Credit card signatures: Useless?

SpaceAdmiral writes "Everyone should remember John Hargrave's classic Credit Card Prank on Zug. He tried signing fake names on his credit card receipt, and no one seemed to care. But that's nothing compared to The Credit Card Prank, Part 2. Can he draw obscene pictures instead of signing his credit card? Yes, it turns out. Is there any way of getting your signature checked? . . . Yes, it turns out. But you have to do an awful lot."

Almost useless

A story I heard once somewhere on the web:

"I once went to Target to buy a CD and used my new credit card to pay. After signing the receipt the cashier took my card and looked at the back and said "You haven't signed the back of your credit card.", I took my credit card back and signed the back of it and gave it back to her. She then proceeded to compare the back of my just signed credit card with the signature I had also just made on the receipt and said "Yep, they match". I just shook my head, took my stuff and left."

Actually, despite my experience in the past with this kind of sillyness, I have noticed a lot more cashiers taking more care to make sure that the signature really matches. Just yesterday I went to Half Price Books and thought that the cashier was going to breakout a magnifying glass to ensure that the signature was authentic.

Re:Almost useless

I write in "SEE ID" and then my signature next to it on my credit cars. I then say thank you to the cashiers who check my ID.

I know it isnt a lot, but it helps me feel a little more comfortable that had I been a criminal trying to get a bad credit card accross I would have been foild.

Then you have Wal Marts and such that you swipe the card yourself.... ugh.

Re:Almost useless

I write in "SEE ID" and then my signature next to it on my credit cars. I then say thank you to the cashiers who check my ID.

That's quite a good idea, but over here in the UK we have a new scheme to counter fake signitures. Instead of signing for using your card, you simply enter your secure 4 digin pin into a terminal. If they match, then your identity is verified. Although, personally, I still don't trust this scheme. There are simply too many ways to have your identity stolen, and it is simply too easy to have someone secretly watch you enter a secure 4 digit pin. At least signitures need some mild degree of talent to forge.

Re:Almost useless

But as this article is proving is "no you don't have to have talent to forge".

And smart cards you're talking about are WAY better than what we have here [america]. First off, having the card doesn't net you anything. You need the pin to get it todo anything.

Second, the reader doesn't get anything useful off you. This stops magreader thieves from stealing your card info.

Third, you actually need the pin to make it work.

I think guessing a 4 digit pin is harder than writing "shamoo" on a receipt...

Tom

Re:Almost useless

Uhmm. DUH?

The the pin is not stored on the card. You can copy the card as much as you want, but it won't be of any use as long as you don't have the pin.

The pin could probably be read with interference, but that'd require some hefty equipment. That's not something your ordinary wallet-thief will have access to.

Re:Almost useless

On the PIN number thing, I'm tempted to put a small slip of paper in my wallet, with "0619" written on it. Anyone stealing the wallet may well try it is my PIN, and it won't work. So they turn it upside down (becomes "6190"), and it still doesn't work. If I'm really lucky, they turn it back the other way, try one more time, and the card is now locked.

Re:Almost useless

Since January 1st 2005 (I think), shops that accept signatures are held liable for fraudulant transactions by the card issuers, so there is an incentive for shops to move over to the new system.

Re:Almost useless

The mag stripe contains only the 16 digits of the card. (I used to work for MasterCard).

I used to work for a company that wrote software for pc based cash registers. Unless things changed, we had to parse out all #s following the card # just to get # to populate by itself. There was no uniform layout of information. Some had the extra 4 digits you see on the back of the card, some had the expiration date, some had #s that I never figured out what they were. We even had access to the cool monthly # that would make it skip actually submitting card payments in the nightly batch so we could swipe real cards all day to test. That was a dangerous toy...grin...I resisted using it.

Re:Almost useless

In the US if you have a card linked to your checking account, it can be used as a credit or debit card. As a credit card all that is needed is a signature. A debit card is just a fancy name for an ATM card. When the card is processed as a debit card the machine will ask for your PIN. The problem is in debit mode you can be charged foreign ATM fees (by both your bank and the business processing the card). So it is best to just use the card as a credit card when asked, "credit or debit?" There is also nothing preventing the card from being used one way or the other.

Re:Almost useless

I live in portugal and here many things are very primitve but the banking system and cell phones are not. For both being "late adopters" they had the advantage of getting better systems.

At a Portuguese ATM from ANY bank or ATM in a supermarket or petrol station there are NO charges at all. Furthermore you can pay all your bills by ATM and even check your balance and last 10 "account movements" from anywhere.

Now what they have is something amazing: You can buy from online retailers in Portugal and some of them will give you a code that you can take to an ATM and pay that way. You never enter any bank details online. Actually you can even charge your cellphone and pay taxes to the state.

Now how did they get this system.... well the banks all needed ATMS at the same time and it was much cheaper if they colaborated.

Dont get me worng many things here suck but some things (like the ATMs) are very good.

Re:Almost useless

Thats slightly incorrect. Having my wallet stolen now a total of 5 times in the last 5 years. (Why, why does it happen to me) I can tell you from fact, that if you have a Bank of america, or washignton mutal debit card, you CAN request them to deactivate all credit purchuses on your card. (its literly one menu-driven command once they are inside your account) Then, if your card is ever stolen, the moment the credit transaction takes place, its flagged, and I get a call. Last time, they caught the person within 30 minuites of trying to use my card. (She tried it in 5 places) So yes, it is possible just to use the debit part only.

