Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
It's funny.  Laugh.

Credit card signatures: Useless? 1067

Posted by Hemos
from the yep-and-you-betcha dept.
SpaceAdmiral writes "Everyone should remember John Hargrave's classic Credit Card Prank on Zug. He tried signing fake names on his credit card receipt, and no one seemed to care. But that's nothing compared to The Credit Card Prank, Part 2. Can he draw obscene pictures instead of signing his credit card? Yes, it turns out. Is there any way of getting your signature checked? . . . Yes, it turns out. But you have to do an awful lot."
This discussion has been archived. No new comments can be posted.

Credit card signatures: Useless?

Comments Filter:
  • Starbucks (Score:5, Informative)

    by JohnGrahamCumming (684871) * <slashdot@@@jgc...org> on Monday March 21, 2005 @11:53AM (#12000337) Homepage Journal
    Starbucks doesn't bother to ask for a PIN or signature under $20: http://www.boston.com/business/articles/2004/08/18 /swipe_hype_debit_the_small_stuff/

    John.
  • No signature (Score:3, Informative)

    by Momoru (837801) on Monday March 21, 2005 @11:56AM (#12000377) Homepage Journal
    Something i learned while working in retail is write "check id" in the signature block...not everyone checks, but i usually get at least 60% of the people ask me for id...so it would at least slow down someone having a spending spree with my card.
  • by dsginter (104154) on Monday March 21, 2005 @12:01PM (#12000464)
    The credit card companies actually advertise this as a feature. Hasn't anyone seen the "Visa Check Card" commercials?

    "Thanks, but I'll have to see some ID."

    That's their sole "feature" - that credit cards are less secure than checks. And the percentage that they siphon from the credit card / direct check transaction goes to cover any fraud.

    So I fail to see how this is an issue. If someone uses my card fruadulently, then I get reimbursed. That is a lot easier than fooling around with checks from a consumer standpoint. From a business standpoint, it is a ripoff because the cost of credit card / direct check transactions *could* be lower.

    In the end, the banks don't even make an effort to catch small scale fraudsters. At one point, I helped a friend do just that but we were displeased to find that the bank and police did not care when we showed them our findings.
  • by MyLongNickName (822545) on Monday March 21, 2005 @12:02PM (#12000471) Journal
    Since the U.S. federal government limits my liability to $50 for someone fraudulently using my credit card, and all of my credit card companies waive even that, I don't care who uses my credit card.

    Not entirely true. If it can be shown that your negligence contributed to the fraudulant usage of your card, you can be held liable. Granted, you have to really be careless for this to ever be an issue.

    For example, loaning it to your friend to make a purchase. He/she makes other purchases on the card, well... you are screwed. The other common occurence is when you do not report a card stolen right away. Then, you can also be held liable.

    I've heard of very few instances of this ever being an issue. But do not take the limited liablility policy to be an excuse to be careless. It can come back to bite you.
  • by tx_kanuck (667833) on Monday March 21, 2005 @12:03PM (#12000498)
    Hold on....why wouldn't you take a CC with See ID on it? I write that on mine so that people ask for my drivers license, comparing my photo to...well, to me. That plus the name on the CC and the name on my DL.
  • by bigberk (547360) <bigberk@users.pc9.org> on Monday March 21, 2005 @12:04PM (#12000516)
    Sure, it's probably too easy to use someone else's credit card without their permission. But remember that the transactions are not settled until long after the swipe (say, a month). Credit cards, evil as they are with their obscene interest rates, do offer substantial protection for consumers and in case of fraud you have recourse without having to pay a cent.

    For example, if someone else purchases something with your card (fraud) you can call up your credit card company and indicate that you did not conduct this transaction, and that the merchant does not have your signature on file. They will check and see, indeed, the signature is not available.

    Another example (a bit off topic but still interesting) is when the Canadian discount airline, Jetsgo, suddenly went bankrupt. They were even selling tickets to passengers the day before they shut down operations. AFAIK, people who bought their plane tickets by credit card had their transactions cancelled because they were not / could not be provided the product or service they paid for. There was no legitimate sale.
  • Google Cache (Score:1, Informative)

    by killeena (794394) on Monday March 21, 2005 @12:05PM (#12000532) Homepage
    Google cache here..... [64.233.167.104]
  • Re:Almost useless (Score:5, Informative)

    by Neon Spiral Injector (21234) on Monday March 21, 2005 @12:05PM (#12000547)
    In the US if you have a card linked to your checking account, it can be used as a credit or debit card. As a credit card all that is needed is a signature. A debit card is just a fancy name for an ATM card. When the card is processed as a debit card the machine will ask for your PIN. The problem is in debit mode you can be charged foreign ATM fees (by both your bank and the business processing the card). So it is best to just use the card as a credit card when asked, "credit or debit?" There is also nothing preventing the card from being used one way or the other.
  • Google Cache.. (Score:4, Informative)

    by SocialEngineer (673690) <invertedpanda@noSPAM.gmail.com> on Monday March 21, 2005 @12:08PM (#12000601) Homepage
    http://64.233.167.104/search?q=cache:0NXYo63xW3QJ: www.zug.com/pranks/credit_card/
  • by Wordsmith (183749) on Monday March 21, 2005 @12:09PM (#12000611) Homepage
    I work twice a week at a large-chain record store. We've all be instructed, repeatedly, to check for the signatures. As a low-level manager there, I make damn sure the store associates are doing it.

