Credit card signatures: Useless? 1067
SpaceAdmiral writes "Everyone should remember John Hargrave's classic Credit Card Prank on Zug. He tried signing fake names on his credit card receipt, and no one seemed to care.
But that's nothing compared to The Credit Card Prank, Part 2. Can he draw obscene pictures instead of signing his credit card? Yes, it turns out. Is there any way of getting your signature checked? . . . Yes, it turns out. But you have to do an awful lot."
Starbucks (Score:5, Informative)
John.
No signature (Score:3, Informative)
Not useless - a "feature" (Score:4, Informative)
"Thanks, but I'll have to see some ID."
That's their sole "feature" - that credit cards are less secure than checks. And the percentage that they siphon from the credit card / direct check transaction goes to cover any fraud.
So I fail to see how this is an issue. If someone uses my card fruadulently, then I get reimbursed. That is a lot easier than fooling around with checks from a consumer standpoint. From a business standpoint, it is a ripoff because the cost of credit card / direct check transactions *could* be lower.
In the end, the banks don't even make an effort to catch small scale fraudsters. At one point, I helped a friend do just that but we were displeased to find that the bank and police did not care when we showed them our findings.
Re:I wish they wouldn't look at my signature. (Score:5, Informative)
Not entirely true. If it can be shown that your negligence contributed to the fraudulant usage of your card, you can be held liable. Granted, you have to really be careless for this to ever be an issue.
For example, loaning it to your friend to make a purchase. He/she makes other purchases on the card, well... you are screwed. The other common occurence is when you do not report a card stolen right away. Then, you can also be held liable.
I've heard of very few instances of this ever being an issue. But do not take the limited liablility policy to be an excuse to be careless. It can come back to bite you.
Re:Some people pay attention (Score:2, Informative)
Not as bad as you think (Score:5, Informative)
For example, if someone else purchases something with your card (fraud) you can call up your credit card company and indicate that you did not conduct this transaction, and that the merchant does not have your signature on file. They will check and see, indeed, the signature is not available.
Another example (a bit off topic but still interesting) is when the Canadian discount airline, Jetsgo, suddenly went bankrupt. They were even selling tickets to passengers the day before they shut down operations. AFAIK, people who bought their plane tickets by credit card had their transactions cancelled because they were not / could not be provided the product or service they paid for. There was no legitimate sale.
Google Cache (Score:1, Informative)
Re:Almost useless (Score:5, Informative)
Google Cache.. (Score:4, Informative)
Retail management perspective (Score:5, Informative)
We won't take a card without a signature on it, or process a transaction for someone whose name doesn't appear on the card (including family). While we check to see if the signature matches, we generally WON'T generally call someone out on a signature that looks different, unless the purchase is unusually large. If we have a suspicion that someone is using a card fraudulently, we notify our managers, who then notify our corporate office and mall security.
We're not in the business of accusing people without air-tight evidence, because it's bad customer service. Once the appropriate parties have been notified, we and others in our chain keep an eye out for the potential offender and look for more blatant signs of theft or theft of services.
Re:Almost useless (Score:2, Informative)
Maybe policy has changed, but currently that is exactly what you are supposed to do. An unsigned credit card should not be accepted. [visa.com]
Re:My Father's Method (Score:2, Informative)
Nice, real nice.
Considering you can take the credit card home and wipe the signature off with some water or weak cleaner. Even if it's permanent marker. It's a waste of time for anyone to check the signature to begin with. I stopped signing my cards years ago. It rubbs off the back every 4-6 months anyway. Cashiers that notice always agree it'll just rub off so why bother. It's like they made the perfect perpetually erasable surface on those things...
Re:useless (Score:3, Informative)
Re:Almost useless (Score:3, Informative)
Technically, yes.
If a merchant suspects a stolen or invalid card (invalid as in expired), they are supposed to confiscate it and return it to the issuer. If it turns out that it really was stolen, they get a reward ($75, last time I was in retail.)
In reality though, they have to weigh the negative effect it would have on their customers - typically unless the credit company tells them to confiscate the card (which does happen), they won't.