Re:Almost useless

If you're keeping your life savings in a savings account, let me tell you, you're losing a lot of money every year, because inflation is approximately 4%. Check the laughable interest rate that any bank gives you. Don't be surprised if it's something like 0.2%

You should keep your life savings in bonds, funds or stocks, not savings accounts. An indexed fund gives, very roughly, about 10% annually.

Re:Almost useless

I'm a Brit that lived in Oz for a year where they had just introduced PIN authorisation (it has the brand name "EFTPOS" over there, which rolls off the tonger very easily, sort of). Anyway, the Aussies saw a dramatic reduction in CC fraud following the roll out of the PIN terminals in stores. I dont remember the exact figures, but they were very substantial - something like 80%/85%.

Again, I dont remember the exact figures, but the roll out costs in the UK of new cards and new PIN authorisation terminals in stores are going to be recouped by the banks very quickly indeed.

Re:Almost useless

Yes, I learned a long time ago that the best approach is to make my signature a completely uninteligable squiggle.

It's hard to duplicate, and no one can ever tell me that I didn't sign my entire name. the first time a purchased a home, I had a legible signature and they made me sign MY FULL NAME like eleventy billion times.

Now, I just squiggle, and if they say that isn't my full name, I say, "yes it is... Can't you read?"

Re:Almost useless

Except the signature line on the back of your card isn't there for authentication purposes. It's your acceptance of the card holder agreement. Merchants are not supposed to accept a card that does not have a signature on the back of the card.

Re:Almost useless

As a merchant who accepts credit cards it amazes me that people think the SEE ID is valid. Just a few days ago someone posted a link [infinitydatacorp.com] that completely rebuffs the SEE ID line.

• SEE ID is not a valid signature
  
• An unsigned card (blank signature line) is not a valid card.
  

The card must be signed, period. Merchants who accept these cards are in violation of their contract with the card processing company and can potentially lose their right to accept credit cards. I don't know any that actually have though.
On the other hand, I have had people with unsigned cards argue with me that they don't sign their cards so a thief can't copy their signature
I usually advise them that an unsigned card is not valid (it's written right under or over the signature line) and that they will have to sign the card in my presence and provide ID to verify the signature. Otherwise they have to come up with cash or another valid form of payment.
Perhaps if more merchants actually read the agreement that they sign there would be more protection for the card user. I don't expect it to happen any time soon though, there are still "$10 minimum for credit card purchases" signs (Visa and Mastercard do not allow minimums, Discover does) and merchants who want your phone number before they swipe a card (personal information as a requirement for purchases is a violation of the merchant contract)
If you really want them to look at photo id, get a card with your photo on it. Otherwise "rules is rules" and they should be followed on both sides.

Not useless - a "feature"

The credit card companies actually advertise this as a feature. Hasn't anyone seen the "Visa Check Card" commercials?

"Thanks, but I'll have to see some ID."

That's their sole "feature" - that credit cards are less secure than checks. And the percentage that they siphon from the credit card / direct check transaction goes to cover any fraud.

So I fail to see how this is an issue. If someone uses my card fruadulently, then I get reimbursed. That is a lot easier than fooling around with checks from a consumer standpoint. From a business standpoint, it is a ripoff because the cost of credit card / direct check transactions *could* be lower.

In the end, the banks don't even make an effort to catch small scale fraudsters. At one point, I helped a friend do just that but we were displeased to find that the bank and police did not care when we showed them our findings.

Totally useless

I run a medium-sized store. The credit card signing IS useless. Why? What do we do with the credit card signatures? Nothing. Absolutely nothing. They get put in a big box, and every so often, they get thrown away. Visa/Mastercard/Amex/Discover makes no requirements on us to do anything with the signatures. The only reason that we could possibly need a signed receipt is if a transaction is fraudulent, and somebody needs proof that they did NOT sign the receipt. And honestly, that's just a guess. Maybe it's buried somewhere in the 100 pages of fine print, but I've never seen it.
1. Credit card companies don't ask for signatures, even in the case of fraud. It's not worth their time and money.
2. Neither myself or any of my employees are handwriting experts. Somebody could forge a signature very easily. It ain't rocket science.

Really, all the signatures for are to provide a sense of security to the tin-foil hat types. In reality, a credit card is as good as cash, but if you lose it, you don't feel the negative consequences. So, while credit card signatures are useless, I readily use mine everywhere without worrying about a signature.

added crime

the real advantage of credit card signatures is an added criminal charge. In a lot of states using someone else's credit card to buy $1000 worth of stuff amounts to petty theft, and is only grand larceny if you steal a certain monetary value from a single party. Thus the prison terms are often very short. However, if you sign the line, it's fraud, which is usually a felony.

Re:added crime

But what if you sign your own name? ANd the store still accepts it, is it fraud too then?

Probably makes no difference.

The requirement for fraud is, well, intent to defraud. IANAL, but my father was and one of his favorite bits of legal trivia was thus:

I can sign your name if you tell me I can, so there is no fraud if I sign your name without fraudlent intent.

Your signature doesn't have to be related to your name in any way; as long as it is something you use as your signature its valid. This goes back to illiterate persons "making their mark" to sign documents. You don't even have "a signature" you have as many signatures as you want to. For instance I have an added glyph I use on some kinds of documents, it cannot be represented in any current character set and it will botch any OCR scan. It has its uses... but it only shows up on some things.

The "signature card" on a bank account and the place to sign on the back of a credit card exist solely to act as arbiters; they exist only to define what your signature is on that account. In this respect the signatures involved are simple, anonymous key matching operations.

