Slashdot Mirror
Credit card signatures: Useless?
SpaceAdmiral writes "Everyone should remember John Hargrave's classic Credit Card Prank on Zug. He tried signing fake names on his credit card receipt, and no one seemed to care.
But that's nothing compared to The Credit Card Prank, Part 2. Can he draw obscene pictures instead of signing his credit card? Yes, it turns out. Is there any way of getting your signature checked? . . . Yes, it turns out. But you have to do an awful lot."
Starbucks doesn't bother to ask for a PIN or signature under $20: http://www.boston.com/business/articles/2004/08/18 /swipe_hype_debit_the_small_stuff/
John.
Something i learned while working in retail is write "check id" in the signature block...not everyone checks, but i usually get at least 60% of the people ask me for id...so it would at least slow down someone having a spending spree with my card.
The credit card companies actually advertise this as a feature. Hasn't anyone seen the "Visa Check Card" commercials?
"Thanks, but I'll have to see some ID."
That's their sole "feature" - that credit cards are less secure than checks. And the percentage that they siphon from the credit card / direct check transaction goes to cover any fraud.
So I fail to see how this is an issue. If someone uses my card fruadulently, then I get reimbursed. That is a lot easier than fooling around with checks from a consumer standpoint. From a business standpoint, it is a ripoff because the cost of credit card / direct check transactions *could* be lower.
In the end, the banks don't even make an effort to catch small scale fraudsters. At one point, I helped a friend do just that but we were displeased to find that the bank and police did not care when we showed them our findings.
More
Since the U.S. federal government limits my liability to $50 for someone fraudulently using my credit card, and all of my credit card companies waive even that, I don't care who uses my credit card.
Not entirely true. If it can be shown that your negligence contributed to the fraudulant usage of your card, you can be held liable. Granted, you have to really be careless for this to ever be an issue.
For example, loaning it to your friend to make a purchase. He/she makes other purchases on the card, well... you are screwed. The other common occurence is when you do not report a card stolen right away. Then, you can also be held liable.
I've heard of very few instances of this ever being an issue. But do not take the limited liablility policy to be an excuse to be careless. It can come back to bite you.
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
Sure, it's probably too easy to use someone else's credit card without their permission. But remember that the transactions are not settled until long after the swipe (say, a month). Credit cards, evil as they are with their obscene interest rates, do offer substantial protection for consumers and in case of fraud you have recourse without having to pay a cent.
For example, if someone else purchases something with your card (fraud) you can call up your credit card company and indicate that you did not conduct this transaction, and that the merchant does not have your signature on file. They will check and see, indeed, the signature is not available.
Another example (a bit off topic but still interesting) is when the Canadian discount airline, Jetsgo, suddenly went bankrupt. They were even selling tickets to passengers the day before they shut down operations. AFAIK, people who bought their plane tickets by credit card had their transactions cancelled because they were not / could not be provided the product or service they paid for. There was no legitimate sale.
In the US if you have a card linked to your checking account, it can be used as a credit or debit card. As a credit card all that is needed is a signature. A debit card is just a fancy name for an ATM card. When the card is processed as a debit card the machine will ask for your PIN. The problem is in debit mode you can be charged foreign ATM fees (by both your bank and the business processing the card). So it is best to just use the card as a credit card when asked, "credit or debit?" There is also nothing preventing the card from being used one way or the other.
http://64.233.167.104/search?q=cache:0NXYo63xW3QJ: www.zug.com/pranks/credit_card/
"Better to be vulgar than non-existent" -Bev Henson
I work twice a week at a large-chain record store. We've all be instructed, repeatedly, to check for the signatures. As a low-level manager there, I make damn sure the store associates are doing it.
We won't take a card without a signature on it, or process a transaction for someone whose name doesn't appear on the card (including family). While we check to see if the signature matches, we generally WON'T generally call someone out on a signature that looks different, unless the purchase is unusually large. If we have a suspicion that someone is using a card fraudulently, we notify our managers, who then notify our corporate office and mall security.
We're not in the business of accusing people without air-tight evidence, because it's bad customer service. Once the appropriate parties have been notified, we and others in our chain keep an eye out for the potential offender and look for more blatant signs of theft or theft of services.
At my local starkbutts, I bought a pound of coffee and waited for the pen. and after an awkward pause, was told by the cashier that no signature was required any longer for purchases under $25...she was not even going to give me anything to sign.
No-signature is an option that merchants pay extra for. It's not some starbucks thing.
Anyway, do you REALLY think that if someone stole your card that they would encounter any difficulty in just scribbling your initials and a couple squiggles? Do you also think the CC company will discover the signature mismatch and invalidate your card right there?
Think of it this way: you're not giving the cashier a sample of your signature.
