response 5 of 48:

Jun 28 17:54 UTC 2000

(I should add that the member in question lives in Ann Arbor and dials in.
Is it technically feasible to distinguish between dialers-in and
telnetters-in when deciding whether someone can telnet out?)

response 7 of 48:

Jun 28 19:06 UTC 2000

I agree with Jamie in resp:2 :: rerouting your packets when the network 
is wonky is a legitimate use for telnet-through.  I forgot that I do this 
with my for-pay ISP account when I can't go direct from MSU to Grex, 
sometimes.  I'm not sure this happens often enough to invalidate 
my main point, but thanks for thinking of it.
 
I should stress here that my only agenda here is trying to get down Grex's 
bad credit card charges.  I'm not on a crusade to eliminate telnet-through.

response 9 of 48:

Jun 28 20:31 UTC 2000

I think that would really annoy people.  One of the points of paying via
credit card is that you get near-immediate gratification.

response 11 of 48:

Jun 28 23:13 UTC 2000

Even though we're getting about 30 declined transactions a month (less 
this month, though; possibly a good sign), they don't come from 30 
users.  Usually one person will try two or three different card numbers 
(sometimes as many as five or six).  The system is set up so as not to 
allow duplicate transactions within 15 minutes, so frequently the same 
card will be declined twice in quick succession.  
  Also, it seems to me (relatively subjective viewpoint here) that 
people who steal credit card numbers are often just looking to be 
malicious in a difficult-to-trace way, rather than being interested in 
buying things with the stolen cards.  
  So, I don't think changing the outgoing telnet policy, or probably any 
other policy for that matter, will change the frequency of declined cc 
transactions much.  

response 13 of 48:

Jun 29 01:24 UTC 2000

Changing the telnwet policy would have one irritating side-effect for me.
I occasionally run into situations where I cannot access my primary shell
account from where I am at the moment, and I'll use Grex as a pass-through
to get around the broken link.

This also works the other way, I've telnetted in from Msen when Grex was
not directly reachable.  If I can't reach either one, that I can't go
anywhere because the only time that happens is when the outfit I am
connecting through loses its' link to the net.

response 15 of 48:

Jun 29 02:31 UTC 2000

So the response to the speculations in #0, 

 1)  This is possibly a majority of our credit card transactions.
 2)  My guess is that the companies may not like Grex having such
     a high percentage of rejected credit cards.  Even if the
     card firms don't get upset with us, it's wasted work for the
     treasurer.

especially the second, is "It's not a problem"?  So there is no reason
to further consider the proposed solution?

response 17 of 48:

Jun 29 04:09 UTC 2000

Sorry....I didn't think to mention that it's mostly one person trying several
cards, instead of a lot of people trying one card each.

Greg will have to give a better answer to this than I, but I believe that we
do not get charged for somebody's card being declined, and that it doesn't
actually require Greg to do anything....we just get a log of it.  (that's
my impression anyway...I could be massively wrong....)

response 19 of 48:

Jun 29 19:48 UTC 2000

that's about what i was thinking.  i suspect that we would really stand out
if we had few or no rejected transactions.

response 21 of 48:

Jul 1 12:54 UTC 2000

The 40 rejections/month figure is not very meaningful by itself.
Assuming Grex has 20 accepted/month, all it would mean it that it 
took people, on average,  three tries to enter their name and
number correctly.  This actually seems like a LOW failure rate.

response 23 of 48:

Jul 1 15:16 UTC 2000

I don't think the credit card info goes through Grex at all, so
we wouldn't have a chance to massage the data.

response 25 of 48:

Jul 1 18:58 UTC 2000

Now *there's* a fundraising idea...