions: 1. Implement the new “89” numbering scheme as laid down by CCITT Recommendation E.118 on their 2. Make a bilateral agreement concerning the method of card validation to be used. 3. Put into place the systems necessary to carry out the validation. Referring to the options listed in Option 1. Arrange for a copy of the card and PIN data required for card validation t