I can sign my name to where yours should be, but if I do so with the intent to pass-off and say that what I wrote is supposed to be your signature, it doesn't matter that the letters spell out my name, by presenting the document as something signed by you (the authorized party etc) I am engaged in fraud.

If you mean to defraud it is fraud.

I'm not complaining

this comes in handy when I've had a "little" to much to drink at a bar or club. It's nice to know that my friends can sign for me.

Not in the UK.

One of the first things you notice when on holiday in the US (buying petrol, stuff, whatever) is that they don't look at your credit card signature. Ever.

In the UK (and I think most of Europe) it's a lot different. I've been asked to re-sign because my (legitimate!) signature wasn't quite similar enough. It doesn't help when you've got a 3-year-old card where the signature is pretty much worn-off anyway :-)

Another weird thing about the US is that pretty much the entire world wants to know your social-security number. The only person in the UK who ever asks for my SSN is the taxman, and I want him to know, so I don't get two tax-bills :-) You never ever get asked by the electricity/gas people, the cable company, the phone people, your bank, the list goes on. I guess identity fraud is that much easier that way...

Simon

Re:Not in the UK.

She politely asks him to sign his card so she can compare signatures. It took him a beat to process the fact that "Yes she's that dumb.", he signed the card, she checked the sigs. and let him be on his merry way.

Nothing to do with being dumb. A credit card is not valid until signed (it says this by the signature panel on all my Visa and MasterCard cards, though interestingly not on my Discover), and she did exactly what card issuers require merchants to do when presented with an unsigned card. [visa.com]

Re:Not in the UK.

What they're supposed to do is:

If they see you haven't signed your credit card, they're supposed to ask to see another form of ID with your signature. That's what they're supposed to do. At least that's what my back tells its customers when issuing new credit/debit cards. For this reason, many people DON'T sign their card (some of my friends do it this way). I always do sign it, though, figuring if it's ever lost or stolen, hopefully the signature will be checked.

digital signatures

Even worse is that, now, most DMVs make you sign your identification card digitally (like you do with your UPS deliveries). What's the problem with this? Well, when I signed mine at the DMV in 2000, they said "sorry, that isn't valid - sign again".

"What the hell are you talking about? Of course that's valid. That's how I sign my name."

They said that you can't sign your name with any squiggles or crossing lines. My name has a line from the first letter of my last name that slashes through the top of the other letters in my last name. They said that was not valid. So I had to sign it again, without it.

Now, how is that a big problem? Try signing for something where they require checking the signature on your photo identification. I've had people say "have you changed your signature recently?". I even had to sit at my own bank for half an hour once, while they worked out how to deal with my signature not matching - exactly - that on my card.

In other words, I have to sign my signature like the one on my identification card. But the one on my card is not my valid signature, because that's not how I sign things - nor have I ever in my entire life.

Re:digital signatures

Even worse is that, now, most DMVs make you sign your identification card digitally (like you do with your UPS deliveries)

I'm always astonished how poorly most digitizers work (Target, Best Buy being the worst I usually run into), with results that only vaguely look like my signature.

It could be worse, when companies like UPS started doing this, the quality and resolution was *terrible*. Back in 1997 or so, my brother sent me a package which I signed for, and they were advertising the "you can track your package online, and even see who signed for it." The resulting signature [umn.edu] was so funny, I kept it. (Before you flame me for posting my signature, look at the actual image).

Re:digital signatures

I bet you've been waiting 8 years for a Slashdot article that allows you to post that image, how does it finally feel?

Re:digital signatures

It could be worse, when companies like UPS started doing this, the quality and resolution was *terrible*. [...] The resulting signature [umn.edu] was so funny, I kept it. (Before you flame me for posting my signature, look at the actual image).

If you squint your eyes just right you can make it out! Bad idea to post your signature, Mr. ;,!.'',_!.

Completely.

While I realize that this "article" was meant to be tongue in cheek, I'll say:

Every time you make a credit card purchase, they're supposed to match your signature against the one on the back of your card. Nobody seems to check anymore, so I tried to see how far I could push it with wacky signatures like "Mariah Carey" and "Zeus," which you can read in the original Credit Card Prank.

My signature is basically a W with a line after. I have been told it's "unique". I always reply, "it's fast." Signatures required for credit card purchases are lame. Checking my ID is even worse. I always make sure to be a PITA when they ask for my ID when I pay w/a CC. Paying with plastic is my way around hassle and if they're going to give me one I'm sure to pay them back with some.

I was grocery shopping when I ran into a new type of signature-checking device: the electronic screen. Instead of a flimsy scrap of paper, you now sign your name right into the screen. Finally, I thought, a better way to check our signatures!

For these I usually just put an X through it or a straight line. I always believed that an X was a valid signature. What happens if I'm truly unable to write my signature? I have to sign in that box in order for the signature to take so I do. I've never had a problem with someone questioning it (most are 16 year old kids that just don't give a shit).

Going back to my ID issues w/CC's. My ID has a signature on it (for what reason I have no idea) but in order to get that signature on there you have to be writing for a certain amount of time. I had to write out my entire name (including middle name) in order for it to take. It basically means that the signature on my ID is worthless as I never sign anything like that. Why bother to require it if you aren't going to get a valid signature from me?

If we are basing the validation of the signature to the back of a possibly stolen card don't you think that someone would attempt to at least forge the signature? I would think that would be the case.

The world is ending if people seriously believe that a handwritten signature on the back of a credit card will end theft. Maybe we should all be required to have our signature stored in a national database. That surely will stop the terrorists!