Photo credit card (Score:1, Informative)
Then again, some morons still try to verify the half rubbed off signature at the back of the card and hassle me for a miss match on that.
Re:no sig required! (Score:4, Informative)
No-signature is an option that merchants pay extra for. It's not some starbucks thing.
Anyway, do you REALLY think that if someone stole your card that they would encounter any difficulty in just scribbling your initials and a couple squiggles? Do you also think the CC company will discover the signature mismatch and invalidate your card right there?
Think of it this way: you're not giving the cashier a sample of your signature.
I did not feel comforted by that...my stolen wallets have always been used to by gas because of the no-signature-pay-at-the-pump option. anyone else encountered this?
No, because I actually reported my card missing.
Re:Not in the UK. Fixed by Chip'n'Pin. (Score:2, Informative)
Re:Not in the UK. (Score:4, Informative)
Nothing to do with being dumb. A credit card is not valid until signed (it says this by the signature panel on all my Visa and MasterCard cards, though interestingly not on my Discover), and she did exactly what card issuers require merchants to do when presented with an unsigned card. [visa.com]
"Check ID" is against policy (Score:5, Informative)
According to the merchant's agreement with the credit card company, cashiers are NOT supposed to accept cards that have not been signed. If they do, the merchant, and not the credit company, is responsible for any fraud.
See ID (Score:3, Informative)
A lot of people have talked about writing "See ID" on the back of the card for the merchant to check. I've dealt with this before, and if the merchant is following the proper procedures (visa here) [visa.com], they should make you sign the card before they will accept it. The US Postal service will not accept it at all [usps.com].
So this should only be a one-off for people who do it, although from my experience and most of the reports here it seems that very few places follow through on this even if they check.
As for the main question, are the sigs useless? Well no, they're not foolproof but act as a line of defense which makes fraud a bit harder, puts off some people from trying it and maybe gets some fraudsters caught.
Re:Idiocy does not stop there.... (Score:3, Informative)
Not SUPPOSED to be a security feature! (Score:5, Informative)
Read the fine print in your credit card contract; I did. That's what the signature is there for. That's ALL it's there for.
Re:Not as bad as you think (Score:3, Informative)
See here [clarkhoward.com] for more info.
Re:I'm ----- (Score:4, Informative)
Re:Almost useless (Score:1, Informative)
But lets them take you pin number instead, but that's not usefull is it.
'Third, you actually need the pin to make it work.'
See second.
4 digit pin could probably be read from RF interfrearance with the device as you type the number in,
Totally useless (Score:5, Informative)
1. Credit card companies don't ask for signatures, even in the case of fraud. It's not worth their time and money.
2. Neither myself or any of my employees are handwriting experts. Somebody could forge a signature very easily. It ain't rocket science.
Really, all the signatures for are to provide a sense of security to the tin-foil hat types. In reality, a credit card is as good as cash, but if you lose it, you don't feel the negative consequences. So, while credit card signatures are useless, I readily use mine everywhere without worrying about a signature.
Re:make vendors responsible for fraud.... (Score:2, Informative)
Mirror (Score:4, Informative)
"See ID" does NOT work. (Score:2, Informative)
As far I as I can tell, the credit card companies WANT to encourage fraud, because (a) they don't pay for it, the vendors do, and (b) advertising fraud-protection (at the vendor's expense) makes them look good. The credit card companies sell the customers on the convenience, and then together the companies and the consumers squeeze the vendors.
Re:Almost useless (Score:5, Informative)
Again, I dont remember the exact figures, but the roll out costs in the UK of new cards and new PIN authorisation terminals in stores are going to be recouped by the banks very quickly indeed.
signature not useless (Score:1, Informative)
also, a signature from the customer, during the legitimate use of a card, is proof the customer actually validated the transaction; it stops unethical salesmen
these are reasons I could come up with quickly; there are probably many more examples why signing for goods is useful, and not just a redundancy; signing for something to make a binding contract is based on years, nay, ages of good practise; recently, PIN entry has been introduced to the UK, and this is also superior to pure card swiping with no authentication, and has some advantages and some disadvantages as compared to signing
GrimRC
Re:pay attention (Score:5, Informative)
VISA (I don't know about Discover) *specifically* says not to write "see id" on the back. The card isn't valid.