    We won't take a card without a signature on it, or process a transaction for someone whose name doesn't appear on the card (including family). While we check to see if the signature matches, we generally WON'T generally call someone out on a signature that looks different, unless the purchase is unusually large. If we have a suspicion that someone is using a card fraudulently, we notify our managers, who then notify our corporate office and mall security.

    We're not in the business of accusing people without air-tight evidence, because it's bad customer service. Once the appropriate parties have been notified, we and others in our chain keep an eye out for the potential offender and look for more blatant signs of theft or theft of services.
  • Re:Almost useless (Score:2, Informative)

    by Mr. Slippery (47854) <tms AT infamous DOT net> on Monday March 21, 2005 @12:17PM (#12000763) Homepage
    When I used to cashier part time in college I always wished I could reject those cards. "Sorry, SEE ID isn't the cardholder's name. I can't accept this."

    Maybe policy has changed, but currently that is exactly what you are supposed to do. An unsigned credit card should not be accepted. [visa.com]

  • by Caeda (669118) on Monday March 21, 2005 @12:18PM (#12000765)
    So basically your father makes an ass of himself whenever people don't check signatures?

    Nice, real nice.

    Considering you can take the credit card home and wipe the signature off with some water or weak cleaner. Even if it's permanent marker. It's a waste of time for anyone to check the signature to begin with. I stopped signing my cards years ago. It rubbs off the back every 4-6 months anyway. Cashiers that notice always agree it'll just rub off so why bother. It's like they made the perfect perpetually erasable surface on those things...
  • Re:useless (Score:3, Informative)

    by duffbeer703 (177751) * on Monday March 21, 2005 @12:19PM (#12000788)
    The rules of what contract law considers a signature vary depending on the context. Laws have been amended to allow for oral authorization over the phone or digital signatures online.

  • Re:Almost useless (Score:3, Informative)

    by schon (31600) on Monday March 21, 2005 @12:20PM (#12000805)
    what should she do? Take away my credit card?

    Technically, yes.

    If a merchant suspects a stolen or invalid card (invalid as in expired), they are supposed to confiscate it and return it to the issuer. If it turns out that it really was stolen, they get a reward ($75, last time I was in retail.)

    In reality though, they have to weigh the negative effect it would have on their customers - typically unless the credit company tells them to confiscate the card (which does happen), they won't.
  • Photo credit card (Score:1, Informative)

    by Anonymous Coward on Monday March 21, 2005 @12:21PM (#12000816)
    Why don't all companies just use a photo [citibank.com] credit card. I've had one of these cards for over 10 years, and though I have other cards from other companies, I wonder every time I compare these. This photo card must not be used too much since most places that I shop people do a double take on this card and comment that it is a great idea. My photo on it is 10 years old but it's still better than the 10 year old signature that does not look anything like my current one. In addition my signature is also present on the front of the card right below the photo...and of course this one does not rub off.

    Then again, some morons still try to verify the half rubbed off signature at the back of the card and hassle me for a miss match on that.

  • Re:no sig required! (Score:4, Informative)

    by snorklewacker (836663) on Monday March 21, 2005 @12:21PM (#12000822)
    At my local starkbutts, I bought a pound of coffee and waited for the pen. and after an awkward pause, was told by the cashier that no signature was required any longer for purchases under $25...she was not even going to give me anything to sign.

    No-signature is an option that merchants pay extra for. It's not some starbucks thing.

    Anyway, do you REALLY think that if someone stole your card that they would encounter any difficulty in just scribbling your initials and a couple squiggles? Do you also think the CC company will discover the signature mismatch and invalidate your card right there?

    Think of it this way: you're not giving the cashier a sample of your signature.

    I did not feel comforted by that...my stolen wallets have always been used to by gas because of the no-signature-pay-at-the-pump option. anyone else encountered this?

    No, because I actually reported my card missing.
  • by Dark$ide (732508) on Monday March 21, 2005 @12:24PM (#12000861) Journal
    In the UK we don't have photo ID. So when we were signing credit cards there was much more reason to check that the signature on the slip matched the card. Now, we've adopted a much more secure system using a smart chip on the card and entering a four digit pin into the card reader. No more signing slips. They've had this for many years in France and have a much lower incidence of card fraud. This is a good thing. I've never been able to duplicate the signature on the back of any of my cards. It always comes out different on the slip (different surface, different pen, etc.). Chip'n'pin should reduce fraud. So now we're exposed to "card not present" as the new fraud.
  • Re:Not in the UK. (Score:4, Informative)

    by Mr. Slippery (47854) <tms AT infamous DOT net> on Monday March 21, 2005 @12:24PM (#12000862) Homepage
    She politely asks him to sign his card so she can compare signatures. It took him a beat to process the fact that "Yes she's that dumb.", he signed the card, she checked the sigs. and let him be on his merry way.