I did not feel comforted by that...my stolen wallets have always been used to by gas because of the no-signature-pay-at-the-pump option. anyone else encountered this?
No, because I actually reported my card missing.
I am no longer wasting my time with slashdot
Nothing to do with being dumb. A credit card is not valid until signed (it says this by the signature panel on all my Visa and MasterCard cards, though interestingly not on my Discover), and she did exactly what card issuers require merchants to do when presented with an unsigned card.
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
The signature on the back of your credit card is NOT for the cashier to compare signatures. It is there as your formal acceptance of your credit card companies policies.
According to the merchant's agreement with the credit card company, cashiers are NOT supposed to accept cards that have not been signed. If they do, the merchant, and not the credit company, is responsible for any fraud.
A lot of people have talked about writing "See ID" on the back of the card for the merchant to check. I've dealt with this before, and if the merchant is following the proper procedures (visa here), they should make you sign the card before they will accept it. The US Postal service will not accept it at all.
So this should only be a one-off for people who do it, although from my experience and most of the reports here it seems that very few places follow through on this even if they check.
As for the main question, are the sigs useless? Well no, they're not foolproof but act as a line of defense which makes fraud a bit harder, puts off some people from trying it and maybe gets some fraudsters caught.
The signature on the back of the card is your acknowledgment of the credit card CONTRACT. It's not a security feature. I don't think it was ever supposed to be a security feature. The reason companies are supposed to refuse your card if you haven't signed it is because that means you haven't accepted the credit card contract, meaning that legally you're not allowed to use the card.
Read the fine print in your credit card contract; I did. That's what the signature is there for. That's ALL it's there for.
http://www.chmodoplusr.com/
It's not your signature they take, it's the CC#, exp date, and confirmation code, to use online where no one ever asks for a signature.
Hokey statistics and ancient misconceptions are no match for a good thought in your head, kid!
I run a medium-sized store. The credit card signing IS useless. Why? What do we do with the credit card signatures? Nothing. Absolutely nothing. They get put in a big box, and every so often, they get thrown away. Visa/Mastercard/Amex/Discover makes no requirements on us to do anything with the signatures. The only reason that we could possibly need a signed receipt is if a transaction is fraudulent, and somebody needs proof that they did NOT sign the receipt. And honestly, that's just a guess. Maybe it's buried somewhere in the 100 pages of fine print, but I've never seen it.
1. Credit card companies don't ask for signatures, even in the case of fraud. It's not worth their time and money.
2. Neither myself or any of my employees are handwriting experts. Somebody could forge a signature very easily. It ain't rocket science.
Really, all the signatures for are to provide a sense of security to the tin-foil hat types. In reality, a credit card is as good as cash, but if you lose it, you don't feel the negative consequences. So, while credit card signatures are useless, I readily use mine everywhere without worrying about a signature.
I don't respond to AC's.
Mirror can be found at nyud.net
Q: How does a Unix guru have sex? A: unzip;strip;touch;finger;mount;fsck;more;yes;umount;sleep
I'm a Brit that lived in Oz for a year where they had just introduced PIN authorisation (it has the brand name "EFTPOS" over there, which rolls off the tonger very easily, sort of). Anyway, the Aussies saw a dramatic reduction in CC fraud following the roll out of the PIN terminals in stores. I dont remember the exact figures, but they were very substantial - something like 80%/85%.
Again, I dont remember the exact figures, but the roll out costs in the UK of new cards and new PIN authorisation terminals in stores are going to be recouped by the banks very quickly indeed.
Invoicing, Time Tracking, Reporting
If you do not take cards with CID on the back, It will be only a matter of time before you are reported to VISA/Discover.
VISA (I don't know about Discover) *specifically* says not to write "see id" on the back. The card isn't valid.
Our bank has little notes up saying that a card with "see id" is invalid.
For those of you who are afriad of someone stealing your card and making unauthorized purchases, you can rest easy. The credit card companies have been able to detect fraud at the time of purchase for quite a while now. Ever since they felt comfortable enough to offer everyone "zero liability".
First off, the cashier at your local WalMart isn't a handwriting and signature analysis expert or an identity expert. They aren't expected to be. The credit card companies realized this a long time ago. Strangely enough, if your card is stolen and the clerk compared the signature, the store becomes liable for the fraudulent purchases.
A Visa or MasterCard is what's called a bearer instrument. It's the same as having cash. If I handed you a $20 bill to pay for something, you wouldn't ask for ID. The same rule applies to Visa and MasterCard. They're all three bearer instruments.
On the other hand, AMEX is an owner instrument. Only the owner of the card is allowed to use it. IIRC, Diners' Club is the same way. You must be the owner of the card. If you have an AMEX, and your spouse is on the same account, you will each have your own card with your own name on it, and IIRC a different number assigned to the same account.
