"Personally, I have been known to sign on the dotted line with a doodle of a piece of tofu and no one has ever stopped me, because signatures mean very little in this digital age."
This has absolutely nothing to do with us being in a so-called "digital age". Signatures have been completely ignored by virtually everyone except autograph hunters since basically forever.
The problem is that the person receiving your signature usually has no way to verify that the signature belongs to the person authorized to whatever it is you signed for. In the case of credit card signatures, the best they can do is try to match your signature to the one on the back of the card. I think I've had that happen exactly once in my life.
Even there, the possessor of the card can easily replace the signature on the back with another one with minimal forgery skills, or even scrawl something vaguely resembling the signature on the back of the card and get away with it. Nothing "digital" about this forgery or the lack of attention or care from the people receiving it.
Banks are really in the best position to verify signatures on checks that they get. They could potentially access a huge database of authentic signatures from previously cashed checks and do some sort of AI pattern-matching against the signatures they get before cashing them. But do they? I don't know. But I very much doubt it.
Besides, at least in my case, my own signatures vary pretty widely from other ones I've signed in the past. Sure, there's some resemblance, but they're far from exact copies of each other, and a forger wouldn't have to try very hard to sign a similar one after glancing at a sample.
Your bank is the only one who would be verifying your signature.
When you call to dispute a charge, your credit card company contacts the original merchant. They can either request information from them about the purchase, or just immediately side with you (a chargeback). If they perform a chargeback, the money gets removed from their merchant account and deducted from your bill, and they get hit with a chargeback fee.
One of the reasons merchants collect the signature is to have more data to give to the credit card company during an inquiry, or so they can try to dispute the chargeback. If you claim you never made the purchase, having your signature on a slip helps the merchant with the dispute, as would having you on video signing for it. Credit card companies side with the customer a vast majority of the time, but if the merchant has reasonable proof that you knowingly made the charge (which might include that signed slip), the merchant can win those disputes.
Previously not having a signed credit card slip usually meant the credit card company automatically sided with the customer over the merchant. I doubt dropping this requirement will make it easier for merchants to win chargeback disputes, though.
The card issuer will only reflexively side with the purchaser if it's a small purchase. And if the merchant has definitive evidence it really was you they will win (for some products, like the Priceline thing where you get a hotel but you don't know which until you've paid, having this locked up is absolutely essential).
I bought a flat yesterday. The final stages involved going to a bank and signing about 50 pieces of paper, then signing more with the realtor who also had to arrive at the same time.
I couldn't help noticing that my signatures were very very different on the first few papers I signed compared to the last few.
I think I was suffering from signature fatigue, but despite everybody exchanging passports and IDs, I wonder if I could come back later and "prove" the signatures on some of the papers were not my own - after all they look so different..
Signatures on important documents are often witnessed, and it's more about having some mark on the page that indicates 'yep I agree to this too' in case of dispute.
You can pretty much write your name any way you like; as you say it would come down to an argument of you saying it wasn't you and a reasonable arbiter deciding how likely it is that the pages you're disputing have been added after the fact
The bank's camera could prove you were there, and the GPS in your phone (e.g. Google Maps) could as well. It can work in your advantage or disadvantage depending on the situation.
In the case of credit card signatures, the best they can do is try to match your signature to the one on the back of the card.
And even that "best" attempt is pathetic on the face of it. What, the person behind the counter at 7-11 is now supposed to be an expert in graphoanalysis? "In between cleaning the bathrooms and stocking Coke, you have to verify the authenticity of the signatures on these contracts."
I once got a call(or email to call them I don't remember which) from my bank about a check I had hastily scrawled out. They said it was suspicious looking and they wanted to verify that I had actually written and authorized the check. I'm guessing that means they have some sort of handwriting AI flagging checks that don't match the usual style.
For checks I think banks definitely do this as I've also had a similar call. But I guess it comes down to volume and logistics. When you write a check your bank receives the original or copy of the deposited check. Credit card receipts go to the card processor who then deduct it from your account. I write at most 2 checks/month. I run 10 transaction per day for my card.
Checks have very little metadata to help in identifying fraud. CC transactions have time, location, and behavioural patterns to aid in catching fraud.
Many banks in the US don’t get the original checks anymore. The deposits are done purely electronically, and the only thing the bank gets is a very low-res image of worse quality than a bad fax. And that’s all they store.