    Nothing to do with being dumb. A credit card is not valid until signed (it says this by the signature panel on all my Visa and MasterCard cards, though interestingly not on my Discover), and she did exactly what card issuers require merchants to do when presented with an unsigned card. [visa.com]

  • by amstrad (60839) on Monday March 21, 2005 @12:25PM (#12000876)
    The signature on the back of your credit card is NOT for the cashier to compare signatures. It is there as your formal acceptance of your credit card companies policies.

    According to the merchant's agreement with the credit card company, cashiers are NOT supposed to accept cards that have not been signed. If they do, the merchant, and not the credit company, is responsible for any fraud.
  • See ID (Score:3, Informative)

    by Jumbo Jimbo (828571) on Monday March 21, 2005 @12:27PM (#12000916)
    A friend of mine told me that writing "See Identification" in the signature block on a card would work. It sometimes did, but even then merchants would "compare" my signature and OK it.

    A lot of people have talked about writing "See ID" on the back of the card for the merchant to check. I've dealt with this before, and if the merchant is following the proper procedures (visa here) [visa.com], they should make you sign the card before they will accept it. The US Postal service will not accept it at all [usps.com].

    So this should only be a one-off for people who do it, although from my experience and most of the reports here it seems that very few places follow through on this even if they check.

    As for the main question, are the sigs useless? Well no, they're not foolproof but act as a line of defense which makes fraud a bit harder, puts off some people from trying it and maybe gets some fraudsters caught.

  • by sjwt (161428) on Monday March 21, 2005 @12:28PM (#12000924)
    Its because ppl dont check the ID corectly, having worked in hospitality for 7 years we where warned about that and why not to accept it, bascily i pick up your shiny new CC in the mail from your mail box, i write "SEE ID" on back, i then go o9ut and buy a new $5000 plasma tv, and they check my ID, and dont compear the name on the ID to the name on the CC.

  • by HeXetic (627740) on Monday March 21, 2005 @12:28PM (#12000929) Homepage
    The signature on the back of the card is your acknowledgment of the credit card CONTRACT. It's not a security feature. I don't think it was ever supposed to be a security feature. The reason companies are supposed to refuse your card if you haven't signed it is because that means you haven't accepted the credit card contract, meaning that legally you're not allowed to use the card.

    Read the fine print in your credit card contract; I did. That's what the signature is there for. That's ALL it's there for.
  • by TheFlyingGoat (161967) on Monday March 21, 2005 @12:28PM (#12000937) Homepage Journal
    An important distinction to make is that debit cards don't offer the protections that credit cards do. If someone makes a fradulent purchase with your debit card (using it as a "Visa" card), you don't get the opportunity to dispute it.

    See here [clarkhoward.com] for more info.
  • Re:I'm ----- (Score:4, Informative)

    by JPelorat (5320) * on Monday March 21, 2005 @12:29PM (#12000952)
    It's not your signature they take, it's the CC#, exp date, and confirmation code, to use online where no one ever asks for a signature.
  • Re:Almost useless (Score:1, Informative)

    by oliverthered (187439) <[moc.liamtoh] [ta] [derehtrevilo]> on Monday March 21, 2005 @12:32PM (#12001014) Journal
    'Second, the reader doesn't get anything useful off you. This stops magreader thieves from stealing your card info.'

    But lets them take you pin number instead, but that's not usefull is it.

    'Third, you actually need the pin to make it work.'
    See second.

    4 digit pin could probably be read from RF interfrearance with the device as you type the number in, ./ had a story about people doing just for remote keylogging a couple of years ago. (remote as in feet away, not the other side of the planet)
  • Totally useless (Score:5, Informative)

    by DogDude (805747) on Monday March 21, 2005 @12:32PM (#12001016) Homepage
    I run a medium-sized store. The credit card signing IS useless. Why? What do we do with the credit card signatures? Nothing. Absolutely nothing. They get put in a big box, and every so often, they get thrown away. Visa/Mastercard/Amex/Discover makes no requirements on us to do anything with the signatures. The only reason that we could possibly need a signed receipt is if a transaction is fraudulent, and somebody needs proof that they did NOT sign the receipt. And honestly, that's just a guess. Maybe it's buried somewhere in the 100 pages of fine print, but I've never seen it.
    1. Credit card companies don't ask for signatures, even in the case of fraud. It's not worth their time and money.
    2. Neither myself or any of my employees are handwriting experts. Somebody could forge a signature very easily. It ain't rocket science.

