Slashdot Mirror
Credit card signatures: Useless?
SpaceAdmiral writes "Everyone should remember John Hargrave's classic Credit Card Prank on Zug. He tried signing fake names on his credit card receipt, and no one seemed to care.
But that's nothing compared to The Credit Card Prank, Part 2. Can he draw obscene pictures instead of signing his credit card? Yes, it turns out. Is there any way of getting your signature checked? . . . Yes, it turns out. But you have to do an awful lot."
A story I heard once somewhere on the web:
"I once went to Target to buy a CD and used my new credit card to pay. After signing the receipt the cashier took my card and looked at the back and said "You haven't signed the back of your credit card.", I took my credit card back and signed the back of it and gave it back to her. She then proceeded to compare the back of my just signed credit card with the signature I had also just made on the receipt and said "Yep, they match". I just shook my head, took my stuff and left."
Actually, despite my experience in the past with this kind of sillyness, I have noticed a lot more cashiers taking more care to make sure that the signature really matches. Just yesterday I went to Half Price Books and thought that the cashier was going to breakout a magnifying glass to ensure that the signature was authentic.
this comes in handy when I've had a "little" to much to drink at a bar or club. It's nice to know that my friends can sign for me.
One of the first things you notice when on holiday in the US (buying petrol, stuff, whatever) is that they don't look at your credit card signature. Ever.
In the UK (and I think most of Europe) it's a lot different. I've been asked to re-sign because my (legitimate!) signature wasn't quite similar enough. It doesn't help when you've got a 3-year-old card where the signature is pretty much worn-off anyway
Another weird thing about the US is that pretty much the entire world wants to know your social-security number. The only person in the UK who ever asks for my SSN is the taxman, and I want him to know, so I don't get two tax-bills
Simon
Physicists get Hadrons!
While I realize that this "article" was meant to be tongue in cheek, I'll say:
Every time you make a credit card purchase, they're supposed to match your signature against the one on the back of your card. Nobody seems to check anymore, so I tried to see how far I could push it with wacky signatures like "Mariah Carey" and "Zeus," which you can read in the original Credit Card Prank.
My signature is basically a W with a line after. I have been told it's "unique". I always reply, "it's fast." Signatures required for credit card purchases are lame. Checking my ID is even worse. I always make sure to be a PITA when they ask for my ID when I pay w/a CC. Paying with plastic is my way around hassle and if they're going to give me one I'm sure to pay them back with some.
I was grocery shopping when I ran into a new type of signature-checking device: the electronic screen. Instead of a flimsy scrap of paper, you now sign your name right into the screen. Finally, I thought, a better way to check our signatures!
For these I usually just put an X through it or a straight line. I always believed that an X was a valid signature. What happens if I'm truly unable to write my signature? I have to sign in that box in order for the signature to take so I do. I've never had a problem with someone questioning it (most are 16 year old kids that just don't give a shit).
Going back to my ID issues w/CC's. My ID has a signature on it (for what reason I have no idea) but in order to get that signature on there you have to be writing for a certain amount of time. I had to write out my entire name (including middle name) in order for it to take. It basically means that the signature on my ID is worthless as I never sign anything like that. Why bother to require it if you aren't going to get a valid signature from me?
If we are basing the validation of the signature to the back of a possibly stolen card don't you think that someone would attempt to at least forge the signature? I would think that would be the case.
The world is ending if people seriously believe that a handwritten signature on the back of a credit card will end theft. Maybe we should all be required to have our signature stored in a national database. That surely will stop the terrorists!
So to answer the question posed in the article title: "Credit card signatures: useless?" I have to answer, completely.
.. a guy I used to work with that signed all his credit card receipts and checks "I. M. Jesus Christ"
nobody ever though twice about it.
Starbucks doesn't bother to ask for a PIN or signature under $20: http://www.boston.com/business/articles/2004/08/18 /swipe_hype_debit_the_small_stuff/
John.
When I lived in Australia, a woman at Commonwealth Bank told me that I could not write "Check Identification" on the back of the card with my signature. I insisted that my signature was there, but I still wanted someoene to check the id of the card holder. She was adamant about it. I asked for her manager who was also adamant. Why were they? Because there was no rule or code of conduct which said it "IS OK" to do this. So thereby it must not be done.
literally. I just put a line through. That's my signature.