Our bank has little notes up saying that a card with "see id" is invalid.
Useless on a bearer instrument (Score:5, Informative)
First off, the cashier at your local WalMart isn't a handwriting and signature analysis expert or an identity expert. They aren't expected to be. The credit card companies realized this a long time ago. Strangely enough, if your card is stolen and the clerk compared the signature, the store becomes liable for the fraudulent purchases.
A Visa or MasterCard is what's called a bearer instrument. It's the same as having cash. If I handed you a $20 bill to pay for something, you wouldn't ask for ID. The same rule applies to Visa and MasterCard. They're all three bearer instruments.
On the other hand, AMEX is an owner instrument. Only the owner of the card is allowed to use it. IIRC, Diners' Club is the same way. You must be the owner of the card. If you have an AMEX, and your spouse is on the same account, you will each have your own card with your own name on it, and IIRC a different number assigned to the same account.
Using an owner instrument is a little more tricky. In that case, the cashier should make a cursory check to see if the signatures match, and may ask for ID, however, much more than that is placing liability back on the store instead of the Loss Prevention department of the bank or credit card company.
A few years ago, I was sitting at home and got a call from Nike Online. Within about 10-15 seconds of that call, I had a call from Visa Loss Prevention on call waiting. Someone had stolen my Visa number and attempted to use it to buy a lot of Nike stuff from the online store. Both Nike and Visa caught the fraudulent purchase at the time of sale. They were able to get in touch with me, the local police department, and set up a sting to get the thief. I wasn't charged anything, and had only a minor problem while I waited for my new card to arrive since they had to kill the old number (which sucked as I had just memorized it and the code on the back).
Checking IDs is just as bad as airline security. It does nothing to actually prevent crime. It just gives the underinformed a (false) sense of security.
added crime (Score:5, Informative)
Re:Totally useless (Score:3, Informative)
I've had to do this before when some ex-roomates seem to have gotten my card numbers and to annoy me they started using them to buy things online. Well obviously no one online has a signed receipt and I got my money back, but in your case you are a bussiness and if you ever are in this situation you do need to have prrof available. That or you'd lose money each time it happens.
Where I work we keep digital copies mostly, the ones that can't be captured digitally are done on paper still. Digital copies are kept forever at the corporate office, if I wanted to I could look up anything I've ever signed for digitally here. Physically ones are kept for 3 years, after which they are sent to corporate and I really have no idea what they do with them.
So as a bussiness these can be ver very important to have, but yes they don't do much of anything for most people...
From the MasterCard Merchant Rules... (Score:1, Informative)
2.1.1.2 Determine if the Card is Valid
The card acceptor must complete the following steps to determine if each card
presented is a valid MasterCard card:
card is not yet valid or expired, the card acceptor must obtain an
authorization from the issuer.
If the account number is listed, the card acceptor must not complete the
transaction without obtaining an authorization from the issuer.
signature panel with the last four digits of the embossed account number
on the face of the card.
on the face of the card with the number displayed or printed from the POI
terminal.
photograph on the card with the person presenting the card.
exception of truck stop transactions and card-read transactions where a
non-signature CVM is used), request personal identification of the
cardholder in the form of an unexpired, official government document.
Compare the signature on the personal identification with the signature on
the card.
2.1.1.3 Unsigned Cards
If the card is not signed, the card acceptor must:
identification information), and
The card acceptor must not complete the transaction if the cardholder refuses
to sign the card.
Re:make vendors responsible for fraud.... (Score:1, Informative)
The reason why merchants like starbucks and whatnot do not require you to sign if the order is under 20 dollars is because it would cost more to dispute the chargeback with a valid signature than it is to just give the person their $6 coffee back.