So to answer the question posed in the article title: "Credit card signatures: useless?" I have to answer, completely.

Re:Completely.

My signature is basically a W with a line after.

Wow! Please to meet you Mr. President!

I remember ..

.. a guy I used to work with that signed all his credit card receipts and checks "I. M. Jesus Christ"

nobody ever though twice about it.

Starbucks

Starbucks doesn't bother to ask for a PIN or signature under $20: http://www.boston.com/business/articles/2004/08/18 /swipe_hype_debit_the_small_stuff/

John.

Idiocy does not stop there....

When I lived in Australia, a woman at Commonwealth Bank told me that I could not write "Check Identification" on the back of the card with my signature. I insisted that my signature was there, but I still wanted someoene to check the id of the card holder. She was adamant about it. I asked for her manager who was also adamant. Why were they? Because there was no rule or code of conduct which said it "IS OK" to do this. So thereby it must not be done.

I'm -----

literally. I just put a line through. That's my signature.

Signatures are pretty easy to forge... especially to an untrained eye.

So I keep my "real signature" for important stuff. Some waiter doesn't need my signature. They charge regardless.

Re:I'm -----

It's not your signature they take, it's the CC#, exp date, and confirmation code, to use online where no one ever asks for a signature.

I wish they wouldn't look at my signature.

I'm asked all the time to show my ID by various cashiers when I use my credit card in a store and it's a bit annoying.

Since the U.S. federal government limits my liability to $50 for someone fraudulently using my credit card, and all of my credit card companies waive even that, I don't care who uses my credit card.

I just had to have one credit card replaced because someone attempted to charge $9,000 worth of "computer equipment" to it while I was on vacation. It was actually the third incident of someone putting fraudulent charges on that card. The funny thing is that even my credit card company didn't care - it was I that insisted on getting new numbers on the card. Which explains why more and more vendors are asking for ID or checking signatures - they're the ones that lose money when fraud happens.

Re:I wish they wouldn't look at my signature.

Since the U.S. federal government limits my liability to $50 for someone fraudulently using my credit card, and all of my credit card companies waive even that, I don't care who uses my credit card.

Not entirely true. If it can be shown that your negligence contributed to the fraudulant usage of your card, you can be held liable. Granted, you have to really be careless for this to ever be an issue.

For example, loaning it to your friend to make a purchase. He/she makes other purchases on the card, well... you are screwed. The other common occurence is when you do not report a card stolen right away. Then, you can also be held liable.

I've heard of very few instances of this ever being an issue. But do not take the limited liablility policy to be an excuse to be careless. It can come back to bite you.

Re:I wish they wouldn't look at my signature.

For example, loaning it to your friend to make a purchase. He/she makes other purchases on the card, well... you are screwed.

Here's a fun little story to amplify your point:

When I was young(er) and dumb(er) I once gave a phone card number to a friend in another state so they could call me in emergencies. I figured since it had a $50 limit I was insulated to a $50 dollar lesson even if they went insane and called Peru. Plus, it was a major issuer (AT&T), so I didn't expect problems.

Turns out, nope, I wasn't protected at all. The "friend" turned out to have emotional problems and abused the hell out of the card. The phone company was more than happy to let $2500 bucks worth of charges accrue. The fun part was that I was liable because I had given a third party the original access. The _really_ fun part was that when I discovered this was going on (and there was only like $350 charged), I tried to get the charges stopped. I tried reporting the card stolen, explaining the situation, pleading with the issuer, etc... Nothing worked. They told me it would take at least 7-10 days to put a stop on the card because "these things take a while to filter through the system." (bear in mind this was a "global communication company") So even though the issuer knew the card was out of my control, and going vastly over the "limit" (which I was told was actually a "suggestion") they let it run up for more than a week.

The point here, is that if you haven't done something dumb, you usually have no problem with any sort of fraud. If you have, I suspect sometimes the issuing companies let you get dug into as deep of a hole as possible because they know you are on the hook and have no recourse.

So when you do get bitten, even by doing something which seems not to be a big deal, it can bite you VERY hard.

(And yes, I ended up paying the whole bill...)

Re:I wish they wouldn't look at my signature.

Ouch.

To anyone reading: If you ever find yourself getting into a situation like this, remember that verbal conversations mean nothing.

Call the company. Get the name of the person you are speaking to. Follow up with a letter referencing the phone call. Include the name of the person you skpoke with, then date and time of the call. Mail it the same day. Have it delivered certified mail. Keep a copy. Keep your signature notifcation.

You are probably aware now that this would have saved you at least 2,150 of the 2,500 that got charged to you. But as you say, they are willing to take you for a ride when then know you are young and inexperienced.

Their "it needs to work through the system" should be their problem, not yours. But after the fact, you have no proof of what happened.

Hopefully, this will save someone else some money and headache.

No signature

Something i learned while working in retail is write "check id" in the signature block...not everyone checks, but i usually get at least 60% of the people ask me for id...so it would at least slow down someone having a spending spree with my card.

"Check ID" is against policy

The signature on the back of your credit card is NOT for the cashier to compare signatures. It is there as your formal acceptance of your credit card companies policies.

According to the merchant's agreement with the credit card company, cashiers are NOT supposed to accept cards that have not been signed. If they do, the merchant, and not the credit company, is responsible for any fraud.

Some people pay attention

I used to work in the box office at a performing arts center. We took credit card orders all the time, and all of us knew that we had to double-check the signatures. I remember more than one patron being very indignant when I refused to accept a card with "See ID" (or "CID") on the back, or worse yet, no signature at all.