Signatures are pretty easy to forge... especially to an untrained eye.
So I keep my "real signature" for important stuff. Some waiter doesn't need my signature. They charge regardless.
I'm asked all the time to show my ID by various cashiers when I use my credit card in a store and it's a bit annoying.
Since the U.S. federal government limits my liability to $50 for someone fraudulently using my credit card, and all of my credit card companies waive even that, I don't care who uses my credit card.
I just had to have one credit card replaced because someone attempted to charge $9,000 worth of "computer equipment" to it while I was on vacation. It was actually the third incident of someone putting fraudulent charges on that card. The funny thing is that even my credit card company didn't care - it was I that insisted on getting new numbers on the card. Which explains why more and more vendors are asking for ID or checking signatures - they're the ones that lose money when fraud happens.
I'm a big tall mofo.
Something i learned while working in retail is write "check id" in the signature block...not everyone checks, but i usually get at least 60% of the people ask me for id...so it would at least slow down someone having a spending spree with my card.
I used to work in the box office at a performing arts center. We took credit card orders all the time, and all of us knew that we had to double-check the signatures. I remember more than one patron being very indignant when I refused to accept a card with "See ID" (or "CID") on the back, or worse yet, no signature at all.
"Can I just sign the card now?"
"I'm sorry, but I have no way of verifying your signature then."
"But nobody else ever cares!"
"I'm afraid that we do."
It's times like that that a boss who backs you up is a very, very helpful thing. (We would still take a different, and signed, credit card from them. We weren't total jerks!)
At my local starkbutts, I bought a pound of coffee and waited for the pen. and after an awkward pause, was told by the cashier that no signature was required any longer for purchases under $25...she was not even going to give me anything to sign.
I did not feel comforted by that...my stolen wallets have always been used to by gas because of the no-signature-pay-at-the-pump option. anyone else encountered this?
SLASHDOT: news for people who can't concentrate on work or have no life at all and got tired of yelling back at the TV.
I figured this out when I got my first credit card. If you sign your card, they will never look closely enough at it.
A friend of mine told me that writing "See Identification" in the signature block on a card would work. It sometimes did, but even then merchants would "compare" my signature and OK it. I tried writing "SEE IDENTIFICATION" in large letters with a black Sharpie. Worked better, but not entirely.
I finally came up with a permanent fix, that has yet to fail me:
When I get a new credit card, on the back Signature area I take a black Sharpie and draw X's over the entire signature area. That forces the clerk to ask for ID. It works EVERY TIME. The only time it hasn't worked is when the clerk doesn't bother checking, but there's little you can do about that other than make a scene or report them to their manager. Besides, in some places (maybe all) a signature is not required for purchases $20.
There is no reasonable defense against an idiot with an agenda
:wq
If I were running the credit card companies, I would hold the vendors responsible for any loss due to fraud that was a result of their NOT checking signatures and ID's.
THAT would put a stop to that.
The safest thing to write is 'See ID'.
Well, it's safe because it forces them to check the ID of the card's user, and it's funny because you can really tell if they care or not, since maybe people check it 1/10 of the time.
Of course, someone could still buy gas, order online/over phone with it., etc.
"I only speak the truth"
Karma: null(Mostly affected by an unassigned variable)
Instead of signing the back of his credit cards, my dad writes "Ask for photo ID". If they don't, he asks them calmly if the signatures match. If the cashier says yes, he asks to talk to their supervisor. He doesn't make a big fuss out of it most of the time, and tends to joke around with the cashiers more than make them feel bad, but it gets his point across. He also praises those cashiers that do actually ask for photo ID.
I like it because it has the net effect of making cashiers more likely to check ALL signatures, not just his.
You have enemies? Good. That means you've stood up for something, sometime in your life. --Winston Churchill
The credit card companies actually advertise this as a feature. Hasn't anyone seen the "Visa Check Card" commercials?
"Thanks, but I'll have to see some ID."
That's their sole "feature" - that credit cards are less secure than checks. And the percentage that they siphon from the credit card / direct check transaction goes to cover any fraud.
