Slashdot Mirror

• How crazy would I have to make my signature before someone would actually notice?
• How far could I go before they would check my credit card signature?
• Do credit card companies really care about identity theft fraud?

Right on. For a darkly humourous exploration of this theme, check out John Hargrave's 'How crazy would I have to make my signature before someone would actually notice?' prank at:

http://www.zug.com/pranks/credit/

The answer? Pretty freakin' crazy, and still no-one notices anyway.

Evidence to the contrary.

http://www.zug.com/pranks/penis/

Then again, you could be rendered impotent a month later.

http://www.zug.com/pranks/credit-cards/

http://www.zug.com/pranks/credit-cards/

Really?

Think this is what was meant with p-p-p-powerbook http://www.zug.com/pranks/powerbook/ :D

If you truly believe any of that I suggest you have a read through this

she shouldn't mess with football.

The only documents that get legit signatures from me are legal documents, checks, etc. All of those "sign on the screen" and other credit card slips get a jumbled mess. In fact, it's not remotely like what is on the back of my credit cards. Even when cashiers compare what I wrote to what is on the card, they never question it.

I've even tried some of the goofy signatures I read about... Nobody cares.

Anyway, UPS / FedEx rarely even ask for a signature from me, even on expensive items such as $250,000 worth of computer equipment that filled most of a truck that I was integrating in my garage for a client. I think out of 100 or so packages in the last year, I had to sign once.

Back to the topic at hand however (since this thread is wandering) blacklists and other scanning can still do quite well on this spam. Blocking dynamic space alone is the number one most effective, least CPU utilizing methods out there, and seems to block 90%+ of the delivery attempts. I haven't found it necessary to resort to any kind of OCR to keep the volume down to a manageable level, although I don't know if this will continue. If the problem gets much worse I may use greylisting on non-whitelisted emails that look suspicious (contain a single image with a little text) or as a last resort, challenge / response (which I really don't like.)

I don't like to use greylisting normally due to the delay in email, and the increased server load it causes me and the sender (and it just plain doesn't work with some screwed up hosts.) Restricting it to suspect email seems like a good compromise.

For anybody that never heard of this, it was a fun counter-prank to a scam attempt on ebay: http://www.zug.com/pranks/powerbook/

Reid

This isn't the same thing as Interac. From what I gather, this is to replace credit card transactions. In other words, instead of reading the card and getting the client to sign a slip of paper, the merchant reads the card and gets the client to type in a personal identification number. This is clearly more secure, because the PIN/chip relationship is verified electronically every time a transaction occurs, whereas signatures need to be verified by people who can be lazy or distracted. Someone needs to steal both your card and your PIN in order to access your account. With regular credit cards, all someone needs is your credit card number.

Also, with Interac, both the card number and the pin are transmitted to the bank for verification. From what I understand, with the chip and pin system, the verification occurs within the keypad, and a one time transaction code is sent to the bank. The keypad is supposed to be tamper evident.

Oh, and by the way, debit card systems like Interac have been in use all around the world for years now. Canada may be a world leader in consumer usage, but it is far from rare in other countries.

Oh & yes, before you get into the scam - you should know that "Jeff was not heard from again. I personally e-mailed him for permission to run his story on ZUG, but after an initial response, I never heard from him again."

Or define the type of scam you're trying to report. (Scroll down, it's in black, indented courier.)

But if tellers ever get to the point that store clerks do (and I suspect many have) then any old schmoe will be able to take money out of your account. I can't tell you how many times I've had cashiers ring up a sale without ever even looking at either my ID or my signature on the back of the credit card. I've had times where I offered and was refused, as if they didn't want to have anything to do with security checks of any variety as that might bring upon them responsibility or something. I'm not talking about small purchases here either.

You'll probably find this guy's experience both amusing and utterly appalling. How far can you really go with credit card signatures?
http://www.zug.com/pranks/credit/

http://www.zug.com/pranks/riaa/

Call Cary in person.

Maybe what's stopping him is that artists don't exactly advertise their home addresses, and agents don't sometimes cash things like this?

See here

If you haven't seen this credit card prank yet, you should get a kick out of it.

Keep on doing that, just as long as you don't buy a big-screen TV.

http://www.zug.com/pranks/credit/

In the UK, we've recently had Chip & Pin cards introduced, which is a much more sensible method. Signatures are either ignored, or in any case, a pickpocket can just look at what they're forging beforehand (while I've actually been challenged on it, my own signature isn't good enough!)

Amazingly, though, the Tesco supermarket introduced self-service tills WITHOUT chip & pin. So, any stolen card (or cloned magnetic stripe) would do, no checks, no questions asked. So, UK readers: check your bills for purchases at Tesco that you didn't make.

Some silly bastard subjected himself to a month's worth of olestra "enriched" products... the results were not pretty.

Now they have to actually now something, if you thought signatures were safe - think again:

http://www.zug.com/daily/journal/archive/2002_05_0 5_index.html

Telemarketer: "Hello, may I speak to John Hargrave?"

John Hargrave: "He's dead."

Telemarketer: [Tripping over his own words] "I'm ... so ... I'm so, so, sorry. Very sorry. We will update our lists. Goodbye." [Click.]

Telemarketer: "Is John Hargrave there?"

John Hargrave: [In the most pleasant, accommodating voice I could muster] "He's not here right now, motherfscker."

Telemarketer: "Oh! Oh, well ... ah, ok, well, thank you very much!"

Telemarketer: "Hello, may I speak to John Hargrave?"

John Hargrave: "He's dead."

Telemarketer: [Tripping over his own words] "I'm ... so ... I'm so, so, sorry. Very sorry. We will update our lists. Goodbye." [Click.]

Telemarketer: "Is John Hargrave there?"