"Can I just sign the card now?"
"I'm sorry, but I have no way of verifying your signature then."
"But nobody else ever cares!"
"I'm afraid that we do."

It's times like that that a boss who backs you up is a very, very helpful thing. (We would still take a different, and signed, credit card from them. We weren't total jerks!)

Re:pay attention

If you do not take cards with CID on the back, It will be only a matter of time before you are reported to VISA/Discover.

VISA (I don't know about Discover) *specifically* says not to write "see id" on the back. The card isn't valid.

Our bank has little notes up saying that a card with "see id" is invalid.

Re:Some people pay attention

I was a clerk in a video store and a cashier at a department store while working my way through school. I would check all Credit Card signatures. Credit cards were required for membership at the video store, most people would pay cash for the rentals.

I confiscated 3 or 4 cards and destroyed them while a cashier after getting "Please Call" back instead of an authorization.

I never caught a bad signature (a couple missing signatures, I would check the Driver's license and look at that signature and photo and tell the person to sign the card later)

I would occasionally get a customer that did not want me to bother checking signatures and one guy belittled me while I was checking. "Oh, now you are a handwriting expert. Oh, how secure." etc etc.

I told him it was better for him that I at least try to catch forgers.

Not really useful to the discussion but that guy still bugs me when I think about it. I was trying to protect his credit not inconvenience him. No wonder clerks don't bother to check.

Re:Some people pay attention

You don't have driver's licenses with signatures??? If you *do* (and I don't know what state doesn't) then you are just an arrogant idiot who is doing nothing to protect the credit card company or the credit card user or your company. Freaking power trips: "but I have no way of verifying your signature then". How the heck do you know that the card wasn't signed by the crook when you *weren't* being a prick? The customer wants to back it up with ID and you tell them no.

Personally I write both See ID and a signature because I want the signature on the card to match the signature on the ID. Do you bother to honor that request? Or are you just a prick for the sake of being one?

no sig required!

At my local starkbutts, I bought a pound of coffee and waited for the pen. and after an awkward pause, was told by the cashier that no signature was required any longer for purchases under $25...she was not even going to give me anything to sign.

I did not feel comforted by that...my stolen wallets have always been used to by gas because of the no-signature-pay-at-the-pump option. anyone else encountered this?

Re:no sig required!

At my local starkbutts, I bought a pound of coffee and waited for the pen. and after an awkward pause, was told by the cashier that no signature was required any longer for purchases under $25...she was not even going to give me anything to sign.

No-signature is an option that merchants pay extra for. It's not some starbucks thing.

Anyway, do you REALLY think that if someone stole your card that they would encounter any difficulty in just scribbling your initials and a couple squiggles? Do you also think the CC company will discover the signature mismatch and invalidate your card right there?

Think of it this way: you're not giving the cashier a sample of your signature.

I did not feel comforted by that...my stolen wallets have always been used to by gas because of the no-signature-pay-at-the-pump option. anyone else encountered this?

No, because I actually reported my card missing.

My solution

I figured this out when I got my first credit card. If you sign your card, they will never look closely enough at it.

A friend of mine told me that writing "See Identification" in the signature block on a card would work. It sometimes did, but even then merchants would "compare" my signature and OK it. I tried writing "SEE IDENTIFICATION" in large letters with a black Sharpie. Worked better, but not entirely.

I finally came up with a permanent fix, that has yet to fail me:

When I get a new credit card, on the back Signature area I take a black Sharpie and draw X's over the entire signature area. That forces the clerk to ask for ID. It works EVERY TIME. The only time it hasn't worked is when the clerk doesn't bother checking, but there's little you can do about that other than make a scene or report them to their manager. Besides, in some places (maybe all) a signature is not required for purchases $20.

Re:My solution

What is a signature? Is it not just a unique, identifying mark? Could not "Please See ID" be just as good of a signature as "John Doe"?

make vendors responsible for fraud....

If I were running the credit card companies, I would hold the vendors responsible for any loss due to fraud that was a result of their NOT checking signatures and ID's.
THAT would put a stop to that.

see, thats why

your credit card company would not make any money.

1)the signature is an agreement to pay what you charge, nothing more. The security aspect was added on later as a 'feel good' measure.

2)They(the stores) make more money this way. it's quicker, which means more purchases.

The credit card bean counters look at this every year, they make more money not pissing off the stores then they would with more secure transactions. Now, if somebody comes up with a secure way of doing business, that doesn't slow the transaction and the customers don't mind the credit card companies would implement it.

See ID

The safest thing to write is 'See ID'.

Well, it's safe because it forces them to check the ID of the card's user, and it's funny because you can really tell if they care or not, since maybe people check it 1/10 of the time.

Of course, someone could still buy gas, order online/over phone with it., etc.

Argh!

Writing 'See ID' on your card is an excercise in retardedness more than anything else.

The signature panel is not there to prove your identity... its there to show that you agreed to the terms of the cardmember agreement. (ie you agree to pay) It has NOTHING to do with your card's security.

When you sign a credit card draft, it says something to the tune of "I agree to adhere to the terms of the previously agreed to cardmember agreement". Your signing the card signals that you agreed to adhere to that agreement.

Its an outdated and silly mechanism that still exists because the precise meaning of electronic signatures still varies in some jurisdictions.