So I fail to see how this is an issue. If someone uses my card fruadulently, then I get reimbursed. That is a lot easier than fooling around with checks from a consumer standpoint. From a business standpoint, it is a ripoff because the cost of credit card / direct check transactions *could* be lower.
In the end, the banks don't even make an effort to catch small scale fraudsters. At one point, I helped a friend do just that but we were displeased to find that the bank and police did not care when we showed them our findings.
More
I've come up with the ultimate 'Impossible to Forge' signature:
I DO IT DIFFERENTLY EVERY TIME!
------ The best brain training is now totally free : )
Sure, it's probably too easy to use someone else's credit card without their permission. But remember that the transactions are not settled until long after the swipe (say, a month). Credit cards, evil as they are with their obscene interest rates, do offer substantial protection for consumers and in case of fraud you have recourse without having to pay a cent.
For example, if someone else purchases something with your card (fraud) you can call up your credit card company and indicate that you did not conduct this transaction, and that the merchant does not have your signature on file. They will check and see, indeed, the signature is not available.
Another example (a bit off topic but still interesting) is when the Canadian discount airline, Jetsgo, suddenly went bankrupt. They were even selling tickets to passengers the day before they shut down operations. AFAIK, people who bought their plane tickets by credit card had their transactions cancelled because they were not / could not be provided the product or service they paid for. There was no legitimate sale.
http://64.233.167.104/search?q=cache:0NXYo63xW3QJ: www.zug.com/pranks/credit_card/
"Better to be vulgar than non-existent" -Bev Henson
I work twice a week at a large-chain record store. We've all be instructed, repeatedly, to check for the signatures. As a low-level manager there, I make damn sure the store associates are doing it.
We won't take a card without a signature on it, or process a transaction for someone whose name doesn't appear on the card (including family). While we check to see if the signature matches, we generally WON'T generally call someone out on a signature that looks different, unless the purchase is unusually large. If we have a suspicion that someone is using a card fraudulently, we notify our managers, who then notify our corporate office and mall security.
We're not in the business of accusing people without air-tight evidence, because it's bad customer service. Once the appropriate parties have been notified, we and others in our chain keep an eye out for the potential offender and look for more blatant signs of theft or theft of services.
Even worse is that, now, most DMVs make you sign your identification card digitally (like you do with your UPS deliveries). What's the problem with this? Well, when I signed mine at the DMV in 2000, they said "sorry, that isn't valid - sign again".
"What the hell are you talking about? Of course that's valid. That's how I sign my name."
They said that you can't sign your name with any squiggles or crossing lines. My name has a line from the first letter of my last name that slashes through the top of the other letters in my last name. They said that was not valid. So I had to sign it again, without it.
Now, how is that a big problem? Try signing for something where they require checking the signature on your photo identification. I've had people say "have you changed your signature recently?". I even had to sit at my own bank for half an hour once, while they worked out how to deal with my signature not matching - exactly - that on my card.
In other words, I have to sign my signature like the one on my identification card. But the one on my card is not my valid signature, because that's not how I sign things - nor have I ever in my entire life.
Writing 'See ID' on your card is an excercise in retardedness more than anything else.
The signature panel is not there to prove your identity... its there to show that you agreed to the terms of the cardmember agreement. (ie you agree to pay) It has NOTHING to do with your card's security.
When you sign a credit card draft, it says something to the tune of "I agree to adhere to the terms of the previously agreed to cardmember agreement". Your signing the card signals that you agreed to adhere to that agreement.
Its an outdated and silly mechanism that still exists because the precise meaning of electronic signatures still varies in some jurisdictions.
Conformity is the jailer of freedom and enemy of growth. -JFK
I know everyone in concerned about credit card security, but please consider:
1 - Don't just write "see id" on the signature line of your card. Most people don't realize that credit cards are transferable. That is why they almost always contain the phrases "NOT VALID UNLESS SIGNED" and "AUTHORIZED SIGNATURE". If you fail to sign your card, then the person who steals it will just sign it for you. It doesn't matter if the signature matches the name on the front of the card. It only matters if the signature on the back matches the signature on the receipt. If writing "see id" on the back of your card makes you feel safer, great, but please remember to also sign the card.