    Really, all the signatures for are to provide a sense of security to the tin-foil hat types. In reality, a credit card is as good as cash, but if you lose it, you don't feel the negative consequences. So, while credit card signatures are useless, I readily use mine everywhere without worrying about a signature.
  • by gcatullus (810326) on Monday March 21, 2005 @12:34PM (#12001038)
    Vendors already are TOTALLY responsible for fraud. But the kicker is that even if the signature does match - there is no gaurantee of payment to the merchant. The customer has only to say that the signature isn't theirs and they don't pay, the credit card company doesn't care, they made money off the transaction from the merchant, then they also take the full purchase price back from the merchant.
  • Mirror (Score:4, Informative)

    by Snotboble_ (13797) <aje@snotboblPARISe.net minus city> on Monday March 21, 2005 @12:34PM (#12001039) Homepage Journal
    Mirror can be found at nyud.net [nyud.net]
  • by brauwerman (151442) on Monday March 21, 2005 @12:34PM (#12001049)
    Credit Card companies explicitly tell merchants to refuse cards with "See ID" written on them. I was refused service at a Post Office for this reason.

    As far I as I can tell, the credit card companies WANT to encourage fraud, because (a) they don't pay for it, the vendors do, and (b) advertising fraud-protection (at the vendor's expense) makes them look good. The credit card companies sell the customers on the convenience, and then together the companies and the consumers squeeze the vendors.

  • Re:Almost useless (Score:5, Informative)

    by cca93014 (466820) on Monday March 21, 2005 @12:35PM (#12001056) Homepage
    I'm a Brit that lived in Oz for a year where they had just introduced PIN authorisation (it has the brand name "EFTPOS" over there, which rolls off the tonger very easily, sort of). Anyway, the Aussies saw a dramatic reduction in CC fraud following the roll out of the PIN terminals in stores. I dont remember the exact figures, but they were very substantial - something like 80%/85%.

    Again, I dont remember the exact figures, but the roll out costs in the UK of new cards and new PIN authorisation terminals in stores are going to be recouped by the banks very quickly indeed.
  • by Anonymous Coward on Monday March 21, 2005 @12:39PM (#12001118)
    when a criminal signs a slip of paper during a credit card transaction, that strengthens the case against him; he has actively signed to fraudulantly aquire goods/cash with somebody else's card; if his signature matches the one on the stolen card, then he can not claim to have accidentally used the card (somehow?)

    also, a signature from the customer, during the legitimate use of a card, is proof the customer actually validated the transaction; it stops unethical salesmen

    these are reasons I could come up with quickly; there are probably many more examples why signing for goods is useful, and not just a redundancy; signing for something to make a binding contract is based on years, nay, ages of good practise; recently, PIN entry has been introduced to the UK, and this is also superior to pure card swiping with no authentication, and has some advantages and some disadvantages as compared to signing

    GrimRC
  • Re:pay attention (Score:5, Informative)

    by prockcore (543967) on Monday March 21, 2005 @12:47PM (#12001246)
    If you do not take cards with CID on the back, It will be only a matter of time before you are reported to VISA/Discover.

    VISA (I don't know about Discover) *specifically* says not to write "see id" on the back. The card isn't valid.

    Our bank has little notes up saying that a card with "see id" is invalid.
  • by SavoWood (650474) on Monday March 21, 2005 @01:00PM (#12001449) Homepage
    For those of you who are afriad of someone stealing your card and making unauthorized purchases, you can rest easy. The credit card companies have been able to detect fraud at the time of purchase for quite a while now. Ever since they felt comfortable enough to offer everyone "zero liability".

    First off, the cashier at your local WalMart isn't a handwriting and signature analysis expert or an identity expert. They aren't expected to be. The credit card companies realized this a long time ago. Strangely enough, if your card is stolen and the clerk compared the signature, the store becomes liable for the fraudulent purchases.

    A Visa or MasterCard is what's called a bearer instrument. It's the same as having cash. If I handed you a $20 bill to pay for something, you wouldn't ask for ID. The same rule applies to Visa and MasterCard. They're all three bearer instruments.

    On the other hand, AMEX is an owner instrument. Only the owner of the card is allowed to use it. IIRC, Diners' Club is the same way. You must be the owner of the card. If you have an AMEX, and your spouse is on the same account, you will each have your own card with your own name on it, and IIRC a different number assigned to the same account.

    Using an owner instrument is a little more tricky. In that case, the cashier should make a cursory check to see if the signatures match, and may ask for ID, however, much more than that is placing liability back on the store instead of the Loss Prevention department of the bank or credit card company.

    A few years ago, I was sitting at home and got a call from Nike Online. Within about 10-15 seconds of that call, I had a call from Visa Loss Prevention on call waiting. Someone had stolen my Visa number and attempted to use it to buy a lot of Nike stuff from the online store. Both Nike and Visa caught the fraudulent purchase at the time of sale. They were able to get in touch with me, the local police department, and set up a sting to get the thief. I wasn't charged anything, and had only a minor problem while I waited for my new card to arrive since they had to kill the old number (which sucked as I had just memorized it and the code on the back).