A quick google search found this site that is very informitive. http://www.sitepoint.com/article/chargeback-chall
I know this sounds trite, but... (Score:3, Informative)
Risk categories (Score:3, Informative)
One rate is for phone or internet orders, and the other is for in-person (cardholder present) sales. Sales without the cardholder present are a higher risk, and the bank charges the merchant (or at least in our case) a higher fee per transaction. I really don't pay attention to what the fees are anymore... there is little we can do about it, so time and energy is better spent trying to increase sales rather than worry about small, unavoidable fees.
Again, according to Robin, the card swipe through the terminal proves that the physical card was present, and the signature proves that the customer was present, saw and accepted the goods. These are factors that, on average over the sum of all transactions, significantly reduce risk. That is why they are important. It is this overall trend that matters to banks and the credit card processing clearinghouses.
Now, in the IT/computer security world, there's a tendancy to think of potential weaknesses, how to exploit them, and how to design countermeasures... roughly in that order, and in this case the first two. Valuable as this is, the constructive approach is to apply creative throught towards improvement, rather than cynical dismissal (common of slashdot comment posters) of the importance of a signature because most clerks don't check.
In fact, the truth is that on average, in-person transactions with a card swipe and signature carry a lower risk of fraud. Perhaps that risk would be even lower if most clerks checked the signature more closely, but even with the reality of today's environment, the card swipe and signature do indeed result in lower risk of fraud, which is passed on to the merchant as a lower fee.
Re:Almost useless (Score:5, Informative)
Re:Almost useless (Score:4, Informative)
Re:I wish they wouldn't look at my signature. (Score:4, Informative)
To anyone reading: If you ever find yourself getting into a situation like this, remember that verbal conversations mean nothing.
Call the company. Get the name of the person you are speaking to. Follow up with a letter referencing the phone call. Include the name of the person you skpoke with, then date and time of the call. Mail it the same day. Have it delivered certified mail. Keep a copy. Keep your signature notifcation.
You are probably aware now that this would have saved you at least 2,150 of the 2,500 that got charged to you. But as you say, they are willing to take you for a ride when then know you are young and inexperienced.
Their "it needs to work through the system" should be their problem, not yours. But after the fact, you have no proof of what happened.
Hopefully, this will save someone else some money and headache.
Re:Not in the UK. (Score:3, Informative)
"Request a signature. Ask the cardholder to sign the card and provide current government identification, such as a driver's license or passport (if local law permits)."
So she certainly did _not_ do exactly what she was supposed to.
Re:Argh! (Score:3, Informative)
While this makes some sense on its face, and may be what the CC companies say, it doesn't make sense in reality. Why? The back of my MC states: "The holder's use of this card constitutes agreement to the terms and conditions imposed by the Bank." Why does one need to sign it to agree if simply using does the same?
Re:Almost useless (Score:3, Informative)
Then you should also say "thank you" to the cashiers who confiscate your card. They are the ones who are actually following the terms of their merchant agreement.
You see, the signature on the card is not meant as proof of identity. It is meant as proof of contractual agreement. As in you've signed the contract which requires you to pay for charges made with the card under the terms spelled out in little tiny print on that document that came with the card.
Thus, if there is anything other than a signature in that box, the contract is void and so the merchants are required to confiscate it and certainly should not be allowing you to use the card to make purchases since you are not legally bound by the contract.
That should also explain why the merchants require that you sign an unsigned card and then let you use it. Not that most register peons are going to know the "why" behind the rules, they just follow them, probably because their managers don't understand them either.
Technically, as long as you have signed your card, it should be usuable by anyone whom you have authorized to use it. Thus this recent trend towards verifying signatures is misdirected. Anyone who has been authorized to use the card by the owner can legally do so, and thus should sign with THEIR name, not forge the card holder's name. But, just try explaining THAT to a register peon...
You may disagree with this policy, but it is in the contracts that both the merchants and the cardholders have agreed to.
Re:Starbucks (Score:3, Informative)
Similarly merchants are not allowed to deny purchases below a certain amount. Any of those signs "No credit card purchases below $10" are a breach of contract. Merchants don't want to pay the credit card fee for such small purchases, but if they want to allow credit card use at all they must.
(I used to work for MasterCard)
Minor authorization... (Score:3, Informative)
I have never punched in my zip wrong, since I want to get my gas, not test the theory that it would cause an authorization problem.