2 - If you want someone to check your ID when you sign your card, please hand it to the cashier with your credit card.
3 - The security of your credit cards is primarily your concern not the concern of the cashier. I assure you that someone who refuses payment to some yuppie that forgot their driver's license would almost assuredly be reprimanded when that same person calls in to complain. And they WILL complain. People are not reasonable. YOU may be, but trust me, not everyone is as understanding as you are.
Cheers!
-Pointed Stick
If you do not take cards with CID on the back, It will be only a matter of time before you are reported to VISA/Discover. Both accept that customers want an ID back up on their cards and accept this. Basically, you run the risk of losing the ability to use charge cards at the facility. At that point, how happy do you think that patrons will be? And yes, you were total jerks.
I prefer the "u" in honour as it seems to be missing these days.
A few years back a thief broke into our van while we were at the beach with my parents. We didn't notice the theft until later that afternoon(only the credit cards were stolen). On one card the crooks racked up nearly $15K in less than 15 minutes at Dillards. We met with the Dillards manager the next day only to be told that their corporate policy it to not check ID or validate the signature.
"God fights on the side with the best artillery." - Napoleon, Marshal of France - speaking truth to power
The signature on the back of your credit card is NOT for the cashier to compare signatures. It is there as your formal acceptance of your credit card companies policies.
According to the merchant's agreement with the credit card company, cashiers are NOT supposed to accept cards that have not been signed. If they do, the merchant, and not the credit company, is responsible for any fraud.
My girlfriend is in a wheelchair, and many of the places that have the 'swipe your own card' machines are placed too high for her to reach. She gets me to sign her name and while I felt it rather ridiculous that no other method existed for her to sign her own card, I still complied.
But instead of signing her name, I just wrote things like "she can't reach" or "this is dumb".
A month or two after we received a phone call from VISA who questioned her on all these 'signatures' and wondered why they didn't match, and why she wasn't signing her name.
They were polite, but asked that her actual name be used from now on.
A lot of people have talked about writing "See ID" on the back of the card for the merchant to check. I've dealt with this before, and if the merchant is following the proper procedures (visa here), they should make you sign the card before they will accept it. The US Postal service will not accept it at all.
So this should only be a one-off for people who do it, although from my experience and most of the reports here it seems that very few places follow through on this even if they check.
As for the main question, are the sigs useless? Well no, they're not foolproof but act as a line of defense which makes fraud a bit harder, puts off some people from trying it and maybe gets some fraudsters caught.
Say you lost your signed credit card and some nefarious type found it. With about 2 minutes of practice they would be able to forge your sig good enough to get by the minimum-wage-high-school-attending cashier so why bother with this lame security device from our distant past. Another reader mentioned signing onto a screen which does not seem to check your sig against any database but makes it easier to store I guess. If the stores can roll out this technology then there should be nothing standing in the way of biometrics. Im currently typing this on a ThinkPad T42 with a fingerprint reader and it works great so to me it would seem that the technology is ready for prime-time. Maybe using bio-metrics and having a picture card backup if the biometrics fails to match would be the answer.
The signature on the back of the card is your acknowledgment of the credit card CONTRACT. It's not a security feature. I don't think it was ever supposed to be a security feature. The reason companies are supposed to refuse your card if you haven't signed it is because that means you haven't accepted the credit card contract, meaning that legally you're not allowed to use the card.
Read the fine print in your credit card contract; I did. That's what the signature is there for. That's ALL it's there for.
http://www.chmodoplusr.com/
I run a medium-sized store. The credit card signing IS useless. Why? What do we do with the credit card signatures? Nothing. Absolutely nothing. They get put in a big box, and every so often, they get thrown away. Visa/Mastercard/Amex/Discover makes no requirements on us to do anything with the signatures. The only reason that we could possibly need a signed receipt is if a transaction is fraudulent, and somebody needs proof that they did NOT sign the receipt. And honestly, that's just a guess. Maybe it's buried somewhere in the 100 pages of fine print, but I've never seen it.
1. Credit card companies don't ask for signatures, even in the case of fraud. It's not worth their time and money.
2. Neither myself or any of my employees are handwriting experts. Somebody could forge a signature very easily. It ain't rocket science.