Hand-written signatures seem to be one of those silly little rituals we all do without knowing why and despite it not actually accomplishing anything. A picture of my name being on a document does not in any way show that I read it or even drew the picture myself, nor does the absence of a picture of my name show that I didn't read it. Yet we all play make-believe.
It's not exactly make believe, it's about transferring crime to one that may be easier to prove (and therefore easier to prosecute) or which has a harsher sentance.
If you didn't have signatures, it would be difficult to prove that someone was trying to steal your money if they paid with your card. They could come up with all kinds of excuses, such as "I thought it was my card", etc, to confuse the process.
With a signature, it doesn't matter if the person signs it mickey mouse, because it's not what is signed it's the act of signing itself which then puts fraud into play. They are signing that they are you, and at that point fraud is much easier to prove, since you can produce a video of them signing that they are you.
Also, the punishment is no longer dependent on how much they took or tried to take, because it's no longer about the taking of the money itself but about the fraudulent actions to do so.
Much of the financial system, particularly the older parts, are set up in the same way.. where security isn't about preventing the money being stolen, money can be easily corrected later (just edit it back into the account), it's about making it easy to catch and prosecute offenders. It's not difficult to rob a bank, you can just walk into a bank, ask for the money and they'll give it to you, it's difficult to do so and keep the money after-ward.
Security is provided by the legal system, not by ever stronger locks. I wonder if there's any way we can learn from that to improve security elsewhere such as online, or whether the international nature of the internet means that that model is broken. (For example see the SWIFT hacks, if they were carried out by NK then the legal system no longer works as a deterrent).
Thank you for the insightful post on the interaction of security and the legal system -- including the question of whether the internet can benefit by that approach.
Somewhat related to "money can be easily corrected later", digital system designers increasingly accept their system will get cracked into and the main issue is how to recover from that (at least operationally).
Even more important than the legal context, is the business case. Fraud for modern financial institutions is like deaths caused by self-driving cars.
+ It is a trade-off between costs of the fraud detection system versus money lost through fraud.
+ It is a trade-off between time it takes to do proper fraud detection versus losses by slower payment processes.
I don't know about papers in this direction. Would be a fun read. A bit like the effect of voluntary disclosure of evaded taxes like in this working paper: https://www.econstor.eu/bitstream/10419/110841/1/cesifo_wp53.... Is the net effect beneficial or does it lead to more tax evasion?
If it was you that wrote it, then it has some legal weight. It doesn't indicate that you read something, but that's not the point; it indicates that you're agreeing to be bound by whatever was written.
There's inherent difficulty in proving that it was actually you, but that gets handled as its own problem. Someone forging your signature could get you dragged into court for breach of contract.
The problem is that the person receiving your signature usually has no way to verify that the signature belongs to the person authorized to whatever it is you signed for.
It's worse than that these days because you normally put your signature on a totally-broken too-small stylus pad that doesn't look as good as your worst ever pen-on-paper signature. Even if I made my best effort at most POS machines, it couldn't be used to prove anything.
I've made that remark, actually, that "These things are too illegible to be used to prove anything". At least once, the clerk (or bank teller - I forget which) corrected me, saying that they actually have been successfully used to prove something. (I didn't get details...)
>Banks are really in the best position to verify signatures on checks that they get. They could potentially access a huge database of authentic signatures from previously cashed checks and do some sort of AI pattern-matching against the signatures they get before cashing them. But do they? I don't know. But I very much doubt it.
I know for a fact that Bank of America does this. I've been stopped on multiple occasions there after trying to cash a rent check from my girlfriend that I filled out and signed for her. It's kind of annoying but I'm glad theyre doing it.
It has more to do with chargebacks than verifying at the time of the sale, as far as I know. If I claim I don't recognize a transaction, the business can defend themselves a little if they have my signature recorded for that transaction.
You mean the signature that was scrawled with a finger tip on a 4” touch screen? Yeah, that’s going to match what I wrote on the back of my credit card exactly.
I think it is for just this reason that MC is ending the signature requirement. They’re ain’t defendin’ shit if they think they’ll convince anyone that the 100 pixel-wide smear was done by me and not someone else.
I once had someone at a gas station try to verify my signature against the card. I have always signed things with arbitrary (though lately, consistant) scribbles.
They tried to claim that it couldn't possibly be my card because they didn't match. After a few minutes of back and forth with the cashier I realized that I had already paid for my chips and smokes, so I just grabbed my stuff and left.