My Father's Method

Instead of signing the back of his credit cards, my dad writes "Ask for photo ID". If they don't, he asks them calmly if the signatures match. If the cashier says yes, he asks to talk to their supervisor. He doesn't make a big fuss out of it most of the time, and tends to joke around with the cashiers more than make them feel bad, but it gets his point across. He also praises those cashiers that do actually ask for photo ID.

I like it because it has the net effect of making cashiers more likely to check ALL signatures, not just his.

Re:My Father's Method

Instead of signing the back of his credit cards, my dad writes "Ask for photo ID". If they don't, he asks them calmly if the signatures match. If the cashier says yes, he asks to talk to their supervisor.

Being on the other side of that, it seems some customers like to play a retarded "I'm better than you" game with it. Often, they'll hand me their credit card and then about 1/2 second later say, "You didn't ask for my ID! Didn't you look at the back of the card? What's this world coming to!" This is invariably before I've even had a chance to turn the card over.

Since I'm not just a lowly paid cashier, but actually own the store, I can guarantee you I check people's signatures and ask for ID. I don't want to get stuck with a chargeback!

Impossible to Forge!

I've come up with the ultimate 'Impossible to Forge' signature:

I DO IT DIFFERENTLY EVERY TIME!

Not as bad as you think

Sure, it's probably too easy to use someone else's credit card without their permission. But remember that the transactions are not settled until long after the swipe (say, a month). Credit cards, evil as they are with their obscene interest rates, do offer substantial protection for consumers and in case of fraud you have recourse without having to pay a cent.

For example, if someone else purchases something with your card (fraud) you can call up your credit card company and indicate that you did not conduct this transaction, and that the merchant does not have your signature on file. They will check and see, indeed, the signature is not available.

Another example (a bit off topic but still interesting) is when the Canadian discount airline, Jetsgo, suddenly went bankrupt. They were even selling tickets to passengers the day before they shut down operations. AFAIK, people who bought their plane tickets by credit card had their transactions cancelled because they were not / could not be provided the product or service they paid for. There was no legitimate sale.

Best Buy

Best Buy is the only place that has ever checked mine.

The card is about 3 years old, the signature has worn off completely, and I can't resign it (so far no pen seems to write on the mangled signature panel). So they always check my ID.

But what's the point anyway? I can go online and spend thousands of dollars with no verification, so what is the point of checking my ID in store?

My Story

Okay, I'm sure that everyone has stories about how useless they are, but I'll share mine.

A month or two ago, checking out in the grocery store line, I got a new clerk. When I swiped my card, the person training her told her to check the card. I was using my wife's card with her name on it and it wasn't even signed. The clerk proceeded to take the card, she examined the front carefully and then examined the back. Then she handed the card back with a smile as if to say, "Yep. It's a real credit card alright."

Worthless.

Google Cache..

http://64.233.167.104/search?q=cache:0NXYo63xW3QJ: www.zug.com/pranks/credit_card/

Retail management perspective

I work twice a week at a large-chain record store. We've all be instructed, repeatedly, to check for the signatures. As a low-level manager there, I make damn sure the store associates are doing it.

We won't take a card without a signature on it, or process a transaction for someone whose name doesn't appear on the card (including family). While we check to see if the signature matches, we generally WON'T generally call someone out on a signature that looks different, unless the purchase is unusually large. If we have a suspicion that someone is using a card fraudulently, we notify our managers, who then notify our corporate office and mall security.

We're not in the business of accusing people without air-tight evidence, because it's bad customer service. Once the appropriate parties have been notified, we and others in our chain keep an eye out for the potential offender and look for more blatant signs of theft or theft of services.

Chip and Pin

Here in the UK we're now moving to Chip and Pin which is a great idea if it wasn't for the fact that the idiots who designed the machines didn't consider the fact that someone might be looking over your shoulder.

As such, you get this box thrust into your hands and you're asked to type in your PIN in full view of all the people around you.

Sometimes you can cover it up with the other hand, but this gets a little difficult if you are actually holding the machine with one of those hands.

Unsurprisingly Chip and Pin fraud is still climbing [thisislondon.co.uk] although the banks are spinning it by claiming it would be worse if we didn't have it. Hardly the end to card fraud that they originally claimed.

The other way around

My uncle had his -signature- denied on a formal paper (I think it was for a loan/morgage on his house ; Something financial);
His signature excists of yer normal scribble, but the O in his name, has a smiley face (he's very consistent with that :) ).
When the bank noticed his signature they said they could not allow it, and wanted him to re-sign.
After he showed various ID on which his autograph -did- have that smiley, and they -still- wouldn't want to accept it, he turned to another bank, where they did not give him any slack.

Some things to consider

I know everyone in concerned about credit card security, but please consider:

1 - Don't just write "see id" on the signature line of your card. Most people don't realize that credit cards are transferable. That is why they almost always contain the phrases "NOT VALID UNLESS SIGNED" and "AUTHORIZED SIGNATURE". If you fail to sign your card, then the person who steals it will just sign it for you. It doesn't matter if the signature matches the name on the front of the card. It only matters if the signature on the back matches the signature on the receipt. If writing "see id" on the back of your card makes you feel safer, great, but please remember to also sign the card.

2 - If you want someone to check your ID when you sign your card, please hand it to the cashier with your credit card.

3 - The security of your credit cards is primarily your concern not the concern of the cashier. I assure you that someone who refuses payment to some yuppie that forgot their driver's license would almost assuredly be reprimanded when that same person calls in to complain. And they WILL complain. People are not reasonable. YOU may be, but trust me, not everyone is as understanding as you are.

Cheers!