    Checking IDs is just as bad as airline security. It does nothing to actually prevent crime. It just gives the underinformed a (false) sense of security.
  • added crime (Score:5, Informative)

    by flaming-opus (8186) on Monday March 21, 2005 @01:00PM (#12001454)
    the real advantage of credit card signatures is an added criminal charge. In a lot of states using someone else's credit card to buy $1000 worth of stuff amounts to petty theft, and is only grand larceny if you steal a certain monetary value from a single party. Thus the prison terms are often very short. However, if you sign the line, it's fraud, which is usually a felony.
  • Re:Totally useless (Score:3, Informative)

    by Shadow99_1 (86250) <.moc.liamg. .ta. .99wodahseht.> on Monday March 21, 2005 @01:02PM (#12001481)
    I figured I should probably point this out, but for me to attempt to tell the bank a purchase using my bank provided credit/debit card (ie the ones that work eitehr way) wasn't done by me. First I have to contact however did the charge (ie whatever company it was), if they are unwilling to assist me in gettign my money back I can then go to the bank. The bank then _requires_ the company that did the transaction to send them proof (via signed receipt) for the transaction. If they can't I eventually get my money back.

    I've had to do this before when some ex-roomates seem to have gotten my card numbers and to annoy me they started using them to buy things online. Well obviously no one online has a signed receipt and I got my money back, but in your case you are a bussiness and if you ever are in this situation you do need to have prrof available. That or you'd lose money each time it happens.

    Where I work we keep digital copies mostly, the ones that can't be captured digitally are done on paper still. Digital copies are kept forever at the corporate office, if I wanted to I could look up anything I've ever signed for digitally here. Physically ones are kept for 3 years, after which they are sent to corporate and I really have no idea what they do with them.

    So as a bussiness these can be ver very important to have, but yes they don't do much of anything for most people...
  • by Anonymous Coward on Monday March 21, 2005 @01:02PM (#12001487)
    True to SlashDot form, apparently no one has bothered to actually check the rules, so I present from the following: Merchant Rules [mastercardmerchant.com]

    2.1.1.2 Determine if the Card is Valid
    The card acceptor must complete the following steps to determine if each card
    presented is a valid MasterCard card:
    • Check the valid date and the expiration date on the face of the card. If the
      card is not yet valid or expired, the card acceptor must obtain an
      authorization from the issuer.
    • Check the Electronic Warning Bulletin or international Warning Notice(s).
      If the account number is listed, the card acceptor must not complete the
      transaction without obtaining an authorization from the issuer.
    • Compare the four-digit truncated account number imprinted in the
      signature panel with the last four digits of the embossed account number
      on the face of the card.
    • Unless a hybrid terminal is used, compare the embossed account number
      on the face of the card with the number displayed or printed from the POI
      terminal.
    • If a photograph of the cardholder is present on the card, compare the
      photograph on the card with the person presenting the card.
    • Check that the card is signed.
    • For unique transactions processed in a face-to-face environment (with the
      exception of truck stop transactions and card-read transactions where a
      non-signature CVM is used), request personal identification of the
      cardholder in the form of an unexpired, official government document.
      Compare the signature on the personal identification with the signature on
      the card.

    2.1.1.3 Unsigned Cards
    If the card is not signed, the card acceptor must:
    • obtain an authorization from the issuer, and
    • ask the cardholder to provide identification (but not record the cardholder
      identification information), and
    • require the cardholder to sign the card.
      The card acceptor must not complete the transaction if the cardholder refuses
      to sign the card.
  • by Anonymous Coward on Monday March 21, 2005 @01:04PM (#12001514)
    Apperently if you did run Visa or Mastercard you would already know that all fruad to sent back to the merchant in the form of a chargeback. This chargeback process usually takes 90 days to complete for the merchant to dispute. If the merchant can prove that the customer recived the goods or service then the chargeback is dropped and the customer is left with the bill (IE son or daughter stole daddy's credit card the customer would have to file charges against them).

    The reason why merchants like starbucks and whatnot do not require you to sign if the order is under 20 dollars is because it would cost more to dispute the chargeback with a valid signature than it is to just give the person their $6 coffee back.

    A quick google search found this site that is very informitive. http://www.sitepoint.com/article/chargeback-challe nge [sitepoint.com]
  • you need to get a different bank. My bank (USAA) not only doesn't charge me for every ATM transaction at a foreign terminal, it reimburses me for charges made by those foreign terminals (up to a certain dollar value per month). I believe ING does this as well. Both of these banks have the drawback that they don't have a brick-and-mortar presence, but I think that, in USAA's case at least, it is more than mitigated by all of the pluses. Another big downside for USAA (to you, probably) is that it only accepts certain types of customers. ING is all-inclusive, I believe, but I know far less about ING.
  • Risk categories (Score:3, Informative)

    by pjrc (134994) <paul@pjrc.com> on Monday March 21, 2005 @01:14PM (#12001675) Homepage Journal
    According to Robin (my partner and accountant, who is a CPA), the merchant account for our little website has two different "discount" rates (the portion of the sale that the bank takes).