>I think I've had that happen exactly once in my life.
I haven't signed my cards in years. I know they technically say they are not valid unless signed, however it's not a problem around here: on the other hand, many stores will not sell anything with only signature validation any more (PIN+signature was never a thing here, and with PIN your card is not in the interests of cashiers).
I tend to keep my cards loose in my pocket - this results in the signature strip only lasting about 6 months. Literally no one has ever given me any grief (in the US).
> I think I've had that happen exactly once in my life.
Heck, back when you had to hand over your card for the cashier to swipe it, I'd write "check id" on the card's signature line, and I had maybe three people total ever ask me for my ID.
So is leaving it blank, but from many years working retail I can attest this is the defacto state of most credit cards. For what it's worth I have "Please verify ID :)" written next to my signature on mine.
It was against the agreement then, too (but commonly advised anyway). It is probably against merchant agreements to accept a card that is unsigned as well.
What's the thread model here? You lost your card/it was stolen, but you haven't noticed and canceled it yet? Isn't it more likely that your card data is scraped up in a data breach or something, in which case your card is still in your wallet? Even if it was very recently lost/stolen, you're not liable for illegitimate charges as long as you report them promptly, so wouldn't it be better to just keep track of your cards?
> The problem is that the person receiving your signature usually has no way to verify that the signature belongs to the person authorized to whatever it is you signed for
And that's why most of the rest of the world uses pin numbers instead of this signature farce
Or, you know, ask for some ID. "but it violates the card agreement" card companies can go take a hike
Mastercard did not just “finally” realise this. They realised it back in the 90s when they were involved in the creation of EMV, which replace the “signature” method of cardholder verification with PINs.
Signatures have been all but obsolete for purchases in Europe for years; I can’t even remember the last time I used it here. Everything is contact or contactless EMV now, authenticated by PINs.
Canada as well. We transitioned later than the EU, the big push started in the late 2000s and they just recently finished the last of the liability shifts to the merchant (some gas pumps got an extension since they were more expensive to upgrade). Aside from BC Ferries, I haven't had anyone swipe my card in years, and most transactions are contactless.
When I was in Belgium last year, with my American chip-but-no-pin credit card, the terminal would just spit out an extra long receipt and the slightly confused cashier would say, "oh, you have to sign ... somewhere" since there wasn't a line or spot for it.
Similarly, every time I am in America (although last time was a already a long while ago) with my Belgian chip-and-pin credit card, the terminal would show a cryptic error message with a slightly confused cashier saying, "sorry, your card doesn't work" (or sometimes: "is refused"). Queue me pointing to another terminal: "don't swipe the card, insert it in the sleeve and let me enter my pin."
Same problem at shopping malls in China, by the way (where the language makes the explaining even more fun).
When paying with a German bank card in Germany (especially in supermarkets), you’ll sometimes be asked for a signature instead of a PIN. This usually means that you give the merchant a mandate to debit your bank account directly rather than having the credit card networks process the payment, resulting in lower fees.
Italy: I've never been asked for a PIN, which I don't remember and I'm happy not to have to. It was swype and signature, then it became chip with signature and it's contactless without signature now, but only for amounts under 25 Euro, I think.
Also Italy: I've never signed when paying with my card, whether chip or contactless. Always PIN, except if it's contactless and the amount is low, in which case no PIN. This is also what I see when I see others pay for things in shops with their card. Not sure how to match this up with your experience...
Different regions? Milano here, but I really never used a PIN even when I used my cards in other cities around the country. If some shop asks me for a PIN I would have to pay cash or with the debit card.
Oddly enough I got a Gold MasterCard from a Luxembourgian bank (Advanzia) that almost (but not always!) asks the payment terminal for signature instead of the PIN.
PINs are a lot more dubious. If you get fraud on your account that is verified by PIN, then you will have an impossible time charging it back in the case of fraud. So PINs are safer for merchants and for credit card companies, but less safe for consumers if there ever is fraud. It's the exact opposite of what you would expect.
If you pick a common 4-digit PIN, there are 10 000 possibilities for your PIN code. Given that your card will block after 3 incorrect tries, the probability that a thief will correctly guess your PIN code is ~0.03%. If you pick a 5- or 6-digit PIN, that probability is 0 for all intents and purposes, since it's extremely likely that the thief will assume a 4-digit PIN.
In most countries, you cannot choose the length of your PIN; often it is limited to 4 digits, and e.g. some ATMs don't even wait for you to press enter after you enter the fourth digit (UK).