Really, all the signatures for are to provide a sense of security to the tin-foil hat types. In reality, a credit card is as good as cash, but if you lose it, you don't feel the negative consequences. So, while credit card signatures are useless, I readily use mine everywhere without worrying about a signature.
I don't respond to AC's.
Mirror can be found at nyud.net
Q: How does a Unix guru have sex? A: unzip;strip;touch;finger;mount;fsck;more;yes;umount;sleep
I was standing in a supermarket checkout line in Cambridge in the UK once and this pretty festy looking homeless dude is in front of me with a 6 pack of Tennents Super Strength lager. Anyway he whips out this busted up debit card, all scratched and bent, obviously stolen or found. The pimply checkout chick just takes the card and incredulously turns to the bum and asks him if he would like any cash out with his purchase. In the UK you don't have to type in a pin to get cash out with purchases at the supermarket you just have to sign and well...... You should have seen the guys eyes light up. It was going to be his lucky day. "50 pounds please"
The cashier then takes the card and swipes it. Unfortunately for the alkie bum the card was too damaged and wouldn't swipe through the machine correctly. If he had been a bit luckier he would have easily made off with 50 quid and a 6 pack of lager. What was really astounding was the robotic attitude of the checkout chick to the obvious scam. She would have happily handed over that 50 quid if the card had swiped.
The bikini - security through obscurity since 1943
One day in a shop I went to pay for a purchase and noticed that my credit card had changed form VISA to MasterCard! On closer examination, I discovered that I had someone else's card. Apart from the user name and the logo it looked just like mine.
My card was missing so obviously it had been switched during some previous transaction. I checked back through my receipts and found, to my amazement, that I had paid for a weekly supermarket shop, a tank of petrol and a small car repair on this other guy's card.
The purchase before had been for a meal on a train home from work a few nights before. On the train they have the habit of collecting several payments at a time and taking them into the kitchen to process. I had been sitting opposite a gentleman at the table and guessed it may have been him.
I live in East Anglia and get off the train at Diss, the stop before the end of the line so I knew this chap would have to get off in Norwich. From there he could have boarded another train or drove off into the countryside. Luckily, when I checked directory enquiries, there was one listing Norwich phone book with his surname and initials. I phoned him up and asked if he had my card in his wallet - he did! What's more he had made three purchases on my card.
I drove to him and we swapped cards. We waited for the statements to arrive and I ended up sending him a cheque for about 30 pounds.
A lucky escape - it's a good job we were both honest. After my experience I'm not really surprised to hear about signatures not being checked. I can understand how it might happen in shops where they know me but all my purchases were not. Here in the UK Chip & PIN is being introduced so that should prevent a similar thing happening. But I always check my card carefully when I get it back now.
For those of you who are afriad of someone stealing your card and making unauthorized purchases, you can rest easy. The credit card companies have been able to detect fraud at the time of purchase for quite a while now. Ever since they felt comfortable enough to offer everyone "zero liability".
First off, the cashier at your local WalMart isn't a handwriting and signature analysis expert or an identity expert. They aren't expected to be. The credit card companies realized this a long time ago. Strangely enough, if your card is stolen and the clerk compared the signature, the store becomes liable for the fraudulent purchases.
A Visa or MasterCard is what's called a bearer instrument. It's the same as having cash. If I handed you a $20 bill to pay for something, you wouldn't ask for ID. The same rule applies to Visa and MasterCard. They're all three bearer instruments.
On the other hand, AMEX is an owner instrument. Only the owner of the card is allowed to use it. IIRC, Diners' Club is the same way. You must be the owner of the card. If you have an AMEX, and your spouse is on the same account, you will each have your own card with your own name on it, and IIRC a different number assigned to the same account.
Using an owner instrument is a little more tricky. In that case, the cashier should make a cursory check to see if the signatures match, and may ask for ID, however, much more than that is placing liability back on the store instead of the Loss Prevention department of the bank or credit card company.