-Pointed Stick

Corporate Policy Not To Check

A few years back a thief broke into our van while we were at the beach with my parents. We didn't notice the theft until later that afternoon(only the credit cards were stolen). On one card the crooks racked up nearly $15K in less than 15 minutes at Dillards. We met with the Dillards manager the next day only to be told that their corporate policy it to not check ID or validate the signature.

VISA Checked Our Signatures

My girlfriend is in a wheelchair, and many of the places that have the 'swipe your own card' machines are placed too high for her to reach. She gets me to sign her name and while I felt it rather ridiculous that no other method existed for her to sign her own card, I still complied.

But instead of signing her name, I just wrote things like "she can't reach" or "this is dumb".

A month or two after we received a phone call from VISA who questioned her on all these 'signatures' and wondered why they didn't match, and why she wasn't signing her name.

They were polite, but asked that her actual name be used from now on.

See ID

A friend of mine told me that writing "See Identification" in the signature block on a card would work. It sometimes did, but even then merchants would "compare" my signature and OK it.

A lot of people have talked about writing "See ID" on the back of the card for the merchant to check. I've dealt with this before, and if the merchant is following the proper procedures (visa here) [visa.com], they should make you sign the card before they will accept it. The US Postal service will not accept it at all [usps.com].

So this should only be a one-off for people who do it, although from my experience and most of the reports here it seems that very few places follow through on this even if they check.

As for the main question, are the sigs useless? Well no, they're not foolproof but act as a line of defense which makes fraud a bit harder, puts off some people from trying it and maybe gets some fraudsters caught.

Let's face it.

Say you lost your signed credit card and some nefarious type found it. With about 2 minutes of practice they would be able to forge your sig good enough to get by the minimum-wage-high-school-attending cashier so why bother with this lame security device from our distant past. Another reader mentioned signing onto a screen which does not seem to check your sig against any database but makes it easier to store I guess. If the stores can roll out this technology then there should be nothing standing in the way of biometrics. Im currently typing this on a ThinkPad T42 with a fingerprint reader and it works great so to me it would seem that the technology is ready for prime-time. Maybe using bio-metrics and having a picture card backup if the biometrics fails to match would be the answer.

Not SUPPOSED to be a security feature!

The signature on the back of the card is your acknowledgment of the credit card CONTRACT. It's not a security feature. I don't think it was ever supposed to be a security feature. The reason companies are supposed to refuse your card if you haven't signed it is because that means you haven't accepted the credit card contract, meaning that legally you're not allowed to use the card.

Read the fine print in your credit card contract; I did. That's what the signature is there for. That's ALL it's there for.

Re:Not SUPPOSED to be a security feature!

There you go, ruining a perfectly good whine-fest with these tacky "facts."

Mirror

Mirror can be found at nyud.net [nyud.net]

I had my card swapped with someone else's.

One day in a shop I went to pay for a purchase and noticed that my credit card had changed form VISA to MasterCard! On closer examination, I discovered that I had someone else's card. Apart from the user name and the logo it looked just like mine.

My card was missing so obviously it had been switched during some previous transaction. I checked back through my receipts and found, to my amazement, that I had paid for a weekly supermarket shop, a tank of petrol and a small car repair on this other guy's card.

The purchase before had been for a meal on a train home from work a few nights before. On the train they have the habit of collecting several payments at a time and taking them into the kitchen to process. I had been sitting opposite a gentleman at the table and guessed it may have been him.

I live in East Anglia and get off the train at Diss, the stop before the end of the line so I knew this chap would have to get off in Norwich. From there he could have boarded another train or drove off into the countryside. Luckily, when I checked directory enquiries, there was one listing Norwich phone book with his surname and initials. I phoned him up and asked if he had my card in his wallet - he did! What's more he had made three purchases on my card.

I drove to him and we swapped cards. We waited for the statements to arrive and I ended up sending him a cheque for about 30 pounds.

A lucky escape - it's a good job we were both honest. After my experience I'm not really surprised to hear about signatures not being checked. I can understand how it might happen in shops where they know me but all my purchases were not. Here in the UK Chip & PIN is being introduced so that should prevent a similar thing happening. But I always check my card carefully when I get it back now.

Useless on a bearer instrument

For those of you who are afriad of someone stealing your card and making unauthorized purchases, you can rest easy. The credit card companies have been able to detect fraud at the time of purchase for quite a while now. Ever since they felt comfortable enough to offer everyone "zero liability".

First off, the cashier at your local WalMart isn't a handwriting and signature analysis expert or an identity expert. They aren't expected to be. The credit card companies realized this a long time ago. Strangely enough, if your card is stolen and the clerk compared the signature, the store becomes liable for the fraudulent purchases.

A Visa or MasterCard is what's called a bearer instrument. It's the same as having cash. If I handed you a $20 bill to pay for something, you wouldn't ask for ID. The same rule applies to Visa and MasterCard. They're all three bearer instruments.

On the other hand, AMEX is an owner instrument. Only the owner of the card is allowed to use it. IIRC, Diners' Club is the same way. You must be the owner of the card. If you have an AMEX, and your spouse is on the same account, you will each have your own card with your own name on it, and IIRC a different number assigned to the same account.

Using an owner instrument is a little more tricky. In that case, the cashier should make a cursory check to see if the signatures match, and may ask for ID, however, much more than that is placing liability back on the store instead of the Loss Prevention department of the bank or credit card company.