In Australia you can choose a PIN up to 6 digits, though the banks may warn you that a >4 digit PIN can be problematic in countries like, well, the UK I suppose.
edit: huh, it's actually more than 6. According to Commonwealth Bank, it can be up to 12.
Given no one checks card signatures, a signature based system relies on you reading your statement carefully and going through the process of disputing a charge, and depending on the scale of the fraud you may well not notice.
With a PIN based system, on the other hand, they're blocked from making the transaction to begin with.
It’s my understanding that this isn’t totally true. You are liable for the fraud if you have been “negligent” with your PIN and stored it insecurely or divulged it. If the fraudster obtained it through some other means then your bank is liable. It’s true that the merchant isn’t liable.
At my local food cart station, I've had to sign for transactions on a sticky 4-inch iPhone screen held in the vendor's hand. She told me most people just drawn an X.
The usefulness of signatures as a means of verification reminds me of the scene from The Fugitive where Kimble saves the kid's life by scribbling an illegible "doctor's" signature on a medical order:
https://youtu.be/nxotPpVYVcc?t=95
Signatures are really only useful as an indicator that you agreed to something in entirety, it clears up legal grey areas.
So, when a judge asks "did you agree to this?", you can't say "I agreed to X not Y". Instead they can say "is this your signature?" and the intent is clear. It's really just a symbol of total agreement.
For important documents, I have a neat and legible signature. But for CCs, I've been doing this for a long time now. Just a wiggly line, whether on screen or on paper. No one's ever challenged it.
More accurately the American system is obsolete and stupid. (Yes I know downvote away).
Last time I signed anything card related was 2012 (their card reader was malfunctioning). Oh and of course my 2017 US trip...signed lots of things there.
Enjoying the UK system. Especially their tubes & trains allowing contactless. Very convenient with a corporate card that pulls through to expense system. That way I know anything on there = I meant to expense that when I took the trip.
For years I've ignored the signature field on the back of my credit card and put "SEE ID" instead. In the event the cashier actually checks it, they'll be prompted to check my identification. I've been asked for ID in this way probably a dozen times, in as many years.
For Visa, the merchant should ask you to sign the card anyway. "See ID" is the same as no signature, which means the card is invalid. Other credit card companies are probably the same.
> “See ID”
> Some customers write “See ID” or “Ask for ID” in the signature panel, thinking that this is a deterrent against fraud or forgery; that is, if their signature is not on the card, a fraudster will not be able to forge it. In reality, criminals often don’t take the time to practice signatures. They use cards as quickly as possible after a theft and prior to the accounts being blocked. They are actually counting on you not to look at the back of the card and compare signatures; they may even have access to counterfeit identification with a signature in their own handwriting.
> In this situation, follow recommended steps listed above under Unsigned Cards
> Unsigned Cards
> While checking card security features, you should also make sure that the card is signed. An unsigned card is considered invalid and should not be accepted. If a customer gives you an unsigned card, the following steps must be taken:
> • Check the cardholder’s ID.
> Ask the cardholder for some form of official government identification, such as a driver’s license or passport. Where permissible by law, the ID serial number and expiration date should be written on the sales receipt before you complete the transaction.
> • Ask the customer to sign the card.
> The card should be signed within your full view, and the signature checked against the customer’s signature on the ID. A refusal to sign means the card is still invalid and cannot be accepted.
> • Ask the customer for a different signed Visa card
That's a great idea, actually. I keep ID at the ready and my cards are all unsigned. If they want signature verification, the back of the card is a silly place to look for it - as it can be signed by anyone. It could be a fake ID, but that's more difficult and less likely.
Sadly, very seldom does anyone even look to confirm it is even signed.
By writing "SEE ID," a malicious cashier can now get your credit card and ID-- enough info to impersonate you in some scenarios, make online transactions, deliver things to your address and steal them, etc. Yes, you have to show it in some transactions (purchasing alcohol, for instance), but those are rare. If you're asked for it for any reason at all (ex-- "to prevent fraud") that's a red flag, and a violation of the vendor-card agreement. It's not like the "SEE ID" thing would protect you from fraud when so few cashiers actually look at it anyway.
> I doubt any merchant ever has been punished for violating the cardholder agreement in this fashion.
There used to be forms on the Visa and MasterCard site to report this specific violation. So, yes, I imagine some merchants were reprimanded for requiring ID.
