Theres a loophole in Australian regs that I recently noticed. With a foreign card on credit, you can swipe and OK past the PIN prompt with no PIN. Most merchants don't know they are supposed to sign and verify after that.
Of the dozen times i've tried it i've been prompted once to sign - and in that case the card had no signature on it and the merchant waived it away.
I'm in the process of figuring out the scope of this issue and how to fix/report it - I think the solution will be for terminals to enforce prompting for ID/signature
> I'm in the process of figuring out the scope of this issue and how to fix/report it
Don't bother, the merchants and card issues are well-aware of this. You're supposed to reconcile your card statement with your expected transactions, and dispute irregularities. If you attempt to fraudulently claim that you didn't perform a transaction, the issuer goes to the merchant to get a copy of the signature & uses it as proof you authorized the transaction.
If a fraudster forged your signature, you simply assert that the signature is not yours. If you attempt fraud here (sign in an unrecognisable hand), the fraud investigations will try to put you at the scene with CC TV recordings/handwriting matching/etc. Hopefully you have not signed any affidavits that the signature is not yours, because then you'll be up for perjury as well as fraud.
pin-bypass is pain.
until people are all moved to just be chip/pin or even just pin then the only way is to add a bunch of prompts to hopefully force the staff to check for signature or to add delays/confirmations to make the process too annoying and force the customer to change.
Of the dozen times i've tried it i've been prompted once to sign - and in that case the card had no signature on it and the merchant waived it away.
I'm in the process of figuring out the scope of this issue and how to fix/report it - I think the solution will be for terminals to enforce prompting for ID/signature