A few years ago, I was sitting at home and got a call from Nike Online. Within about 10-15 seconds of that call, I had a call from Visa Loss Prevention on call waiting. Someone had stolen my Visa number and attempted to use it to buy a lot of Nike stuff from the online store. Both Nike and Visa caught the fraudulent purchase at the time of sale. They were able to get in touch with me, the local police department, and set up a sting to get the thief. I wasn't charged anything, and had only a minor problem while I waited for my new card to arrive since they had to kill the old number (which sucked as I had just memorized it and the code on the back).

Checking IDs is just as bad as airline security. It does nothing to actually prevent crime. It just gives the underinformed a (false) sense of security.

Re:Useless on a bearer instrument

On the other hand, AMEX is an owner instrument. Only the owner of the card is allowed to use it. IIRC, Diners' Club is the same way. You must be the owner of the card...

Amex cards say right on them that they are not transferrable. This saved my butt a few years ago.

My card was due to expire, and my new card hadn't shown up yet. About the time I was starting to wonder I had a call from American Express. Had I received my card? No. Did I live alone? Yes. And a bunch more such questions.

It turned out that somebody had stolen my card from the mail and had gone on a shopping spree. I asked, very specifically, what my liability was, and they said zero, because the merchants hadn't verified the identity of the person who had used the card, and it was abundantly obvious that the name on the card and the person using it didn't match.

My bill was interesting that month. About 20 pages of charges, then 20 more pages of refunds for fraudulent charges.

...laura

Risk categories

According to Robin (my partner and accountant, who is a CPA), the merchant account for our little website has two different "discount" rates (the portion of the sale that the bank takes).

One rate is for phone or internet orders, and the other is for in-person (cardholder present) sales. Sales without the cardholder present are a higher risk, and the bank charges the merchant (or at least in our case) a higher fee per transaction. I really don't pay attention to what the fees are anymore... there is little we can do about it, so time and energy is better spent trying to increase sales rather than worry about small, unavoidable fees.

Again, according to Robin, the card swipe through the terminal proves that the physical card was present, and the signature proves that the customer was present, saw and accepted the goods. These are factors that, on average over the sum of all transactions, significantly reduce risk. That is why they are important. It is this overall trend that matters to banks and the credit card processing clearinghouses.

Now, in the IT/computer security world, there's a tendancy to think of potential weaknesses, how to exploit them, and how to design countermeasures... roughly in that order, and in this case the first two. Valuable as this is, the constructive approach is to apply creative throught towards improvement, rather than cynical dismissal (common of slashdot comment posters) of the importance of a signature because most clerks don't check.

In fact, the truth is that on average, in-person transactions with a card swipe and signature carry a lower risk of fraud. Perhaps that risk would be even lower if most clerks checked the signature more closely, but even with the reality of today's environment, the card swipe and signature do indeed result in lower risk of fraud, which is passed on to the merchant as a lower fee.

Better way: DO NOT USE!

I stumbled onto the best way to get cashiers to check ID. I had an account that I maxxed out for an 18 month 0% deal. I wrote 'DO NOT USE!' on the front in sharpie to make sure I wouldn't accidently charge something and go over the limit. When the 0% was over and I paid off the balance, I started using the card. Almost everyone noticed it and asked that I show ID. A few people were a bit rude about it, but I just mention that I put it there because of lazy cashiers who don't bother to do their damn job, and it shuts them up quick.

Signature not intended for authentication...

As others have noted, if you read the card holder agreement, the signature on the card accepts the terms of the that agreement. If you read your receipt, the signature on the receipt signifies that you agree to pay the retailer the sum charged. I do not think authentication is mentioned anywhere. So, this is my problem with credit cards and debit cards used as credit cards: there is no authentication at the time of purchase. I would like to see broad deployment of "smart" credit cards in the US. I am not a cryptographer, but I think a credit card purchase should depend on at least the following: the holder knowing a secret (PIN?), the card knowing a separate secret, the card issuer knowing a third secret, and an algorithm that ties the secrets together. That way, there is some hope of proving that the relationship between the three entities is valid at purchase time. The current system only works, because there is such massive indemnification (no responsibility for unauthorized purchases over 50.00). The indemnification does not keep fraud down; it only foists the cost of fraud onto the retailers who then raise their prices to cover themselves.

My .02.

-ghostis

Hell*Mart

When Ninja Gaiden came out for the XBox, I headed over to the local Wal-Mart to grab me a copy. Taking it over to the register, the upitty cashier first demanded proof that I was 17 (I was 21 at the time and have always appeared older for my age. Example: At my sister's 15th birthday dinner, when I was 13, the waitress handed me the wine list.). Upon being begrudgingly satisfied by my driver's license, we went through the purchase. When I handed him the receipt, he literally took the credit card back out of my hand and compared my signature on the back to my signature on the receipt. "Ummmm...ok, I guess it's close enough. But try to do it better next time or I won't sell it to you."

It's the closest I've ever come to outright decking a store employee. Jump through hoops to get your signature checked? Nah, just find the newly promoted manager at Hell*Mart.

Checking for ID

I received a $200 Visa Gift Card for XMas this year. The name on the front says "Guest Card Recipient". I signed the back with my normal signature. When I buy stuff with it, I was invariably asked to see my ID.

• Did they expect my driver's license to say "Gift Card Recipient"?
• When they realized my legal name isn't "Gift Card Recipient", why did they let me buy it?
• (Unrelated question) Why is it that a grocery store will ask to see my ID when making a $3 credit card purchase, but I've NEVER been asked to see ID at a restaurant, even though I can charge hundreds of dollars at a restaurant.