It isn’t a great idea. I used to do it (See ID), but it is actually not compliant with the credit card agreement. The post office by me refused to accept cards marked like that.
> It could be a fake ID, but that's more difficult and less likely
My parents used this system. When they'd send me to the store with their card, I'd just say I didn't have my ID on me. Never had an issue. (Note: don't do this without the cardholder's permission.)
Disclaimer: I am not a lawyer. This is not legal advice.
I haven't signed a card in 15 years. No one has ever asked me about it and I don't think they have ever asked for ID. I figure I'll sign it if asked, but it's never come up.
I don't know if it's the same across the entire US postal system but my local post office won't let you pay with a card if it's not signed. "See ID" doesn't cut it.
Australia recently went through a very strange process in which signing was removed as a requirement for credit cards, with a pin being required instead.
Goodness knows what it cost but there was a giant campaign to get everyone to ensure they had a pin number on their cards.
And at the same time, you can use PayWave to just wave a credit card for a transaction with no PIN required - presumably for smaller transactions. Even so it was strange to go through this giant campaign of ensuring your card has a PIN and then not needing it. "IMPORTANT! Ensure you have a PIN on your credit card! (although you won't need it)".
I've wondered what sort of security issue PayWave is..... what if somehow a criminal got a PayWave reader and surreptitiously touched it to everyone's bag and pocket on a crowded train? Is there a possible exploit there somewhere?
Are you Australian? I don't think you understand what happened. The change wasn't removing signing as a requirement, it was removing signing as an _option_. It hadn't been a requirement in years (decades?). When I was working in fast food someone tried to use a signature roughly once a day max and typically they were using a business account.
> Goodness knows what it cost but there was a giant campaign to get everyone to ensure they had a pin number on their cards.
I never saw this... It was widely reported in the media but use of signatures was rare enough that few people cared.
> And at the same time, you can use PayWave to just wave a credit card for a transaction with no PIN required - presumably for smaller transactions.
Not presumably, the maximum is $100 and when you reach the $100 limit you still wave, you just need to enter a PIN afterwards.
> I've wondered what sort of security issue PayWave is..... what if somehow a criminal got a PayWave reader and surreptitiously touched it to everyone's bag and pocket on a crowded train? Is there a possible exploit there somewhere?
It's not bulletproof but damage is pretty limited:
- If you use an actual portable payment terminal to process transactions on the spot, the fraud rate will be incredibly high and you're not likely to keep any of the money. The transactions will be reverse and you'll be fined and/or prosecuted.
- If you capture a token and try to use it, you have to do it before the actual owner does because if the bank sees tokens out of order it'll freeze the card.
- Banks have pretty good guarantees on contactless fraud.
Good post, thanks. Australia really is on the forefront of this; we may be behind on a lot of other things, but not NFC payments.
Edit: And my Samsung Pay works contactless as well, and is linked to my bank account same as my MasterCard plastic - but with the added advantage of giving me instant electronic receipts.
We really are. It seems crazy that Australian banks had contactless phone payment apps (that actually worked pretty much everywhere) before Google and Apple.
> I've wondered what sort of security issue PayWave is..... what if somehow a criminal got a PayWave reader and surreptitiously touched it to everyone's bag and pocket on a crowded train? Is there a possible exploit there somewhere?
Yeah, I thought about that too. On the plus side, Apple Pay works pretty much anywhere PayWave is accepted, and Apple Pay requires a fingerprint or face.
Good luck at preventing all transactions with that PayWave reader being flagged as fraud. You'd need to somehow launder the reader by using it in large amounts of legitimate transactions.
I'm pretty sure the wireless tap is some form of challenge response/one time password so it's probably not a huge issue. It's not like they can make unlimited purchases just by reading it. It's slightly more secure than just a credit card number.
Basically - yes, it's more secure than just a credit card number, though if it works the same way it did in 2012 there's still all sorts of shenanigans you could pull.
Before we pop the champagne, note that we still have minimal PIN penetration in the US, even with EMV cards, and it's up to the merchant to decide whether or not to require the signature. Legalities could mean that merchants feel safer still requiring a signature, so until PIN comes through everywhere (or alternative auth/verification/etc. approaches), we may not get the ease we are hoping for immediately.
If MasterCard isn’t going to offer lower rates for card present w/ signature vs card present w/o signature then you can guarantee smart retailers will choose to opt out of signatures. Instantly shave 5-30 seconds off your average transaction time.