Matching the billing zip to the card might prevent a little fraud - especially at a gas pump which has no signature or even a human attendant. I wouldn't be surprized to see more of it. Lots of places already make the clerk punch in the last four digits, to make sure the embossed number matches the magnetic number, what's another few digits?
Re:"Check ID" is against policy (Score:3, Informative)
Re:Not SUPPOSED to be a security feature! (Score:2, Informative)
http://www.usa.visa.com/business/accepting_visa/o
Re:Some things to consider (Score:3, Informative)
I do not think you are getting the point. I can offer my ID to the cashier all I want until the pigs can fly but that is not the point. You think a thief would offer his (or her) ID? I want the cashier to voluntarily want to check my ID for transaction greater than a certain monetary amount.
Personally, I sign the back of my credit card normally but was arguing as a devil's advocate. However, this conversation has now made me want to sign "This card is stolen!" on my high purchase CC to see that that gets a response.
Re:Almost useless (Score:3, Informative)
What they typically use that data for now is online orders or "card not present" orders. It's a way to validate when do a "card not present" transaction. Most banks require this now for retailers doing online transactions. There are only two bits of info that should not be stored on the mag stripe. One is the CVV data and the other is your PIN number.
For those that have access to mag stripe readers, especially ones that use keyboard input, try running your card through and dumping out the data sometime. You will see exactly what is on them (if your reader supports more than track 1 and track 2 reads that is). Last time I did, my AMEX, Discover, and VISA all had my name on there, card number, expiration and a few other numbers noone typically uses for transactions.
Re:Almost useless (Score:5, Informative)
On the other hand, I have had people with unsigned cards argue with me that they don't sign their cards so a thief can't copy their signature
I usually advise them that an unsigned card is not valid (it's written right under or over the signature line) and that they will have to sign the card in my presence and provide ID to verify the signature. Otherwise they have to come up with cash or another valid form of payment.
Perhaps if more merchants actually read the agreement that they sign there would be more protection for the card user. I don't expect it to happen any time soon though, there are still "$10 minimum for credit card purchases" signs (Visa and Mastercard do not allow minimums, Discover does) and merchants who want your phone number before they swipe a card (personal information as a requirement for purchases is a violation of the merchant contract)
If you really want them to look at photo id, get a card with your photo on it. Otherwise "rules is rules" and they should be followed on both sides.
Re:Not in the UK. (Score:3, Informative)
It has been changed, no company can require that you give them your social security number since about 1999, I don't remember the exact year but I remember when they enacted it. It is for security purposes and also because the number belongs to the government (just as a tax ID) and not the individual. SSN FAQ [networkusa.org]
Re:Not as bad as you think (Score:3, Informative)
Re:Not SUPPOSED to be a security feature! (Score:2, Informative)
In particular, check out Step #6 of "Quick steps to Visa Card acceptance":
6. Check the signature. Be sure that the signature on the card matches the one the transaction receipt.
USBank does (or did) (Score:1, Informative)
I have a USBank Debit/Check Card and use it all the time as a credit card. When I signed up for the service a couple of years ago, the USBank Rep told me to always hit "credit" at businesses when buying or I would be charged the standard "out of network ATM Processing fee" just like if I was using an ATM machine that wasn't USBank branded.
Re:VISA Checked Our Signatures (Score:3, Informative)
I don't really have anything to add to this except "me too"
I could walk until last year. As a matter of fact *checks calendar* one year and one day exactly is when the pain started. This is relevant because it's important to me to find ways to be as productive as I used to be. When I reach a credit machine that's too high and/or doesn't tilt; I ask them to print a paper receipt to sign.
I have yet to be in a place that won't do that if you request...
Re:"Check ID" is against policy (Score:1, Informative)
Alright genius... (Score:3, Informative)
here is the text from your link:
Step one is to ensure that the CARD MUST BE SIGNED in order to ensure that the cardholder has agreed to VISA's policies. So again, what was I wrong about?
Re:Almost useless (Score:3, Informative)
(This is from advice given to me by my bank.)