A few years ago, I was sitting at home and got a call from Nike Online. Within about 10-15 seconds of that call, I had a call from Visa Loss Prevention on call waiting. Someone had stolen my Visa number and attempted to use it to buy a lot of Nike stuff from the online store. Both Nike and Visa caught the fraudulent purchase at the time of sale. They were able to get in touch with me, the local police department, and set up a sting to get the thief. I wasn't charged anything, and had only a minor problem while I waited for my new card to arrive since they had to kill the old number (which sucked as I had just memorized it and the code on the back).
Checking IDs is just as bad as airline security. It does nothing to actually prevent crime. It just gives the underinformed a (false) sense of security.
Plant a tree in a developing country.
the real advantage of credit card signatures is an added criminal charge. In a lot of states using someone else's credit card to buy $1000 worth of stuff amounts to petty theft, and is only grand larceny if you steal a certain monetary value from a single party. Thus the prison terms are often very short. However, if you sign the line, it's fraud, which is usually a felony.
your credit card company would not make any money.
1)the signature is an agreement to pay what you charge, nothing more. The security aspect was added on later as a 'feel good' measure.
2)They(the stores) make more money this way. it's quicker, which means more purchases.
The credit card bean counters look at this every year, they make more money not pissing off the stores then they would with more secure transactions. Now, if somebody comes up with a secure way of doing business, that doesn't slow the transaction and the customers don't mind the credit card companies would implement it.
The Kruger Dunning explains most post on
As others have noted, if you read the card holder agreement, the signature on the card accepts the terms of the that agreement. If you read your receipt, the signature on the receipt signifies that you agree to pay the retailer the sum charged. I do not think authentication is mentioned anywhere. So, this is my problem with credit cards and debit cards used as credit cards: there is no authentication at the time of purchase. I would like to see broad deployment of "smart" credit cards in the US. I am not a cryptographer, but I think a credit card purchase should depend on at least the following: the holder knowing a secret (PIN?), the card knowing a separate secret, the card issuer knowing a third secret, and an algorithm that ties the secrets together. That way, there is some hope of proving that the relationship between the three entities is valid at purchase time. The current system only works, because there is such massive indemnification (no responsibility for unauthorized purchases over 50.00). The indemnification does not keep fraud down; it only foists the cost of fraud onto the retailers who then raise their prices to cover themselves.
.02.
My
-ghostis
Computer Science is all about trying to find the right wrench to bang in the right screw. -T.Cumbo?
When Ninja Gaiden came out for the XBox, I headed over to the local Wal-Mart to grab me a copy. Taking it over to the register, the upitty cashier first demanded proof that I was 17 (I was 21 at the time and have always appeared older for my age. Example: At my sister's 15th birthday dinner, when I was 13, the waitress handed me the wine list.). Upon being begrudgingly satisfied by my driver's license, we went through the purchase. When I handed him the receipt, he literally took the credit card back out of my hand and compared my signature on the back to my signature on the receipt. "Ummmm...ok, I guess it's close enough. But try to do it better next time or I won't sell it to you."
It's the closest I've ever come to outright decking a store employee. Jump through hoops to get your signature checked? Nah, just find the newly promoted manager at Hell*Mart.
ACs are modded -6. I don't read you, I don't mod you, I don't see you. Don't like it? Don't be a coward.
Comment removed based on user account deletion
The requirement for fraud is, well, intent to defraud. IANAL, but my father was and one of his favorite bits of legal trivia was thus:
I can sign your name if you tell me I can, so there is no fraud if I sign your name without fraudlent intent.
Your signature doesn't have to be related to your name in any way; as long as it is something you use as your signature its valid. This goes back to illiterate persons "making their mark" to sign documents. You don't even have "a signature" you have as many signatures as you want to. For instance I have an added glyph I use on some kinds of documents, it cannot be represented in any current character set and it will botch any OCR scan. It has its uses... but it only shows up on some things.
The "signature card" on a bank account and the place to sign on the back of a credit card exist solely to act as arbiters; they exist only to define what your signature is on that account. In this respect the signatures involved are simple, anonymous key matching operations.
I can sign my name to where yours should be, but if I do so with the intent to pass-off and say that what I wrote is supposed to be your signature, it doesn't matter that the letters spell out my name, by presenting the document as something signed by you (the authorized party etc) I am engaged in fraud.
If you mean to defraud it is fraud.
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press