> Instantly shave 5-30 seconds off your average transaction time.
McDonald's clearly cares about this. They have the fastest card readers around. I've always wondered if they are actually running the transaction in real time, or just collecting the card info and running it later, accepting the losses from the occasional bad read.
Yep, I have a half dozen credit cards in my wallet and a few more in a drawer and I have no clue what my PIN is for any of them (or if I even have one). The only PIN I know is the one for my ATM card.
As far as I can tell, it is an US thing. I can't speak for other countries in the Americas, but when I was in Europe briefly a few years ago, what few purchases I made with a card were all done chip & pin.
In the US, that signature is a on a line right next to the words "I agree to be bound by the cardholder agreement", or some similar language. If I had to guess, the signature was originally supposed to be a mini-contract that yes, you're going to pay back the card company for what they just paid on your behalf. I don't know if such has ever been been taken to court to be enforced, however.
Waiters will chase after you if you forget to sign your check, because they must provide a signed receipt to their merchant account provider if you initiate a chargeback, if they want any chance of fighting it. I'm not sure why they just don't scribble a random signature in for me, because that's all I do when I sign it.
Probably because that's called forgery, and if they were caught doing it it would be a much bigger deal than not getting their money from that transaction.
If the intent is to fight chargebacks, then a false signature seems even worse. A signature that isn't remotely similar to the cardholder's seems less likely to be successful than a blank signature, and presenting such a document may well be fraud.
It is an American bank thing. When I use my American Visa card in the UK, I still get asked to sign. They end up not having a pen because locals never need to sign. I started using apple pay to avoid this. Contactless payment is much more popular in Europe.
Yes. We have to sign for purchases over $25 at retail. It's like the signature on the bottom of the check. If there is a fraud claim they'll trot out the signature as one of the evidences and compare to the card holders - at least in theory.
It varies wildly whether you will have to sign when using a credit card, and where and what size of purchase requires it. Some places, I have to sign for a $0.99 pack of gum, other places I can buy $200 worth of groceries without a signature. Sometimes it's even different at the same places day to day.
And only for retail. And the store is supposed to check your ID if there's no signature on the card (which is stupid, because they're not comparing your card's signature to your current signature). It's just a way to push back fraud charges onto the merchants.
The question I ask is: do signatures reduce fraud? I don't have any data, but my expectation is that fraudsters are less likely to go for it if they have to sign... i.e. the psychological barrier is more important than the obvious unenforceability of the signature as a bona fide.
Fraudsters = people trying to get free stuff, as well as merchants putting through bogus or altered transactions
By the time they’d need to scrawl a line on a receipt, a thief has already stolen a credit card or purchased a number and printed/magnetized a card. A signature at checkout isn’t going to deter that person.
...but my expectation is that fraudsters are less likely to go for it if they have to sign.
This won't work if they've worked retail and realized that most cashiers don't check (it isn't worth it) and that most folks scribble their signature so sloppily - or with a line - that it doesn't seem to make a difference anyway.
I'm visiting the US currently from the UK and am bewildered that signing is still how the majority of transactions are handled. Chip and pin has been the standard for years at home (and most of the EU, and more). How/why has it taken so long for the US to catch up? It's like going backwards in time...
(the NY subway ticket system is similarly archaic!)
> How/why has it taken so long for the US to catch up?
A significant part of this is differences in credit card usage patterns. It's fairly common in the US for people to have a large number of credit cards (think ~10), not least because various stores have their own cards which get you discounts. From what I can tell, other places people have a much smaller number of cards.
If a person has 10 cards, and each of those card issuers wants their card to actually be used, the game theory is against them making the person try to remember a PIN to use their card. Even if you posit that they can solve the coordination problem and all agree that they will simul-roll-out a requirement to use a PIN (which is not trivial at all, given lack of widespread support in terminals), they all worry that with 10 PINs to remember the cardholder will just say "screw it" and stick to using only one or two cards, and it won't be theirs.
Yes, the cardholder can go through the trouble of changing PINs so they all match. But then you have to gamble on them doing that...
So that's one reason issuers haven't been pushing very hard for chip+PIN.
The US was the originator of credit cards, and the number of merchant deployments here was one or two orders of magnitude bigger than in Europe when EMV was standardized, so the cost to retool was dramatically higher.