    One rate is for phone or internet orders, and the other is for in-person (cardholder present) sales. Sales without the cardholder present are a higher risk, and the bank charges the merchant (or at least in our case) a higher fee per transaction. I really don't pay attention to what the fees are anymore... there is little we can do about it, so time and energy is better spent trying to increase sales rather than worry about small, unavoidable fees.

    Again, according to Robin, the card swipe through the terminal proves that the physical card was present, and the signature proves that the customer was present, saw and accepted the goods. These are factors that, on average over the sum of all transactions, significantly reduce risk. That is why they are important. It is this overall trend that matters to banks and the credit card processing clearinghouses.

    Now, in the IT/computer security world, there's a tendancy to think of potential weaknesses, how to exploit them, and how to design countermeasures... roughly in that order, and in this case the first two. Valuable as this is, the constructive approach is to apply creative throught towards improvement, rather than cynical dismissal (common of slashdot comment posters) of the importance of a signature because most clerks don't check.

    In fact, the truth is that on average, in-person transactions with a card swipe and signature carry a lower risk of fraud. Perhaps that risk would be even lower if most clerks checked the signature more closely, but even with the reality of today's environment, the card swipe and signature do indeed result in lower risk of fraud, which is passed on to the merchant as a lower fee.

  • Re:Almost useless (Score:5, Informative)

    by Cyhawkalewagee (854711) on Monday March 21, 2005 @01:20PM (#12001779)
    Thats slightly incorrect. Having my wallet stolen now a total of 5 times in the last 5 years. (Why, why does it happen to me) I can tell you from fact, that if you have a Bank of america, or washignton mutal debit card, you CAN request them to deactivate all credit purchuses on your card. (its literly one menu-driven command once they are inside your account) Then, if your card is ever stolen, the moment the credit transaction takes place, its flagged, and I get a call. Last time, they caught the person within 30 minuites of trying to use my card. (She tried it in 5 places) So yes, it is possible just to use the debit part only.
  • Re:Almost useless (Score:4, Informative)

    by cortana (588495) <{sam} {at} {robots.org.uk}> on Monday March 21, 2005 @01:21PM (#12001781) Homepage
    Since January 1st 2005 (I think), shops that accept signatures are held liable for fraudulant transactions by the card issuers, so there is an incentive for shops to move over to the new system.
  • by MyLongNickName (822545) on Monday March 21, 2005 @01:39PM (#12002061) Journal
    Ouch.

    To anyone reading: If you ever find yourself getting into a situation like this, remember that verbal conversations mean nothing.

    Call the company. Get the name of the person you are speaking to. Follow up with a letter referencing the phone call. Include the name of the person you skpoke with, then date and time of the call. Mail it the same day. Have it delivered certified mail. Keep a copy. Keep your signature notifcation.

    You are probably aware now that this would have saved you at least 2,150 of the 2,500 that got charged to you. But as you say, they are willing to take you for a ride when then know you are young and inexperienced.

    Their "it needs to work through the system" should be their problem, not yours. But after the fact, you have no proof of what happened.

    Hopefully, this will save someone else some money and headache.
  • Re:Not in the UK. (Score:3, Informative)

    by psychofox (92356) on Monday March 21, 2005 @01:46PM (#12002162)
    If you read the page you linked to, it says

    "Request a signature. Ask the cardholder to sign the card and provide current government identification, such as a driver's license or passport (if local law permits)."

    So she certainly did _not_ do exactly what she was supposed to.

  • Re:Argh! (Score:3, Informative)

    by Politburo (640618) on Monday March 21, 2005 @01:47PM (#12002178)
    The signature panel is not there to prove your identity... its there to show that you agreed to the terms of the cardmember agreement. (ie you agree to pay) It has NOTHING to do with your card's security.

    While this makes some sense on its face, and may be what the CC companies say, it doesn't make sense in reality. Why? The back of my MC states: "The holder's use of this card constitutes agreement to the terms and conditions imposed by the Bank." Why does one need to sign it to agree if simply using does the same?
  • Re:Almost useless (Score:3, Informative)

    by Jherek Carnelian (831679) on Monday March 21, 2005 @01:48PM (#12002182)
    I write in "SEE ID" and then my signature next to it on my credit cars. I then say thank you to the cashiers who check my ID.

    Then you should also say "thank you" to the cashiers who confiscate your card. They are the ones who are actually following the terms of their merchant agreement.

    You see, the signature on the card is not meant as proof of identity. It is meant as proof of contractual agreement. As in you've signed the contract which requires you to pay for charges made with the card under the terms spelled out in little tiny print on that document that came with the card.