John Hargrave: [In the most pleasant, accommodating voice I could muster] "He's not here right now, motherfscker."

Telemarketer: "Oh! Oh, well ... ah, ok, well, thank you very much!"

You know, next time I fly, I'm going to make sure to pack items I know would embarass the hell out of the inspector should I be "randomly" inspected.

RIAA doesn't really care if you steal or not...

How about the P-P-P-Powerbook?

Where's the p-p-p-powerbook?

Not as scary as Klaatu Barada Nikto.

Remember that you don't sign the receipt as "authentication", you sign it to indicate you agree to the terms of the credit. That's the only purpose. If a store attempts to verify your signature against the back of the credit card, well, that's sort of bonus, but not required by the credit company.

For reference, see this link

In my own life, I have my daughter sign the credit card bill (and compute the tip, if necessary) and since she's an art student she has been coming up with some pretty creative signature designs.

...still obligatory Wal-Mart link: http://www.zug.com/pranks/walmart/

It's like Totally awesome. I like saw this girl and she's off the hook! She's got a new P-P-P-Powerbook and it like runs Linux and it only cost shipping it was like totally free!

The key to financial security seems to be vigilance. Paying attention to your balances in your accounts and on your cards via the web (i.e. once a month statements isn't enough) is the best form of prevention. I like to burn my important docs that I don't want/need. Credit card apps fall into this category.

Security is ultimately your responsibility, no matter what businesses would have you believe. Here's a great example.

BUT, most credit card receipts (and almost all those electronic touch sensitive things) say that you agree to the terms of the card.

That is why, IMHO, they don't have to give two shits if the card is signed or not, because you affirm anyways that you agree to the terms.

Just take a look at the receipts in the two zug.com links in the original post. They all have some variation on that theme.

http://www.zug.com/pranks/credit_card/
http://www.zug.com/pranks/credit/

The electronic things don't show it, but most of the ones I've used have a screen either before or after the signature that says "you agree to blah blah blah"

BUT, most credit card receipts (and almost all those electronic touch sensitive things) say that you agree to the terms of the card.

That is why, IMHO, they don't have to give two shits if the card is signed or not, because you affirm anyways that you agree to the terms.

Just take a look at the receipts in the two zug.com links in the original post. They all have some variation on that theme.

http://www.zug.com/pranks/credit_card/
http://www.zug.com/pranks/credit/

The electronic things don't show it, but most of the ones I've used have a screen either before or after the signature that says "you agree to blah blah blah"

A big part of the problem is that the banking industry isn't always taking advantage of their own safety checks. For example, take a look at these stories to see how merchants pretty much ignore the signatures on the back of credit cards.

A big part of the problem is that the banking industry isn't always taking advantage of their own safety checks. For example, take a look at these stories to see how merchants pretty much ignore the signatures on the back of credit cards.

Will, or will not: http://www.zug.com/pranks/turnpike/

Twenty years? Try about 2000. BUT! It's only now that we have the technology to put some "thing" in the hand or forehead that could be used to "buy or sell." And, if you've been paying attention to this sort of thing, you would see that there's been a lot of activity on this front over the past few years that hasn't made mainstream media, or Slashdot either, for that matter. All the pieces are in place, but I personally don't believe that identification will be the avenue where it becomes commonplace. I think there will be too much resistance to a government-sponsored move to this sort of thing. I could rightly claim that it violates my freedom of religion. No, I think it's all about credit fraud.

Think about it. We're already to a point with credit cards that, in some places, you can just tap the machine with your card, and get authorization. If someone steals your card, they don't even have to sign anything now. (And not that this was a deterent anyway, but that's another web page.) But the point is that we're removing any vestiges of a two-factor system of authentication. Once this is gone, and credit fraud rises commesurately with it, the credit companies are going to demand to go back to a second "factor," and this will be the obvious technology to do that with. In fact, they'll say, it's two factors in one, and just as fast as the previous system. And then what started out as a good idea will then become legislated. Like the DMCA.

Well, anyway. Just one person's opinion.

Haha, the RIM job prank is my favorite Zug prank.

I purposely sign my cards "Please ask for ID" so that if my wallet gets stolen

Do you ever actually get asked? Furthermore, how often do you actually give your card to someone anymore? Nearly all retail stores have those you-slide-it-yourself card readers.

I saw something about this on the news once - they signed a card like that and ended up going to something like 15 different stores before they were actually asked for ID.

Also, this is hilarious.

http://www.zug.com/pranks/credit/ describes one guy's attempts to get someone (anyone) to actually look at his credit card signature. So when I hear about the "picture and information" that the security guard is supposed to be looking at, I have my reservations, especially when he probaly has to process at least 3/4 of the ship in that day. Did he actually check your picture to see that you were the real owner, or did he just waive you through?

http://www.zug.com/pranks/credit_card/index.html

Just goes to show that almost nobody bothers checking cards.

This is probably is probably old news to most, but one of the best pranks ever on the internet is chronicled at http://www.zug.com/pranks/powerbook/ href="http://www.zug.com/pranks/powerbook/"

http://www.zug.com/pranks/powerbook/
I've been considering a laptop as my next upgrade, since it will use less power, have wireless built in, and be quieter than my desktop with 3 hard drives in it. It will work better as my entertainment center, if it has a TV capture device in it. And I need to upgrade my P-P-P-Powerbook anyway, the screen is cracked.

http://www.zug.com/pranks/credit/ Check that out for signature matching.

Here's an "insightful" link to go with that...

http://www.zug.com/gab/index.cgi?func=view_thread& head=1&thread_id=31642

For some reason firefox won't let me cut & paste, so I hope I got the link right.

This guy tested it.

It doesn't really matter