Using an owner instrument is a little more tricky. In that case, the cashier should make a cursory check to see if the signatures match, and may ask for ID, however, much more than that is placing liability back on the store instead of the Loss Prevention department of the bank or credit card company.
A few years ago, I was sitting at home and got a call from Nike Online. Within about 10-15 seconds of that call, I had a call from Visa Loss Prevention on call waiting. Someone had stolen my Visa number and attempted to use it to buy a lot of Nike stuff from the online store. Both Nike and Visa caught the fraudulent purchase at the time of sale. They were able to get in touch with me, the local police department, and set up a sting to get the thief. I wasn't charged anything, and had only a minor problem while I waited for my new card to arrive since they had to kill the old number (which sucked as I had just memorized it and the code on the back).
Checking IDs is just as bad as airline security. It does nothing to actually prevent crime. It just gives the underinformed a (false) sense of security.
Plant a tree in a developing country.
the real advantage of credit card signatures is an added criminal charge. In a lot of states using someone else's credit card to buy $1000 worth of stuff amounts to petty theft, and is only grand larceny if you steal a certain monetary value from a single party. Thus the prison terms are often very short. However, if you sign the line, it's fraud, which is usually a felony.
Thats slightly incorrect. Having my wallet stolen now a total of 5 times in the last 5 years. (Why, why does it happen to me) I can tell you from fact, that if you have a Bank of america, or washignton mutal debit card, you CAN request them to deactivate all credit purchuses on your card. (its literly one menu-driven command once they are inside your account) Then, if your card is ever stolen, the moment the credit transaction takes place, its flagged, and I get a call. Last time, they caught the person within 30 minuites of trying to use my card. (She tried it in 5 places) So yes, it is possible just to use the debit part only.
Since January 1st 2005 (I think), shops that accept signatures are held liable for fraudulant transactions by the card issuers, so there is an incentive for shops to move over to the new system.
Ouch.
To anyone reading: If you ever find yourself getting into a situation like this, remember that verbal conversations mean nothing.
Call the company. Get the name of the person you are speaking to. Follow up with a letter referencing the phone call. Include the name of the person you skpoke with, then date and time of the call. Mail it the same day. Have it delivered certified mail. Keep a copy. Keep your signature notifcation.
You are probably aware now that this would have saved you at least 2,150 of the 2,500 that got charged to you. But as you say, they are willing to take you for a ride when then know you are young and inexperienced.
Their "it needs to work through the system" should be their problem, not yours. But after the fact, you have no proof of what happened.
Hopefully, this will save someone else some money and headache.
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
If they had the extra 4 digits (3 for AMEX cards)on the back stored in the mag stripe that is a big no no to banks. CVV (numbers after your account number on the back) data was originally used so that the old swipe impact 3 part forms would not pick up the numbers. This meant that you would not have all the info that the banks had on the card from the imprint of the card numbers from the front. They often called in the card when making a purchase and read off the CVV data to the bank when making a charge.
What they typically use that data for now is online orders or "card not present" orders. It's a way to validate when do a "card not present" transaction. Most banks require this now for retailers doing online transactions. There are only two bits of info that should not be stored on the mag stripe. One is the CVV data and the other is your PIN number.
For those that have access to mag stripe readers, especially ones that use keyboard input, try running your card through and dumping out the data sometime. You will see exactly what is on them (if your reader supports more than track 1 and track 2 reads that is). Last time I did, my AMEX, Discover, and VISA all had my name on there, card number, expiration and a few other numbers noone typically uses for transactions.
root 10956 5164 0 Oct 22 - 0:23 sendmail: rejecting connections: load average: 70 (isn't sendmail just too kind)
- SEE ID is not a valid signature
- An unsigned card (blank signature line) is not a valid card.
The card must be signed, period. Merchants who accept these cards are in violation of their contract with the card processing company and can potentially lose their right to accept credit cards. I don't know any that actually have though.On the other hand, I have had people with unsigned cards argue with me that they don't sign their cards so a thief can't copy their signature
I usually advise them that an unsigned card is not valid (it's written right under or over the signature line) and that they will have to sign the card in my presence and provide ID to verify the signature. Otherwise they have to come up with cash or another valid form of payment.
Perhaps if more merchants actually read the agreement that they sign there would be more protection for the card user. I don't expect it to happen any time soon though, there are still "$10 minimum for credit card purchases" signs (Visa and Mastercard do not allow minimums, Discover does) and merchants who want your phone number before they swipe a card (personal information as a requirement for purchases is a violation of the merchant contract)
If you really want them to look at photo id, get a card with your photo on it. Otherwise "rules is rules" and they should be followed on both sides.