    Thus, if there is anything other than a signature in that box, the contract is void and so the merchants are required to confiscate it and certainly should not be allowing you to use the card to make purchases since you are not legally bound by the contract.

    That should also explain why the merchants require that you sign an unsigned card and then let you use it. Not that most register peons are going to know the "why" behind the rules, they just follow them, probably because their managers don't understand them either.

    Technically, as long as you have signed your card, it should be usuable by anyone whom you have authorized to use it. Thus this recent trend towards verifying signatures is misdirected. Anyone who has been authorized to use the card by the owner can legally do so, and thus should sign with THEIR name, not forge the card holder's name. But, just try explaining THAT to a register peon...

    You may disagree with this policy, but it is in the contracts that both the merchants and the cardholders have agreed to.
  • Re:Starbucks (Score:3, Informative)

    by truthsearch (249536) on Monday March 21, 2005 @02:17PM (#12002542) Homepage Journal
    It actually has little to do with Starbucks. It's MasterCard's policy (i.e. in the contract with each bank) that purchases under $20 don't require authentication. It's up to the vendor if they want to follow that policy. Credit card companies want their plastic to be used in place of cash for every purchase. For tiny amounts it makes little sense unless the plastic is easier to use than paper and coins. So they (along with the banks) cover the cost of fraud under $20 in order to get much more business.

    Similarly merchants are not allowed to deny purchases below a certain amount. Any of those signs "No credit card purchases below $10" are a breach of contract. Merchants don't want to pay the credit card fee for such small purchases, but if they want to allow credit card use at all they must.

    (I used to work for MasterCard)
  • by NotQuiteReal (608241) on Monday March 21, 2005 @02:19PM (#12002564) Journal
    One thing I am begining to notice more - especially at gas stations, is that they ask for the zip code that matches the billing address for the card.

    I have never punched in my zip wrong, since I want to get my gas, not test the theory that it would cause an authorization problem.

    Matching the billing zip to the card might prevent a little fraud - especially at a gas pump which has no signature or even a human attendant. I wouldn't be surprized to see more of it. Lots of places already make the clerk punch in the last four digits, to make sure the embossed number matches the magnetic number, what's another few digits?

  • by keithslater (691128) on Monday March 21, 2005 @02:28PM (#12002694) Homepage
    Sorry, you're completely wrong. That is what the signature is there for, at least according to Visa. http://www.usa.visa.com/business/accepting_visa/op s_risk_management/card_present.html?it=c%7C/busine ss/accepting_visa/ops_risk_management/index.html%7 CCard-Present [visa.com]
  • by mrklin (608689) <ken.lin@gmailUUU.com minus threevowels> on Monday March 21, 2005 @02:39PM (#12002842)
    2 - If you want someone to check your ID when you sign your card, please hand it to the cashier with your credit card.

    I do not think you are getting the point. I can offer my ID to the cashier all I want until the pigs can fly but that is not the point. You think a thief would offer his (or her) ID? I want the cashier to voluntarily want to check my ID for transaction greater than a certain monetary amount.

    Personally, I sign the back of my credit card normally but was arguing as a devil's advocate. However, this conversation has now made me want to sign "This card is stolen!" on my high purchase CC to see that that gets a response.

  • Re:Almost useless (Score:3, Informative)

    by aixguru1 (671173) <aixguru1@unixsystemengineer.com> on Monday March 21, 2005 @02:55PM (#12002997) Homepage
    If they had the extra 4 digits (3 for AMEX cards)on the back stored in the mag stripe that is a big no no to banks. CVV (numbers after your account number on the back) data was originally used so that the old swipe impact 3 part forms would not pick up the numbers. This meant that you would not have all the info that the banks had on the card from the imprint of the card numbers from the front. They often called in the card when making a purchase and read off the CVV data to the bank when making a charge.

    What they typically use that data for now is online orders or "card not present" orders. It's a way to validate when do a "card not present" transaction. Most banks require this now for retailers doing online transactions. There are only two bits of info that should not be stored on the mag stripe. One is the CVV data and the other is your PIN number.

    For those that have access to mag stripe readers, especially ones that use keyboard input, try running your card through and dumping out the data sometime. You will see exactly what is on them (if your reader supports more than track 1 and track 2 reads that is). Last time I did, my AMEX, Discover, and VISA all had my name on there, card number, expiration and a few other numbers noone typically uses for transactions.
  • Re:Almost useless (Score:5, Informative)