Next, credit card fraud in the US is currently limited through various Orwellian big data measures, whereas Europe was rife with credit card fraud when EMV was originally deployed, so the cost benefit analysis made it much more appealing in Europe.
Basically, path dependency is a thing. Americans routinely use checks to pay rent for similar reasons.
PINs require you to remember them, and they aren’t actually required to solve the main fraud problem. The card companies decided Americans would spend less if presented with the hassle; who knows if they were right.
Physical credit card theft is a negligible source of fraud, it’s all about card cloning, which EMV does a moderately good job of preventing.
My wife has to pay her rent at her office via check. The landlord requires it. We were dumbfounded at first, but then we just accepted that we have to play by his rules.
Prior to that event, I can’t think of any transaction we have had in decades here in the US where we were required to pay by check. Cards or electronic payments of one sort or another have almost always been available to us.
As a Canadian, I haven't signed my name on credit card receipts in years, like the past 10 at least. The only time I do that is when I visit the States.
I don't remember the last time I signed a payment slip. It must have been the last time I visited the US, some 10 years ago.
I live in France and my VISA and Mastercard cards have a chip which is universally used in Europe (France is at the low end of CC use, discovering contactless payments since two or three years. Germany is even worse. At the other side you have Estonia or Poland which could well be cashless).
There is still a place for a signature, which I leave empty or write "check ID"
German here - I'm not hugely paying attention to this and also mostly using a PIN for Maestro/EC and Credit Card - but cashiers here more like 80% at least look at the signature and the back of the card.
Then again, even writing weirdly never really triggered a response...
If my barista is busy and I'm supposed to sign the Square tablet receipt, I sometimes leave a little doodle of a bunny sitting under a tree, or seagulls soaring above my sig. It's actually a great way to de-stress.
What I don’t comprehend is how you can do that quickly enough for it to be useful as a signature.
If I was going to draw a bunny or a seagull, it would take at least several minutes, if not an hour or more. And even then, it would be horrible looking.
For a while I've been making the joke that you could draw a flower when asked for your signature and nobody will care. I've had to pay with other people's cards and signed in print. Nobody cared each time.
until you go to Europe.. make them search for a pen for your 'American' card and you do a simple signature and they look at you (and even tell you) their incredulity to your signature! (happened to me more than once a few months ago, one cashier actually got upset at my simple signature)
I've always assumed that signatures were purely for some form of potential legal proceeding where they court can ask, 'did you sign this?' -- and nothing more.
There are two grocery stores in my town, one takes Android Pay and the other does not.
Considering the price advantage changes week by week, the sole major differentiator in my routine is what payment methods they accept, and that makes me to go to the one with Android Pay almost exclusively.
I really hate how a year ago it seemed rollout was better than it is now. Every damn store and restaurant is trying to use their own app as a payment system rather than just using Android Pay, its bad enough that the local Burger King told me they the Android Pay no longer worked on the terminals and to use the app instead, which wasn't NFC based and required me to reenter my card info to start using it...
Signatures? Haven't signed anything card related in Australia for years. NFC and pin if over AUD100 is how we do it now, mostly (there are still a few left overs where you must insert the chip).
I draw a cute little animal on the signature line (the species of which I'll keep confidential for security reasons) and nobody has ever noticed or questioned it.
Because I saw it on /. and thought the Fast Company link was the original source. Turtles all the way down, or something; should have paid more attention.
This has absolutely nothing to do with us being in a so-called "digital age". Signatures have been completely ignored by virtually everyone except autograph hunters since basically forever.
The problem is that the person receiving your signature usually has no way to verify that the signature belongs to the person authorized to whatever it is you signed for. In the case of credit card signatures, the best they can do is try to match your signature to the one on the back of the card. I think I've had that happen exactly once in my life.
Even there, the possessor of the card can easily replace the signature on the back with another one with minimal forgery skills, or even scrawl something vaguely resembling the signature on the back of the card and get away with it. Nothing "digital" about this forgery or the lack of attention or care from the people receiving it.
Banks are really in the best position to verify signatures on checks that they get. They could potentially access a huge database of authentic signatures from previously cashed checks and do some sort of AI pattern-matching against the signatures they get before cashing them. But do they? I don't know. But I very much doubt it.
Besides, at least in my case, my own signatures vary pretty widely from other ones I've signed in the past. Sure, there's some resemblance, but they're far from exact copies of each other, and a forger wouldn't have to try very hard to sign a similar one after glancing at a sample.