Slashdot Mirror
MasterCard Has Finally Realized That Signatures Are Obsolete and Stupid (fastcompany.com)
An anonymous reader shares a report: For years, credit card companies have relied on an illegible squiggly line as the frontline of defense against credit card fraud. Customers are forced to use a pen (how retro!) to scrawl their signature on bills at restaurants and sign digitally at cash registers -- as if somehow in the age of chips, PINs, biometrics, and online fraud alerts, a line on a page is still a great tool against fraud prevention. Personally, I have been known to sign on the dotted line with a doodle of a piece of tofu and no one has ever stopped me, because signatures mean very little in this digital age. Companies are finally seeing the light. Starting in April 2018, MasterCard cardholders will no longer be required to sign their name when they purchase something using their debit or credit cards. The company has been moving away from requiring signatures for a few years now, with only about 80% of purchases (typically over a certain dollar amount) requiring a signature these days. MasterCard did some digging, though, and per its press release, realized that most of their customers "believe it would be easier to pay and that checkout lines would move faster if they didn't need to sign when making a purchase."
Your signature is just an acknowledgement of payment it is not fraud control.
It's for verification of purchase after the fact, not to prevent fraudulent purchases at the time of transaction.
Mind you, it's still kinda stupid because if someone is planning on disputing a charge they can just fuck up their signature at time of transaction BUT it's worth the clarification.
Mod me down with all of your hatred and your journey towards the dark side will be complete!
Yes, it's basically a U.S. thing at this point. The signature requirement is one reason that U.S. travelers have a hard time buying gasoline while traveling in Europe; none of the pumps will take their cards because they're either magstripe/signature-required or chip-without-pin, rather than chip-and-pin as used in most of the rest of the world.
The irony is that they don't actually look at the signatures, as far as I can tell, which makes it almost useless.
Check out my sci-fi/humor trilogy at PatriotsBooks.
Signing your signature on the line or your card was never about security.
It was about contracts.
Signing the back of your card means you agree with the Cardholder Agreement between you and your issuer. Merchants need to check the signature of the card because if it isn't signed, or signed incorrectly, it means the bearer (i.e., who holds the credit card) does NOT agree to the terms of the agreement and thus any transaction made can be null and void.
The cardholder agreement is that little piece of contract stating if you use the card, you agree to pay it off, interest rate, late payments, fraud, etc and all the other terms of the credit card. A merchant who does not verify your card can get screwed if you refuse to pay since you refused to agree with the agreement.
The slip that you sign is the same deal - it basically says you the bearer agree to pay the amount shown on the slip per your card holder agreement. If you do not agree, you do not sign the slip (this is especially true if the slip is incorrect - do NOT sign it). When doing a dispute, the credit card company looks at the slip and sees if it was signed. In the old days where they had the carbon paper slips and the slider machines that go ka-thunk as you used them, tearing the slip up has the same effect.
That's it. That's all the signatures meant.
And if you had "See ID" or something written on your card, the merchant is actually supposed to cut up the card - it is not a valid card (no on agreed to its use so its presentation means it must be destroyed as it's use is fraudulent).
With Chip+PIN, entering your PIN is basically agreeing to the charges, and since the PIN and everything is held securely inside the crypto processor on the smart card, it verifies you as the valid user.
And yes, this is why "Card Not Present" transactions are far more risky - you the merchant are basically relying on the good will of the customer to uphold their end of the agreement despite not actually having a signed agreement to do so.
My father worked in credit card all his career. From most of the stories he'd tell, as much as not, the signature came up when somebody tried to decline charges. Once they find out the CC company have the signature and it looks like their signature, they admit they bought the item but were now having buyers remorse. Next comes signatures by other family who they loaned their card to with the intent of letting them buy stuff. Once faced with knowledge there is evidence that they or their agent used the card with their agreement, they stop trying to deny charges and just pay up.
Of course a signature isn't a fraud *prevention* mechanism...it never was, unless the early days of credit cards saw vendors having databases of customer signatures against which to compare. The signature is there for fraud *investigation*. If you argue that your identity's been stolen, the firm investigates, pulls up the purchase slip with a signature that doesn't match yours, BINGO...they know you're not bullshitting.
Why so many people persist in claiming that the signature isn't used for fraud prevention is odd.
It's simple enough to pull up the Mastercard/Visa merchant rules and see that they explicitly use signatures as a means of verifying the person making the charge is the authorized cardholder and it has nothing to do with a future "fraud investigation".
That a signature can also be a piece of evidence in determining, after the fact, that the purchase was made fraudulently doesn't mean the signature isn't/wasn't a fraud prevention mechanism.
From Mastercard https://www.mastercard.us/cont...
"Performing a Signature Comparison
When a signature is obtained as the CVM for a Mastercard POS Transaction completed with a
Card (but not when an Access Device is presented), the Merchant must compare the signature
on the Transaction receipt with the signature on the Card to determine whether they appear
to be the same.
If the Merchant believes that the signature on the Card does not match the signature on the
Transaction receipt, the Merchant must contact the Acquirer for instructions. "
Why is that there? Fraud prevention
The signatures are there so transactions can be audited after the fact. In theory when you dispute a transaction they can compare the signature on the transaction against your verified signature. Signatures aren't used to stop the fraudulent transaction from occurring in the first place.