    by pfleming (683342) on Monday March 21, 2005 @03:18PM (#12003282) Homepage Journal
    As a merchant who accepts credit cards it amazes me that people think the SEE ID is valid. Just a few days ago someone posted a link [infinitydatacorp.com] that completely rebuffs the SEE ID line.
    • SEE ID is not a valid signature
    • An unsigned card (blank signature line) is not a valid card.
    The card must be signed, period. Merchants who accept these cards are in violation of their contract with the card processing company and can potentially lose their right to accept credit cards. I don't know any that actually have though.
    On the other hand, I have had people with unsigned cards argue with me that they don't sign their cards so a thief can't copy their signature
    I usually advise them that an unsigned card is not valid (it's written right under or over the signature line) and that they will have to sign the card in my presence and provide ID to verify the signature. Otherwise they have to come up with cash or another valid form of payment.
    Perhaps if more merchants actually read the agreement that they sign there would be more protection for the card user. I don't expect it to happen any time soon though, there are still "$10 minimum for credit card purchases" signs (Visa and Mastercard do not allow minimums, Discover does) and merchants who want your phone number before they swipe a card (personal information as a requirement for purchases is a violation of the merchant contract)
    If you really want them to look at photo id, get a card with your photo on it. Otherwise "rules is rules" and they should be followed on both sides.
  • Re:Not in the UK. (Score:3, Informative)

    by Queer Boy (451309) * <dragon.76@mac.cCOFFEEom minus caffeine> on Monday March 21, 2005 @03:23PM (#12003343)
    Fraud is much easier this way for sure and the system of using it like an ID should be changed.

    It has been changed, no company can require that you give them your social security number since about 1999, I don't remember the exact year but I remember when they enacted it. It is for security purposes and also because the number belongs to the government (just as a tax ID) and not the individual. SSN FAQ [networkusa.org]

  • by swv3752 (187722) <`moc.liamtoh' `ta' `2573vws'> on Monday March 21, 2005 @03:31PM (#12003426) Homepage Journal
    Wrong. You have the same fraud protection from Visa as you do from any other Visa CC. The difference is that Visa is not legally obligated to provide this, other than thier contract with you and the bank.
  • by Rudisaurus (675580) on Monday March 21, 2005 @03:50PM (#12003650)
    Really? So why this [visa.com], then? (This has been previously linked to in the discussion above.)

    In particular, check out Step #6 of "Quick steps to Visa Card acceptance":

    6. Check the signature. Be sure that the signature on the card matches the one the transaction receipt.
  • USBank does (or did) (Score:1, Informative)

    by Anonymous Coward on Monday March 21, 2005 @04:25PM (#12004125)
    Wrong. Debit charges placed at POS (point of sale) where you type your pin, you are NOT charged ATM fees. Do you even have a checking account?

    I have a USBank Debit/Check Card and use it all the time as a credit card. When I signed up for the service a couple of years ago, the USBank Rep told me to always hit "credit" at businesses when buying or I would be charged the standard "out of network ATM Processing fee" just like if I was using an ATM machine that wasn't USBank branded.
  • by merlin_jim (302773) <James@McCracken.stratapult@com> on Monday March 21, 2005 @05:11PM (#12004788)
    My girlfriend is in a wheelchair, and many of the places that have the 'swipe your own card' machines are placed too high for her to reach. She gets me to sign her name and while I felt it rather ridiculous that no other method existed for her to sign her own card, I still complied.

    I don't really have anything to add to this except "me too"

    I could walk until last year. As a matter of fact *checks calendar* one year and one day exactly is when the pain started. This is relevant because it's important to me to find ways to be as productive as I used to be. When I reach a credit machine that's too high and/or doesn't tilt; I ask them to print a paper receipt to sign.

    I have yet to be in a place that won't do that if you request...
  • by Anonymous Coward on Monday March 21, 2005 @05:14PM (#12004828)
    -1, Troll. You are incorrect. From your own link:
    If the card has a "See ID" in place of a signature...
    1. Request a signature. Ask the cardholder to sign the card and provide current government identification, such as a driver's license or passport (if local law permits).
    2. Check the signature. Be sure that the signature on the card matches the one on the transaction receipt and the additional identification.
    Proceed to mod down the parent and the jackass that said to mod the parent up.
  • Alright genius... (Score:3, Informative)

    by amstrad (60839) on Monday March 21, 2005 @05:17PM (#12004875)
    ...how exactly was I "completely wrong"?

    here is the text from your link:


    If the card has a See ID in place of a signature

    1. Request a signature. Ask the cardholder to sign the card and provide current government identification, such as a driver's license or passport (if local law permits).
    2. Check the signature. Be sure that the signature on the card matches the one on the transaction receipt and the additional identification.

    If the signatures appear reasonably the same and the authorization request is approved, go ahead and complete the transaction.


    Step one is to ensure that the CARD MUST BE SIGNED in order to ensure that the cardholder has agreed to VISA's policies. So again, what was I wrong about?
  • Re:Almost useless (Score:3, Informative)

    by Soruk (225361) on Monday March 21, 2005 @05:46PM (#12005254) Homepage
    Not quite true. The shops are held liable if they haven't got the means to take the new Chip and Pin cards (and maybe, if a customer requests signature if they don't know their PIN). The shop is not liable if they have the hardware, but the customer has an old-style card.

    (This is from advice given to me by my bank.)

Science and religion are in full accord but science and faith are in complete discord.

Working...